ECDSA client question
Joseph Tam
jtam.home at gmail.com
Tue Dec 18 00:04:03 EET 2018
On Sun, 16 Dec 2018, Michael A. Peters wrote:
> We know there are unexplained constants in the NIST curves including P-256 -
> what if NSA was partially responsible for this bug (back room deal to avoid
> anti-trust prosecution, similar deal with IBM was made in the 70s I believe
> also involving cryptography) so that Android apps that use ECDSA (beyond just
> the mail client, e.g. chat apps) would use P-256 for compatibility and are
> maybe vulnerable to MITM for the key exchange.
>
> I want Ed25519 now.
Bernstein fan? Definitely off-topic, but the gist of his critique of
P-256 is that any possible deliberate sabotage of curve parameters is a
distraction from the real problem: complexity makes implementation
fumbles easy with distrastous consequences.
https://cr.yp.to/newelliptic/nistecc-20160106.pdf
Joseph Tam <jtam.home at gmail.com>
More information about the dovecot
mailing list