On Sun, 16 Dec 2018, Michael A. Peters wrote:
We know there are unexplained constants in the NIST curves including P-256 -
what if NSA was partially responsible for this bug (back room deal to avoid
anti-trust prosecution, similar deal with IBM was made in the 70s I believe
also involving cryptography) so that Android apps that use ECDSA (beyond just
the mail client, e.g. chat apps) would use P-256 for compatibility and are
maybe vulnerable to MITM for the key exchange.
I want Ed25519 now.
Bernstein fan? Definitely off-topic, but the gist of his critique of
P-256 is that any possible deliberate sabotage of curve parameters is a
distraction from the real problem: complexity makes implementation
fumbles easy with distrastous consequences.
https://cr.yp.to/newelliptic/nistecc-20160106.pdf
Joseph Tam <jtam.h...@gmail.com>