On 2018-06-29 at 18:07 +0200, Damien Cassou wrote: > NIIBE Yutaka <gni...@fsij.org> writes: > > Why not Curve25519, if you use ECC? > > I'm not sure I want ECC after reading this: > https://crypto.stackexchange.com/a/60394/60027
Curve25519 is not NIST ECC. It is ECC. "ECC" = "Elliptic Curve Cryptography", it covers an entire class of "how public/private pairs are related and calculated". There are various different algorithms within ECC. Some of those are published by NIST, with input from various agencies, and there is reasonable concern as to the provenance of the specifications, as that page notes. The IETF, amongst other groups, has been moving towards Curve25519 for public key cryptography because it is ECC and it's not NIST. It currently looks, with a wet finger in the air and an array of chicken entrails before us, from every known species of chicken, as though Curve25519 is likely to be good for a while to come; up until the much heralded practical quantum computers one day arrive and possibly change everything. So for new deployments today, where interoperability with ancient OpenPGP implementations (such as GnuPG v1) is not a concern, you're probably looking at Curve25519 and, if eager, keeping half an eye on the news about post-quantum cryptography for the next step after that. If you need more specific guidance than that, pay a professional cryptographer to analyse your requirements and make a recommendation. -Phil _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
