On Oct 20, 2015, at 6:41 AM, Jason A. Donenfeld <[email protected]> wrote:
> the scope of hypothetical future attacks is boundless. That is and will continue to be the case for everything until someone proves that P!=NP. > So how does one make a decision here? Like everything else, you have to weigh the costs and benefits relative to your own risk posture. Personally, I feel quite comfortable with curve25519 for anything short of guarding a nuclear arsenal. But this is a decision that everyone ultimately needs to make for themselves. On the one hand, the cost of curve448 is not that much higher than curve25519, so there’s not really any good reason not to do it unless you are working with limited hardware or some external constraint like fitting signatures in QR codes or something like that. rg _______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
