Hacker News new | past | comments | ask | show | jobs | submit login

The problem I have with this kind of thing is that if you can get away with the idiosyncratic recommendations (XChaCha, GCM-SIV), you're not interoperating, and so you can almost by definition just use libsodium box and secret-box. Who is a laddered recommendation of different signing algorithms really helping?





> The problem I have with this kind of thing is that if you can get away with the idiosyncratic recommendations (XChaCha, GCM-SIV), you're not interoperating, and so you can almost by definition just use libsodium box and secret-box.

I absolutely am in favor of just using libsodium box/secretbox instead of having to understand this sort of nuance.

> Who is a laddered recommendation of different signing algorithms really helping?

People who ask me nitpicky questions about whether or not they should opt for 3072-bit RSA keys instead of 2048-bit RSA keys. The main purpose of the post was the first half (the "it doesn't matter" point).


I guess I sympathize. You've been doing this long enough, you should have the confidence at this point to tell the picky 3072-bit RSA people "stop designing systems, this will all end in tears". That's what we tell people! They seem to like it!

Doesn't it concern you that the NSA appears to no longer be recommending elliptic curve asymmetric crypto systems?

What the NSA appears to recommend or not doesn't cause me any significant concern.

This could happen if they're relaxing their recommendations to double down on post-quantum cryptography.

This could happen if they had a mathematical breakthrough that invalidated all ECDLP security estimates.

I'll never know which it is. The pragmatic thing is to research PQCrypto and make sure the next generation of asymmetric primitives are as good as they can be.


Their main argument is don’t spend the effort to switch to ECC since we’re going to recommend switching to a quantum resistant suite any day now.



Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: