Hacker News new | past | comments | ask | show | jobs | submit login

The blog fails to explain why trailofbits are recommending ECC over RSA when the NSA is now recommending not using ECC and instead recommends RSA. https://eprint.iacr.org/2015/1018.pdf

The article you linked is very specifically talking about quantum computing.

The NSA seemed to be suggesting that practical quantum computers were coming so soon that people who had not yet upgraded from RSA to ECC should not bother to do so, and instead should save their money for the future upgrade to post-quantum protocols. Shortly thereafter, the NSA released a revised version in response to numerous queries and requests for clarification. The new wording was even more explicit in its negative tone on the continuing use of ECC: “...elliptic curve cryptography is not the long term solution many once hoped it would be. Thus, we have been obligated to update our strategy.” Although other parts of the statement assured the public that ECC was still recommended during the time before the advent of practical quantum computers, the overall impression was inescapable that the NSA was distancing itself from ECC.

That's one of many possible interpretations.

Firstly, NSA recommended specific NIST-brand ECC that didn't have many of the practical security advantages of what's being recommended here.

Secondly, if you were really that worried about quantum computing, you'd use a quantum-hard kex, like Google did with CECPQ1.

(I can't speak to why the NSA doesn't tell you to do that. I'm sure it has people in it that think so.)

Because the NSA recommends still using RSA over ECC?

The NSA and NIST should, in a perfect world, have lost all credibility of any sort given the revelations of poisoned RNGs. It boggles my mind that they are still given any credence let alone still considered authoritative.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact