[146745] in cryptography@c2.net mail archive
Re: [Cryptography] Bruce Schneier has gotten seriously spooked
daemon@ATHENA.MIT.EDU (Dan McDonald)
Sat Sep 7 15:51:00 2013
X-Original-To: cryptography@metzdowd.com
From: Dan McDonald <danmcd@kebe.com>
In-Reply-To: <522B721D.5080402@sonic.net>
Date: Sat, 7 Sep 2013 15:06:35 -0400
To: Ray Dillinger <bear@sonic.net>
Cc: cryptography@metzdowd.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Sep 7, 2013, at 2:36 PM, Ray Dillinger wrote:
<SNIP!>
>
> Schneier states of discrete logs over ECC: "I no longer trust the constants.
> I believe the NSA has manipulated them through their relationships with industry."
>
> Is he referring to the "standard" set of ECC curves in use? Is it possible
> to select ECC curves specifically so that there's a backdoor in cryptography
> based on those curves?
That very statement prompted me to start the Suite B thread a couple of days ago.
What concerns me most about ECC is that your choices seem to be the IEEE Standard curves (which have NSA input, IIRC), or ones that will bring down the wrath of Certicom (Slogan: "We're RSA Inc. for the 21st Century!").
I've said this repeatedly over the past year, but if whomever ends up buying Certicom-owner Blackberry would set them free, it would help humanity (at the cost of the patent revenues, alas).
Dan
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
