[tor-dev] How bad is not having 'enable-ec_nistp_64_gcc_128' really? (OpenBSD)

Tom Ritter tom at ritter.vg
Tue Jun 23 05:35:53 UTC 2015


On 22 June 2015 at 14:55, l.m <ter.one.leeboi at hush.com> wrote:
> Hi,
>
> Last I heard NIST groups are rubbish. You're better off without them for
> security. Am I wrong?

With regards to security, no one[0] who generates curves or implements
ECC (as evidenced by the recent CFRG discussions or ECC Conference)
seriously believes the NIST curves are backdoored.

They do believe the NIST cruves lack security properties other curves
have, are less performant than other curves, and have a sufficiently
ambiguous origin to not be desirable. But the last one, the distrust
of the curves, and desire for new ones (meaning desire based solely on
that point) comes more from national agencies who want to mandate
national curves - the Chinese and Russians being good examples.

-tom

[0] +/- a tiny epsilon I'm sure


More information about the tor-dev mailing list