[147420] in cryptography@c2.net mail archive
Re: [Cryptography] are ECDSA curves provably not cooked? (Re: RSA
daemon@ATHENA.MIT.EDU (Bill Frantz)
Tue Oct 1 16:21:20 2013
X-Original-To: cryptography@metzdowd.com
Date: Tue, 1 Oct 2013 13:16:01 -0700
From: Bill Frantz <frantz@pwpconsult.com>
To: cryptography@metzdowd.com
In-Reply-To: <CAHOTMVJuqmjJeEV+FrosQONkumj2v2DppTHkrUHR-DB6UWrqyg@mail.gmail.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 10/1/13 at 8:47 AM, bascule@gmail.com (Tony Arcieri) wrote:
>If e.g. the NSA knew of an entire class of weak curves, they could perform
>a brute force search with random looking seeds, continuing until the curve
>parameters, after the seed is run through SHA1, fall into the class that's
>known to be weak to them.
Or NSA could have done what it did with DES and chosen a
construct that didn't have that weakness. We just don't know.
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | I don't have high-speed | Periwinkle
(408)356-8506 | internet. I have DSL. | 16345
Englewood Ave
www.pwpconsult.com | | Los Gatos,
CA 95032
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
