MJ <m...@sci.fi> wrote: > > What is "NIST crypto"? > > Are you serious or just being facetious? I basically used it as an > umbrella term to include all of the crypto in which the US government > has had their hand involved in it's specification, implementation, > approval, standardisation, etc and so forth.
As guenther@ has pointed out, refusing all crypto covered by that definition is silly. But even if you limit yourself to the specification part, you should be very disappointed about the newly added Curve25519 key exchange and Ed25519 signing in OpenSSH, because as implemented both rely on SHA-2 cryptographic hashes, which were not only specified by NIST, but in fact designed by the NSA. Of course mainstream cryptographers don't think that SHA-2 is insecure, much less backdoored, but that again raises the question: What do mean by that "NIST crypto" you want to avoid? -- Christian "naddy" Weisgerber na...@mips.inka.de
