[Cryptography] IETF discussion on new ECC curves.
ianG
iang at iang.org
Sat Jul 26 15:55:24 EDT 2014
2c worth,
On 26/07/2014 19:32 pm, Phillip Hallam-Baker wrote:
...
> Curve 25519 is close to 256 and its easy to make the argument. But
> there isn't a convenient prime near to 2^512. When we come to choosing
> curve E521 its a gut check sort of thing...
I thought you were protecting email? What rational can there be for
having two strengths?
Email is primarily hacked on the machine, and 2^256 is so far beyond
reasonable that we won't see it challenged for a long time. If you
don't like that argument increase to 2^512 but it still doesn't support
having two strengths.
> What do folks think here? I see a bunch of possibilities
>
> 1) We choose the NUMS curve for the 2^256 work factor curve and Curve
> 25519 for 2^128
>
> 2) We choose NUMS for both
>
> 3) We choose Curve25519 and E521
>
> 4) We spend several years arguing to no point
5) Choose one. Get back to work... I would use curve25519 as it's
much more clearly open than Microsoft's stuff, I don't need to go
researching it, and I know there are plenty of open source code snippets
to draw from.
iang
More information about the cryptography
mailing list