-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/07/13 22:07, James A. Donald wrote: > 106 bits is still far too small. Seems to me that they only > increased it as needed to defeat DecryptoCat, not as needed to > defeat an NSA farm running dedicated special purpose hardware. > > Why not use an elliptic curve whose points are, in compressed > form, about 256 bits, which is the size I chose for Crypto Kong, > many, many years ago, when computers were far less powerful. I > chose that after looking at various cracking efforts as the minimum > size that I was pretty sure that the NSA could not beat, then or in > the reasonably near future.
The choice of curve wasn't the problem - they were using Curve25519 but messing up the random number generation. Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJR1eafAAoJEBEET9GfxSfMfWwH/R/Rq/I02dMcmheZuIStT8lG dwTnBM7ZLqXywpvVjS4SDKDTcSC8EfrFx/QW2906VTqMDn5wNePe9BZegsZGIP5Q C+R/Kz8ahaUdJMbwHI0FrwdvrkCot1K8L8qWacUf/osZ/uP0Xrx7CEqk0Xi7OFLu jFTyj5hjSUWg7MctNfmCn6ElMaMO81Fc91aZGKxLRw4z7XBOSBGhcEuXoTpuQAAI 2Y7CkhXhuvdW1DpneD0EXRiyM0DK0/OKOQwoTvfHQXzHubss50Ke0OlqEiAhzRzw BPCTlVMCKF0dmgL7/EZ7Z60/JxSCRJ847uN1P76POEw+Ez9akzvaC9S/lveLyEs= =BggH -----END PGP SIGNATURE----- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography