|
|
|
|
|
|
by floody-berry
4041 days ago
|
|
|
Yes, how does he go from DUAL_EC_DBRG being backdoored to using the same few elliptic curves being an issue? It's not accurate or productive to lump e.g. Curve25519 or Goldilocks448 in with DUAL_EC_DBRG and issues with 1024-bit DH primes. I feel like I'm misinterpreting what he meant, but can't see what other point he could be making. |
|
|
He's correct that if people generated their own ECC curves instead of using standardized curves, then standardizing maliciously chosen curves would cease to be an attack vector.
That doesn't of itself imply that the pros of standardizing curves do not outweigh the cons, but it is a con of standardizing curves.