Am 27.03.2015 um 14:21 schrieb Martin Behrendt: > On 26.03.2015 18:40, Pete Stephenson wrote: >> >> People have raised concerns about the NIST curves, but they are part >> of the RFC 6637 standard so compliant programs must implement P-256, >> may implement P-384, and should implement P-521. >> >> To address potential concerns with the NIST curves, GnuPG also >> supports the Brainpool curves which are similar in structure to the >> NIST curves but use parameters chosen from nothing-up-my-sleeve >> numbers and so should be reasonably trustworthy. Still, the structure >> of such curves leaves a bit to be desired (see >> http://safecurves.cr.yp.to/ for details, I'm hardly an expert). >> > > I just did a quick search but didn't find anything. [...]
A very recent (Feb 2015) "historical" analysis of the surreptitious weakening of cryptographic systems, incl. a description of the NIST (or Dual EC-DRBG) curves' pecularities "detected" in 2005 can be found at (1): (1) https://www.schneier.com/paper-weakening.html (p. 2,7). Cheers, Stephan
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
