[Cryptography] are ECDSA curves provably not cooked? (Re: RSA equivalent key length/strength)
Bill Frantz
frantz at pwpconsult.com
Tue Oct 1 16:16:01 EDT 2013
On 10/1/13 at 8:47 AM, bascule at gmail.com (Tony Arcieri) wrote:
>If e.g. the NSA knew of an entire class of weak curves, they could perform
>a brute force search with random looking seeds, continuing until the curve
>parameters, after the seed is run through SHA1, fall into the class that's
>known to be weak to them.
Or NSA could have done what it did with DES and chosen a
construct that didn't have that weakness. We just don't know.
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | I don't have high-speed | Periwinkle
(408)356-8506 | internet. I have DSL. | 16345
Englewood Ave
www.pwpconsult.com | | Los Gatos,
CA 95032
More information about the cryptography
mailing list