Am Samstag, 24. Dezember 2016 05:21:34 UTC+1 schrieb Peter Gutmann: > Eric Rescorla writes: > > >I don't think this really accurately reflects the consensus of the security > >community > > Or of any community AFAIK. Perhaps there could be a special version of > Firefox that uses one-time pads for everything, and on startup uses a > cryptographically secure geolocation service to direct you to your nearest > supermarket for a roll of tinfoil, along with folding instructions for the > hat. > > For the OP, Google "Shamir's Law". 99.99% of web users could be using single > DES and it'd still be somewhere around the bottom of page 50 of the list of > ways in which they're going to get 0wned. > > Peter.
Although this is correct, it shouldn't keep administrators / companies from desperately trying to offer the most secure encryption, especially if they are located in countries where they are obligated by law to use the best known methods and otherwise are in permanent danger to get sued. Please note that my actual reason for posting was that I am trying to build a secure web site, and thus, I am feeling the strongest personal obligation (besides the obligation by law) to make it as secure as possible. Furthermore, it is eventually not wise to laugh at all people who believe that governments have the will and the means to poison cryptographic methods and to consider all of them weird conspiracy theorists who ignore maths. There are enough mathematicians who consider this a real danger. It is my private, political (and thus off-topic) opinion that cryptography should be as secure as possible, so if I have a choice (which is luckily the case here), I am avoiding anything which is suspected to be weakened, even if there is no clear proof yet. If you are sure, absolutely sure and ready to guarantee with your life for it, that organizations which are backed by hundreds of billions of dollars per year and which have the main aim to break cryptographic methods have not found any means to intentionally weaken the NIST curves given the complexity of their implementation, i.e. that your knowledge is higher than or at least equal to the sum of the knowledge of all the scientists and mathematicians who work for these organizations and who dedicate their whole life, every minute, every day to misleading, weakening and breaking cryptography, then (and only then) you may laugh at me and all the others who are concerned. In that case, we probably deserve a big roll of tin foil. Otherwise, you eventually should respect that there are a lot of people who are not overly stupid or paranoid and who are concerned about the issue. For sure, there is a reason for the fact that nearly all websites which come up when you do a search for cryptographic curves strongly discourage the usage of the NIST curves. Are they all paranoid idiots ignoring mathematics? Or is it just a temporary fashion to warn about NIST curves? And by the way, the law you mentioned exactly is one the things which can't serve as an argument here. Statistics say that one day I will probably die because of a heart problem (I'm located in Germany) and nearly sure not in a car crash which happens because of a defective car. But this is absolutely no reason to stop the yearly inspections of my car, even less if I regularly take other persons with me. YMMV ... Regards and thank you very much for your comments (indeed, didn't know about Shamir's Law yet), Binarus _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy

