[Cryptography] Seed values for NIST curves
Joachim Strömbergson
Joachim at Strombergson.com
Tue Sep 10 06:36:18 EDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Aloha!
Tony Arcieri wrote:
> The question is... suitable for what? djb argues it could be used to
> find a particularly weak curve, depending on what your goals are:
> http://i.imgur.com/o6Y19uL.png
So, the question is then - how do we fix this?
I (naively) see two approaches:
1. We as a community create a list of curves that we agree on are good.
The list is placed in a document, for example an RFC that clearly states
what criteria has been used, what the sources for the curves are and how
they has been generated. This allows any user to check the validity and
the provenance.
2. Create tools to easily create randomly generated curves including
some tool to assess the goodness/quality.
Either method should (I believe) be possisble to be integrated into TLS
as part of the parameter exchange and negotiation.
If I understand DJB correctly EC as such is sound and provides clear
benefits compared to RSA. We just need curves that have completely
open, traceable and varifiable specifications.
- --
Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAlIu9iIACgkQZoPr8HT30QHziQCeLg8PgNPa2Iz0eB+ZJdgF6caB
h1MAoJB/WTs+KrFsG3QjO84PipmyXlY0
=SdNy
-----END PGP SIGNATURE-----
More information about the cryptography
mailing list