[Cryptography] Opening Discussion: Speculation on "BULLRUN"

Peter Gutmann pgut001 at cs.auckland.ac.nz
Thu Sep 5 21:28:10 EDT 2013


"Perry E. Metzger" <perry at piermont.com> writes:

>I would like to open the floor to *informed speculation* about BULLRUN.

Not informed since I don't work for them, but a connect-the-dots:

1. ECDSA/ECDH (and DLP algorithms in general) are incredibly brittle unless
   you get everything absolutely perfectly right.

2. The NSA has been pushing awfully hard to get everyone to switch to
   ECDSA/ECDH.

Wasn't Suite B promulgated in the 2005-2006 period?

Peter (who choses RSA over ECC any time, follow a few basic rules and you're
       safe with RSA while ECC is vulnerable to all manner of attacks,
       including many yet to be discovered).



More information about the cryptography mailing list