----- Original Message ----- From: "Eric Rescorla" <[EMAIL PROTECTED]> To: "Eugene Leitl" <[EMAIL PROTECTED]> Sent: Monday, 28 January, 2002 6:33 AM
[...] > If you want to see EC used you need to describe a specific algorithm > which has the following three properties: > > (1) widely agreed to be unencumbered, particularly by the big players. > [extra points if you're willing to indemnify] > (2) significantly better than RSA (this generally means faster) > (3) has seen a significant amount of analysis so that we can have > some reasonable confidence it's secure. > > Until someone does that, the cost of information in choosing an > EC algorithm is simply too high to justify replacing RSA in > most applications. Well, a nice characteristic that RSA doesn't have is the ability of using as secret key a hash of the passphrase, which avoids the need of a secret keyring and the relative vulnerability to dictionary attacks. See e.g. the Pegwit application, which, in its version 9 (http://groups.yahoo.com/group/pegwit/) does not, AFAIK, infringe on any EC patent. Enzo --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
