[OTR-users] OTR-encryption not safe - DSA 1024bit is too short

[.]

On 12/12/2012 08:25 PM, Pete Stephenson wrote:
> On 12/12/2012 8:05 PM, . wrote:
>> Somewhere (and I really tried to find this site again by searching for
>> like "nist" AND "own curves") I read not to use NIST's curves but use
>> one's own curves, but why exactly -- maybe NIST can pre-calculate things
>> and speed up encryption -- I don't know, not an expert on this.
>> I guess it's also because one shouldn't always trust NIST anyway (in
>> case of their recommendation which key-sizes to use I trust them because
>> I can calculate and know more or less how long a key should be).
> Since the NIST curves are used for protecting classified US government
> information it would seem unlikely that they would be specifically
> designed to be weakened in some way as there's no doubt many adversaries
> who are testing such publicly-released curves to find any such weaknesses.
>
> FIPS 186-3 describes how they generated the various NIST curves and the
> reasoning and methods behind it. Appendix D of the document, which is
> available at
> http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf , goes
> into specific detail.
>
> These curves were chosen to have certain mathematical properties
> described at
> http://en.wikipedia.org/wiki/Elliptic_curve_cryptography#Fast_reduction_.28NIST_curves.29
> to be optimized for high performance (which doesn't sacrifice security).
>
> It's pretty good to be skeptical of things provided by major governments
> but my understanding of ECC is that the curves themselves aren't
> intended to be secret and are merely a common starting point for key
> generation (they're basically equivalent to DH parameters used for DH
> key exchange).
>
> Cheers!
> -Pete
> _______________________________________________
> OTR-users mailing list
> OTR-users at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-users
Yes, I understand. Having my own curves I feel still somehow much more
secure.