[Cryptography] [cryptography] are ECDSA curves provably not cooked? (Re: RSA equivalent key length/strength)
Tony Arcieri
bascule at gmail.com
Tue Oct 1 16:10:32 EDT 2013
On Tue, Oct 1, 2013 at 12:00 PM, Jeffrey Goldberg <jeffrey at goldmark.org>wrote:
> If the NSA had the capability to pick weak curves while covering their
> tracks in such a way, why wouldn’t they have pulled the same trick with
> Dual_EC_DRBG?
>
<tinfoilhat>They wanted us to think they were incompetent, so we would
expect that Dual_EC_DRBG was their failed attempt to tamper with a
cryptographic standard, and so we would overlook the more sinister and
subtle attempts to tamper with the NIST curves</tinfoilhat>
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131001/40ff81cf/attachment.html>
More information about the cryptography
mailing list