On 2013-11-10 22:24, ianG wrote:
The best I've seen so far is as found on this site
http://safecurves.cr.yp.to/ which seems to say (my reading only) that
the prior standards work on curves is suspect, but we can do a good job
ourselves if we recalculate to best of ability (us meaning not me).
But we really don't know. Meanwhile, as a side pointer as to how far
the 'defaults' trap has taken us, here's another pointer [0]:
That the curves NIST wants us to use are not very efficient would
suggest that they cannot break just any curve, only some special curves.
If they could break any curve, would have recommended some
more efficient curves.
The mathematics of elliptic curves makes it unlikely that there is any
general solution to the discrete log problem.
It also makes it likely that there are lots of classes of special curves
that do have fast solutions to the discrete log problem.
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
