[tor-talk] Elliptic Curve Crypto and the NSA

Michael McConville mmcconv1 at sccs.swarthmore.edu
Mon Nov 2 03:15:08 UTC 2015


Justin wrote:
> I’ve been reading a paper that talks about why the NSA told everyone
> to move to quantum resistant crypto.  One of the ideas in the paper
> was that they may have broken elliptic curves.  I understand that
> they’re used in Tor.  Does anyone think that NSA actually has the
> capability to break ECC?

Dual_EC_DRBG, a random number generation algorithm, was very likely
backdoored by the NSA. Tor doesn't use it. There is little evidence that
other EC algorithms have been subverted, although it's possible.

Here's a good resource if you're interested in learning more:

	http://safecurves.cr.yp.to/

Speculation about the integrity of crypto algorithms is only one facet
of auditing the security of protocols like Tor, and it isn't always the
most fruitful one.


More information about the tor-talk mailing list