On 10/25/2013 5:45 PM, Johan Wevers wrote: > The authority of NIST is of course severely reduced since the > Snowden revelations and their own suspicious behaviour with the Dual > EC PRNG.
*To you* they're severely reduced. Please don't presume to make ex cathedra statements for the rest of the world. While I agree that NIST is certainly not looking good, I'm not going to go so far as to say their authority or credibility is "severely reduced." Further, this statement of NIST's is backed by RSA Data Security, which has issued recommendations that are in much the same line, and various other consortiums as well. > Further, if they expect it to be secure for only 25 years, that is > sufficient for people to upgrade if they expect to remain alive over > 25 years Not even intelligence agencies expect to keep things secret past 25 years. If you're doing something that must remain secret for more than 25 years, I would recommend thinking about whether you should be doing those things in the first place. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
