
Not every elliptic curve is the same: trough on ECC security (2010) - theandrewbailey
http://infosecurity.ch/20100926/not-every-elliptic-curve-is-the-same-trough-on-ecc-security/
======
tux3
This article is interesting, but it found it striking that it made absolutely
no mention of Curve25519 [0], which has become quite popular today as an
replacement for P-256 and co. Perhaps things would have been different had the
article not been written 3 years before the Dual EC backdoor fiasco.

[0]
[https://en.wikipedia.org/wiki/Curve25519](https://en.wikipedia.org/wiki/Curve25519)

~~~
tptacek
Dual EC has nothing to do with the NIST curves.

~~~
divbit
I think what the root comment is referencing is that the dual EC standard
being possibly compromised has made people take a closer look at NIST
standards related to their curves.

------
tptacek
This is not an especially useful analysis. In particular, few specialists in
2016 would make decisions based on which standards bodies support a given
curve.

------
montyedwards
Anyone interested in using ECC should take a glance at SafeCurves: choosing
safe curves for elliptic-curve cryptography
[http://safecurves.cr.yp.to/](http://safecurves.cr.yp.to/)

There's a nice table showing which curves are safe and which curves are not.

------
spikengineer
The author made no mention the more trusted curve25519 the web wants to move
to.

Edit: Curve25519 may have been unheard of in 2010.

~~~
tptacek
We don't want to move to it because it's "more trusted". We want it because
it's a _better curve_. Most critically: for the most common applications,
Curve25519 avoids the need for point validation, eliminating a class of
vulnerabilities. It's also much easier to implement in constant time.

