Where is ECC in gpg2 (specifically gnupg-2.0.21

Johan Wevers johanw at vulcan.xs4all.nl
Sat Sep 14 12:56:30 CEST 2013

On 9/14/2013 0:20, Werner Koch wrote:

> No, I am not aware of any discussions.  QC resistant algorithms are not
> yet something we need to rush for.

While I agree that the current algorithms are probably safe against the
current attacks, encrypted messages can be stored and broken in the
future. That may still be problematic since some regimes have long
memories (so you were a member of that terrorist / freedom fighter(*)
cell 30 years ago. Now it's about time we send you and your family to

(*) Pick one choice.

>  We can't predict the future, but
> anyway it is good to know that even with today's technologies there are
> ways to mitigate an eventual QC based public key break.

Fortunately yes.

>  In this light
> the discussions about the need for 8k RSA now is as reliable as coffee
> grounds reading

I agree completely. If RSA 4k is broken, I would not trust RSA 8k much

> There are of course sound reasons why they suggest the use of ECC.  With
> about 30 years of research, ECC has a pretty solid theoretical
> foundation.  The reasons why the seeds for the NIST curve parameters
> have not been recorded should of course raise more doubts now - I don't
> think that the DES history has a sequel here.

No, certainly not in the light of the current developments. And since
the NSA research budget is probably higher than that of all academic
crypto departments together they may still be ahead of academic crypto,
just as when DES was developed.

ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

More information about the Gnupg-users mailing list