Enabling and using ECC keys (any reason not to?)

Stephan Beck stebe at mailbox.org
Sat Mar 28 21:57:59 CET 2015

Am 27.03.2015 um 14:21 schrieb Martin Behrendt:
> On 26.03.2015 18:40, Pete Stephenson wrote:
>> People have raised concerns about the NIST curves, but they are part
>> of the RFC 6637 standard so compliant programs must implement P-256,
>> may implement P-384, and should implement P-521.
>> To address potential concerns with the NIST curves, GnuPG also
>> supports the Brainpool curves which are similar in structure to the
>> NIST curves but use parameters chosen from nothing-up-my-sleeve
>> numbers and so should be reasonably trustworthy. Still, the structure
>> of such curves leaves a bit to be desired (see
>> http://safecurves.cr.yp.to/ for details, I'm hardly an expert).
> I just did a quick search but didn't find anything.

A very recent (Feb 2015) "historical" analysis of the surreptitious weakening of
cryptographic systems, incl. a description of the NIST (or Dual EC-DRBG) curves'
pecularities "detected" in 2005 can be found at (1):

(1) https://www.schneier.com/paper-weakening.html (p. 2,7).


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150328/3809b4f8/attachment.sig>

More information about the Gnupg-users mailing list