On Tue, Aug 13, 2013 at 4:13 AM, Nick Mathewson <[email protected]>wrote:
> Ed25519 (specifically, Ed25519-SHA-512 as described and specified at > http://ed25519.cr.yp.to/) is a desirable choice here: it's secure, > fast, has small keys and small signatures, is bulletproof in several > important ways, and supports fast batch verification. (It isn't quite > as fast as RSA1024 when it comes to public key operations, since RSA > gets to take advantage of small exponents when generating public > keys.) > At the risk of invoking something that was already discussed to death (and I was not aware): why not go with something established like P-521 that would apparently be a drop-in replacement with OpenSSL? Are the benefits really worth it? -- Maxim Kammerer Liberté Linux: http://dee.su/liberte
_______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
