On 22 June 2015 at 14:55, l.m ter.one.leeboi@hush.com wrote:
Hi,
Last I heard NIST groups are rubbish. You're better off without them for security. Am I wrong?
With regards to security, no one[0] who generates curves or implements ECC (as evidenced by the recent CFRG discussions or ECC Conference) seriously believes the NIST curves are backdoored.
They do believe the NIST cruves lack security properties other curves have, are less performant than other curves, and have a sufficiently ambiguous origin to not be desirable. But the last one, the distrust of the curves, and desire for new ones (meaning desire based solely on that point) comes more from national agencies who want to mandate national curves - the Chinese and Russians being good examples.
-tom
[0] +/- a tiny epsilon I'm sure