ianG <[email protected]> writes: > BTW, why the keenness on Ed25519?
Sorry for the delayed response. I managed to lose track of this message migrating between Gmail and my own server. I like Ed25519 because the public keys are 255 bits long, which makes them potentially usable directly as identifiers. However, more recent events have changed my thinking on this. Schneier speculates that one of the NSA's breakthroughs the Snowden documents talks about may be an advance in the cryptanalysis of ECC systems, and he recommends sticking with better-studied, more conventional systems based on the conventional discrete logarithm problem. On top of that, given the dynamic nature of cryptographic technology, it's probably not a good idea to lock oneself into a particular cryptosystem or hash scheme or even to require that identifiers be keys themselves. An identifier scheme could support Ed25519 as one particularly convenient key type, but eventually we'll want to support fingerprints as identifiers and fetching of public keys from a DHT. -- Sean Lynch <[email protected]> _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
