On 12/9/2010 6:18 PM, Ben McGinnes wrote: > The last bit of documentation I saw on ECC is a little old and stated > that it wasn't well known enough to consider using. I guess that's > changed now.
Back in 2000 or so, the consensus was that ECC was too new and rested on some dicey conjectures. Since the proof of the Taniyama-Shimura conjecture (or, as it's now called, Wiles' Theorem), ECC's theoretical underpinnings seem to be on fairly solid ground. The National Security Agency has approved ECC for use in its Suite B of cryptographic algorithms, and has authorized it for protection of the highest levels of state secrets (TS/SCI) when used with 384-bit ECC keys. John's information (that Suite B was authorized for SECRET) is correct: he was looking at the bit about Suite B that relates to 256-bit ECC keys. > So my 4096-bit Elgamal key with an AES256 cipher would be somewhere > between SECRET and TOP SECRET (discounting the real information > security policies that are applied by any DoD/spook personnel, in > either your country or mine). The NSA is quite good about publishing its real information security policies. They have a *lot* of contractors who work with them, and keeping the rules for how to secure classified information hidden would ultimately only harm overall operational security. They *want* people to know the right way to take care of TS/SCI material. They never want to hear someone say, "sure, I sent that TS/SCI file in plaintext. Wait, I wasn't supposed to do that? I was never told! Why aren't those rules on your website?"
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
