Comment on Mathematician warns US spies may be weakening next-gen encryption
Natanael@slrpnk.net 1 year agoI run a cryptography forum, I know this stuff, and the problem isn’t algorithmic weakness but complexity of implementation.
All major browsers and similar networking libraries now have safe implementations after experts have taken great care to handle the edge cases.
It’s not a fault with let’s encrypt. If they allowed nonstandard curves then almost nothing would be compatible with it, even the libraries which technically have the code for it because anything not in the TLS spec is disabled.
…stackexchange.com/…/can-custom-elliptic-curves-b…
cabforum.org/baseline-requirements-certificate-co…
CAB is the consortium of Certificate Authorities (TLS x509 certificate issuers)
ryannathans@aussie.zone 1 year ago
Tldr would be that there are no safe ECC curves in TLS? Yet
Natanael@slrpnk.net 1 year ago
P256 isn’t known to be insecure if implemented right, it’s just harder to implement right
fluke@snake.substantialplumbing.repair 1 year ago
The WRC deals with unsafe curves all the time. I think picking a couple of spots on some of their curves at high speed would be interesting. Samir has been known to break some of these…