|
|
|
|
|
|
by epimenov
3907 days ago
|
|
|
Validating EC is even harder. Accepting arbitrary curves is a bad practice. The draft of TLS 1.3 uses named curves and named primes for both DH and ECDH. And it starts with 2048 bits, because the possibility of NSA cracking 1024 primes was mentioned in the logjam paper. See https://tools.ietf.org/html/draft-ietf-tls-tls13-09#page-49 |
|
|