[Cryptography] Opening Discussion: Speculation on "BULLRUN"

Perry E. Metzger perry at piermont.com
Thu Sep 5 21:02:00 EDT 2013

On Fri, 06 Sep 2013 12:13:48 +1200 Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
> "Perry E. Metzger" <perry at piermont.com> writes:
> >I would like to open the floor to *informed speculation* about
> Not informed since I don't work for them, but a connect-the-dots:
> 1. ECDSA/ECDH (and DLP algorithms in general) are incredibly
> brittle unless you get everything absolutely perfectly right.

I'm aware of the randomness issues for ECDSA, but what's the issue
with ECDH that you're thinking of?

> 2. The NSA has been pushing awfully hard to get everyone to switch

Yes, and 24 hours ago I would have said that was because they
themselves depended on the use of commercial products with such
algorithms available (as in Suite B.) Now I'm less sure.

> Wasn't Suite B promulgated in the 2005-2006 period?

Yes, though it doesn't sound like Suite B is what the article
meant when discussing standards.

> Peter (who choses RSA over ECC any time, follow a few basic rules
> and you're safe with RSA while ECC is vulnerable to all manner of
> attacks, including many yet to be discovered).

Many people out there seem to claim the opposite of course. The
current situation doesn't give us a definitive way to resolve such an

RSA certainly appears to require vastly longer keys for the same
level of assurance as ECC.

Perry E. Metzger		perry at piermont.com

More information about the cryptography mailing list