search for: ecdlp

On Mon, 28 May 2018, Yegor Ievlev wrote: > Can we prefer RSA to ECDSA? For example: > HostKeyAlgorithms > ssh-rsa,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 not without a good reason

...v wrote: > A backdoored curve could be easily generated using the algorithm used > to generate the NIST curves. > https://bada55.cr.yp.to/vr.html > > The algorithm that generates a backdoored curve is very simple: > Suppose the NSA (the author of the curves) knows a way to solve ECDLP > in polynominal time for some rare (one in 2^32) curves. In this case, > they simply keep generating the curves until they will find one that > is weak to their algorithm for solving ECDLP. The computations > required only take two days on a cluster of 41 GTX 780 GPUs, and was > fea...