Having read the mail you linked to, it doesn't say the curves weren't generated 
according to the claimed procedure.  Instead, it repeats Dan Bernstein's 
comment that the seed looks random, and that this would have allowed NSA to 
generate lots of curves till they found a bad one.  

it looks to me like there is no new information here, and no evidence of 
wrongdoing that I can see.  If there is a weak curve class of greater than 
about 2^{80} that NSA knew about 15 years ago and were sure nobody were ever 
going to find that weak curve class and exploit it to break classified 
communications protected by it, then they could have generated 2^{80} or so 
seeds to hit that weak curve class.  

What am I missing?  Do you have evidence that the NIST curves are cooked?  
Because the message I saw didn't provide anything like that.  

The cryptography mailing list

Reply via email to