On Sun, 16 Dec 2018, Michael A. Peters wrote:
We know there are unexplained constants in the NIST curves including P-256 - what if NSA was partially responsible for this bug (back room deal to avoid anti-trust prosecution, similar deal with IBM was made in the 70s I believe also involving cryptography) so that Android apps that use ECDSA (beyond just the mail client, e.g. chat apps) would use P-256 for compatibility and are maybe vulnerable to MITM for the key exchange.
I want Ed25519 now.
Bernstein fan? Definitely off-topic, but the gist of his critique of P-256 is that any possible deliberate sabotage of curve parameters is a distraction from the real problem: complexity makes implementation fumbles easy with distrastous consequences.
https://cr.yp.to/newelliptic/nistecc-20160106.pdfJoseph Tam <jtam.home@gmail.com>