[prev in list] [next in list] [prev in thread] [next in thread]
List: moderncrypto-curves
Subject: [curves] Any interest in random curves?
From: mike () shiftleft ! org (Michael Hamburg)
Date: 2014-06-26 21:50:34
Message-ID: 22C741D9-D3BF-4282-B710-C7864FA3761A () shiftleft ! org
[Download RAW message or body]
On Jun 26, 2014, at 1:56 PM, Trevor Perrin <trevp at trevp.net> wrote:
> On Thu, Jun 26, 2014 at 10:39 AM, Daniel Kahn Gillmor
> <dkg at fifthhorseman.net> wrote:
> >
> > My main concern with this proposal is the possibility of further
> > fragmentation by the creation of yet another set of curves.
>
> Yeah, if you want to see the confusion that already exists, read the
> W3C discussion on adding Curve25519 to WebCrypto (why not Brainpool?
> why not BADA55? Microsoft jumps in pushing their curves, etc):
>
> https://www.w3.org/Bugs/Public/show_bug.cgi?id=25839
>
> IMO for mainstream purposes the world only needs Curve/Ed25519 and
> *maybe* an extra-strength curve. The faster people coalesce around
> choices and work out engineering issues the better. More curve
> families not helpful.
I figured you?d be against :-) Anyone else want to weigh in on this?
By the way, a small Boggle board has approximately 55-60 bits of entropy if I \
calculated correctly. I?m having trouble imagining an attack which would allow a \
reasonable probability of success with half this much entropy. So if several boards \
are used, casino-grade attacks aren?t going to be enough, you?d have to go to \
magic-trick level.
Cheers,
? Mike
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic