On Thu, Nov 27, 2014 at 10:08:40AM +0100, Martin Pitt wrote: > Mark Shuttleworth [2014-11-27 9:01 +0000]: > > Are any of the ECC algorithms widely trusted yet? > > For a simple and short executive answer I'd say "yes". > > TTBOMK there are no solutions to the ECC discrete logarithm which are > better than the usual exponential brute force; contrary to prime > factorization (for RSA) where more efficient algorithms are being > discovered every other year. Some NIST standard curves have a certain > "NSA influenced" smell, but some standards like ED25519 are generally > considered trusted.
I'd agree too. As I understand it, the concerns with ECC is that there may be more "weak" values to be discovered, and some people may end up with poorly chosen keys. > However, while ssh has supported ECC for a while, ECC support in gnupg > is *very* new: > http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000358.html > (from just three weeks ago!) > > We also still use gnupg 1.x by default, so at some point we should > move to gnupg 2. But at this point I think we are still better off > with updating our GPG keys to 4096 bit RSA than waiting for this > transition. Based on what I know, ECC has higher complexity with lower key sizes, which is good for resource constrained situations. Everything being equal, I still prefer a large RSA key size, since it's more well understood. -Kees -- Kees Cook -- technical-board mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/technical-board
