[Cryptography] Seed values for NIST curves

Joachim Strömbergson Joachim at Strombergson.com
Tue Sep 10 06:36:18 EDT 2013

Hash: SHA1


Tony Arcieri wrote:
> The question is... suitable for what? djb argues it could be used to 
> find a particularly weak curve, depending on what your goals are: 
> http://i.imgur.com/o6Y19uL.png

So, the question is then - how do we fix this?

I (naively) see two approaches:

1. We as a community create a list of curves that we agree on are good.
The list is placed in a document, for example an RFC that clearly states
what criteria has been used, what the sources for the curves are and how
they has been generated. This allows any user to check the validity and
the provenance.

2. Create tools to easily create randomly generated curves including
some tool to assess the goodness/quality.

Either method should (I believe) be possisble to be integrated into TLS
as part of the parameter exchange and negotiation.

If I understand DJB correctly EC as such is sound and provides clear
benefits compared to RSA. We just need curves that have completely
open, traceable and varifiable specifications.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


More information about the cryptography mailing list