On 10/12/10 10:55 AM, Robert J. Hansen wrote: > On 12/9/2010 6:18 PM, Ben McGinnes wrote: >> The last bit of documentation I saw on ECC is a little old and stated >> that it wasn't well known enough to consider using. I guess that's >> changed now. > > Back in 2000 or so, the consensus was that ECC was too new and > rested on some dicey conjectures.
The last thing I read on ECC was Sam Simpson's FAQ on PGP, which was published in 1999 and was saying exactly that. > Since the proof of the Taniyama-Shimura conjecture (or, as it's now > called, Wiles' Theorem), ECC's theoretical underpinnings seem to be > on fairly solid ground. That's a fairly significant update. > The National Security Agency has approved ECC for use in its Suite B > of cryptographic algorithms, and has authorized it for protection of > the highest levels of state secrets (TS/SCI) when used with 384-bit > ECC keys. > > John's information (that Suite B was authorized for SECRET) is > correct: he was looking at the bit about Suite B that relates to > 256-bit ECC keys. The DSD over here have fairly similar recommendations, but then they work very closely with the NSA. The unclassified version of their Information Security Manual is here: http://www.dsd.gov.au/infosec/ism/index.htm > The NSA is quite good about publishing its real information security > policies. They have a *lot* of contractors who work with them, and And a lot of vendors supporting those contractors and other personnel. > keeping the rules for how to secure classified information hidden > would ultimately only harm overall operational security. They > *want* people to know the right way to take care of TS/SCI material. > > They never want to hear someone say, "sure, I sent that TS/SCI file > in plaintext. Wait, I wasn't supposed to do that? I was never > told! Why aren't those rules on your website?" It doesn't help if the rules are ignored, though, as recent events have demonstrated. I've no doubt there are people inside the NSA reaching for the LARTs and the Clue-by-Fours. ;) Regards, Ben
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
