SafeCurves: choosing safe curves for elliptic-curve cryptography

Interestingly, the curves used by SSL/TLS are not considered safe:
http://safecurves.cr.yp.to/

 

ECC is so easy to do wrong, one wonders if it didn't need more study before folks rushed to use it, it's not like the alternative is broken.

 

All crypto is easy to do wrong. If the SafeCurves site is proven correct, the SSL curves will be replaced.
Also, RSA is not exatly broken but many think the NSA can decrypt it without too much effort if they want to.

 

I'd say it depends on what "too much effort" is. Sure they've got a budget and computing power, and sure there's a lot of ≤1024 RSA out there, and sure, maybe they even had a breakthrough and have some method for factoring that the rest of the world doesn't know about...but math is math.

That's one of the main things I keep hearing out of the Snowden revelations is basically that the NSA is not magic, and they're bound my the same laws of math and physics that the rest of the world is.

If you want to say they could probably decrypt your specific message if they really wanted to, sure, maybe. (If it's asymmetric). But they're collecting billions upon billions of communications every single day. Not even the NSA has the resources to sift through all that, let alone decrypt everything that's encrypted.

Bump your keys up to 4096 (or at least 2048 ), and you should be okay (unless you personally are worth a considerable amount of time and millions of dollars to the spooks.)

In that case, watch out for cell phones nearby...

http://www.forbes.com/sites/timwors...ith-just-a-microphone-and-a-couple-of-emails/

http://threatpost.com/researchers-find-way-to-extract-4096-bit-rsa-key-via-sound