[tor-talk] NIST approved crypto in Tor?

[Gregory Maxwell]

On Sat, Sep 7, 2013 at 4:08 PM, anonymous coward
<anonymous.coward at posteo.de> wrote:
> Bruce Schneier recommends *not* to use ECC. It is safe to assume he
> knows what he says.

I believe Schneier was being careless there.  The ECC parameter sets
commonly used on the internet (the NIST P-xxxr ones) were chosen using
a published deterministically randomized procedure.  I think the
notion that these parameters could have been maliciously selected is a
remarkable claim which demands remarkable evidence.