[Cryptography] Seed values for NIST curves
Tony Arcieri
bascule at gmail.com
Mon Sep 9 18:46:42 EDT 2013
On Mon, Sep 9, 2013 at 10:37 AM, Nemo <nemo at self-evident.org> wrote:
> The approach appears to be an attempt at a "nothing up my sleeve"
> construction. Appendix A says how to start with a seed value and use SHA-1
> as a psuedo-random generator to produce candidate curves until a suitable
> one is found.
>
The question is... suitable for what? djb argues it could be used to find a
particularly weak curve, depending on what your goals are:
http://i.imgur.com/o6Y19uL.png
(originally from http://www.hyperelliptic.org/tanja/vortraege/20130531.pdf)
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130909/fec13ab9/attachment.html>
More information about the cryptography
mailing list