[Cryptography] [cryptography] NIST Workshop on Elliptic Curve Cryptography Standards

dj at deadhat.com dj at deadhat.com
Thu May 14 17:54:35 EDT 2015

> On Thu, May 14, 2015 at 7:31 AM, Salz, Rich <rsalz at akamai.com> wrote:

> Or the NIST curves are not secure, nor is SHA-1, and if SHA-1 isn't secure

I found the DJB arguments to be solid and believable. That the NIST
Weierstrass curves are so difficult to implement correctly while being so
easy to implement in a way that meets the test vectors, it would lead to
many weak implementations. So if the NSA were good with Montgomery or
Edwards or <some other good> curve crypto and left the Weierstrass curves
for the great unwashed, it would make complete sense.

More information about the cryptography mailing list