Hacker News new | past | comments | ask | show | jobs | submit login

While we are on the topic of A-grade security: The article might want to point out that using standard DHE is preferable to ECDHE if you can handle the additional CPU load. The problem with ECDHE is that all currently TLS-approved curves need to be considered unreliable. This will change if 'draft-irtf-cfrg-curves-02' is accepted and Curve25519 and Ed448-Goldilocks become part of the standard.

Can you clarify why the TLS-approved curves should be considered unreliable?

Mumble mumble NIST mumble.

That's the problem with tinfoil; no matter how much I wrap around my computer, I can never be sure if the government has suborned my local grocery store.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact