|
|
|
|
|
|
by sgtcodfish
3172 days ago
|
|
|
You can get the same amount of "bits" of security with EC as you can with RSA for sure if you choose the right parameters. There are also EC implementations (Ed25519 being an excellent example) which are incredibly simple which makes them easier to audit and reason about. Also the simplicity allows us to implement some EC crypto in constant time, so there are no timing side channels. The main reason not to use EC would be spottier hardware support (cards, keys, etc) and potentially less software support in the wild (people could be stuck on old versions of GPG for example). |
|
|