Matti Nykyri wrote: > On Apr 17, 2014, at 23:17, walt <w41...@gmail.com> wrote: > >> On 04/17/2014 11:43 AM, Matti Nykyri wrote: >>> I don't know much about the secp521r1 curve or about its security. >>> You can list all available curves by: >>> >>> openssl ecparam -list_curves >> I don't either, but I hope this guy does :) >> >> http://www.math.columbia.edu/~woit/wordpress/?p=6243 > Good article :) The overall picture I had about EC is more or less the same > as described in the article. But you always have to make a threat analysis > and it depends on the private data you are protecting. By definition any > private data will be disclosed given enough time and resources. > > So if your adversary is NSA... Well protecting the communication of regular > internet user and your production server with SSL and x509 certificates will > just not secure the content. I'm 100% certain that NSA has access to at least > one CA root certificates private keys. With those they can do a > man-in-the-middle attack that the regular user will most likely never spot. > > I my own security model I'm protected from NSA by the fact that it will > disappear in the flow of all other traffic because NSA is not stealing credit > card numbers :) ECDSA with ECDHE is fast and secure according to public > sources. > > The problem is totally different if you are protecting the secrets of your > company that are within the interest of NSA. I'm lucky I don't have to try > that. >
On this topic about NSA, I read a article that claimed the NSA was able to view httpS traffic live or close to live since they had some backdoor access keys. I don't recall where the article was but since this is a knowledgeable bunch, is this true? If for example I go to my bank or credit card website, can they "easily" view that traffic? One reason this jumped out at me was that in the article, it was claimed that a group of people was going to rewrite the code/software/whatever for httpS and other encryption tools. If someone has links to such info for me to read and pass on to others, that would be great too. Thanks. Dale :-) :-) -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words!