[Cryptography] Is ECC suspicious?
Perry E. Metzger
perry at piermont.com
Thu Sep 5 19:09:47 EDT 2013
In this posting:
http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance
Bruce Schneier casts some doubt on the use of ECC
5) Try to use public-domain encryption that has to be compatible
with other implementations. For example, it's harder for the NSA to
backdoor TLS than BitLocker, because any vendor's TLS has to be
compatible with every other vendor's TLS, while BitLocker only has
to be compatible with itself, giving the NSA a lot more freedom to
make changes. And because BitLocker is proprietary, it's far less
likely those changes will be discovered. Prefer symmetric
cryptography over public-key cryptography. Prefer conventional
discrete-log-based systems over elliptic-curve systems; the latter
have constants that the NSA influences when they can.
Now, this certainly was a problem for the random number generator
standard, but is it an actual worry in other contexts? I tend not to
believe that but I'm curious about opinions.
Perry
--
Perry E. Metzger perry at piermont.com
More information about the cryptography
mailing list