On January 12, 2022 4:22:00 PM AKST, Joseph Tam <jtam.h...@gmail.com> wrote:
>
> - perfect forward secrecy: the disclosure of a private
> key will not compromise past traffic. This is probably the
> more compelling reason.
>
As to ECC vs. the "old fashioned" RSA paradigm based on the difficulty of
factoring very large natural numbers --- that's a totally separate issue,
irrelevant to that of choosing protocols that offer PFS over those that do not.
I'm "convinced" on no special considerations beyond elementary math that the
product of two large randomly chosen primes numbers is darn near impossible to
factor on modern computers. Scientists have tried and failed and assiduously
documented their vain attempts at cracking the RSA challenge up to commonly
used key size parameters.
The ECC business for involves too many secret codes and ciphers coming out of a
college fraternity or university dormitory, and it's not clear to me as an
outsider what it offers beyond smoke-and-mirrors obfuscation and security by
obscurity of the algorithm. The magic numbers and specially chosen curve
parameters like "25519" offered as is without explanation are alarming to me as
if someone is trying to pull the wool over my eyes with the fancy maths.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.