On Jun 26, 2014, at 1:56 PM, Trevor Perrin <[email protected]> wrote: > On Thu, Jun 26, 2014 at 10:39 AM, Daniel Kahn Gillmor > <[email protected]> wrote: >> >> My main concern with this proposal is the possibility of further >> fragmentation by the creation of yet another set of curves. > > Yeah, if you want to see the confusion that already exists, read the > W3C discussion on adding Curve25519 to WebCrypto (why not Brainpool? > why not BADA55? Microsoft jumps in pushing their curves, etc): > > https://www.w3.org/Bugs/Public/show_bug.cgi?id=25839 > > IMO for mainstream purposes the world only needs Curve/Ed25519 and > *maybe* an extra-strength curve. The faster people coalesce around > choices and work out engineering issues the better. More curve > families not helpful.
I figured you’d be against :-) Anyone else want to weigh in on this? By the way, a small Boggle board has approximately 55-60 bits of entropy if I calculated correctly. I’m having trouble imagining an attack which would allow a reasonable probability of success with half this much entropy. So if several boards are used, casino-grade attacks aren’t going to be enough, you’d have to go to magic-trick level. Cheers, — Mike _______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
