|
|
|
|
|
|
by masklinn
2530 days ago
|
|
|
https://blog.trailofbits.com/2019/07/08/fuck-rsa/ covers that. The executive summary is that while it's possible to implement and use RSA properly: * it looks easy to implement so it's common for people to roll their own (and then it's insecure or broken), ECC look hard (though aren't necessarily) so devs are more likely to use properly vetted libraries * because most of the parameters must be kept secret, good advice is hard to find (and good parameter selection is absolutely critical), not to mention e.g. good exponents has complexity and performance implications[0], ECC parameters are public and you can pick existing good ones. [0] and security grows sub-linearly with parameter size: 2048-bit RSA has 112 bits of security, 4096-bit RSA has 140 bits of security |
|
|