[Cryptography] Is ECC suspicious?

Perry E. Metzger perry at piermont.com
Thu Sep 5 19:09:47 EDT 2013

In this posting:


Bruce Schneier casts some doubt on the use of ECC

   5) Try to use public-domain encryption that has to be compatible
   with other implementations. For example, it's harder for the NSA to
   backdoor TLS than BitLocker, because any vendor's TLS has to be
   compatible with every other vendor's TLS, while BitLocker only has
   to be compatible with itself, giving the NSA a lot more freedom to
   make changes. And because BitLocker is proprietary, it's far less
   likely those changes will be discovered. Prefer symmetric
   cryptography over public-key cryptography. Prefer conventional
   discrete-log-based systems over elliptic-curve systems; the latter
   have constants that the NSA influences when they can.

Now, this certainly was a problem for the random number generator
standard, but is it an actual worry in other contexts? I tend not to
believe that but I'm curious about opinions.

Perry E. Metzger		perry at piermont.com

More information about the cryptography mailing list