What is Digg?23 Comments
- dwemer, on 10/12/2007, -1/+15The fact that the NSA is telling me to use ECC over RSA makes me more inclined to use RSA.
- breckinloggins, on 10/12/2007, -1/+7Great, now I can encrypt my email and prove Fermat's Last Theorem at the same time!!
/obscure? - swax, on 10/12/2007, -0/+6ECC is great for when you have a large network with lots of nodes and lots of signatures are needed. The sace savings are huge, 1024 bit RSA is comparable in strength to 160 bit ECC. Thats 108 bytes of savings, which is very useful especially in UDP packets which have a max around 1500 bytes. I can store 75 ECC keys in one packet as opposed to only 11 RSA keys. Given the right application, where bandwidth is limited or you just have a massive amount of keys to store, the space savings are great. Unfortunately for C# at least there aren't any open libraries I know of and Certicom holds a crap load of patents for ECC so if you try rolling and selling your own you're probably going to get sued. I know Crypto++ has an implementation though, maybe it can be ported..
- eklitzke, on 10/12/2007, -0/+5I'm not sure how this is an advantage. RSA is certainly simpler than ECC (although I would argue that ECC is still fairly simple), and this does give it some mathematical elegance, but from a technical perspective this isn't an issue. I'd rather have a system that scales better (i.e. adds more security for each extra bit added to the key) and taxes my computer less than a system that is "simpler" any day of the week.
- pennello, on 10/12/2007, -0/+4Isn't it also the case that ECC is less studied, compared to RSA? RSA's simplicity enables it to be taught in any undergraduate CS theory course, but ECC is more complex, and therefore, not as many have looked at it and tried to break it. So it might be weaker than RSA, but nobody knows about it yet.
- TedTschopp, on 10/12/2007, -0/+4Many times the NSA is making recommendations regarding usage by the general public, I think in this case they are talking about how the NSA wants the US government to start provisioning their own servers.
Also, on a separate note, the NSA recommendation makes sense from a Mathematical perspective. Prime Factoring is not exponential, and there are shortcuts in it. - eylander, on 10/12/2007, -0/+3The reason ECC has had delayed adoption is that ECC and RSA boil down to the same problem: factoring products of large prime numbers. ECC has real gains when used in discrete logarithm crypto. The engineering solution is thus to stick with that which has proven to work and already has fast implementations: RSA. While and NSA endorsement of ECC for key exchange is nice, it begs the question as to what cryptanalysis edge it gives them.
- solargroovy, on 10/12/2007, -0/+2Suite B actually only recommends EC for key exchange and digital signatures. For rapid identification of field units, a smaller, quicker method is needed for friend or foe applications.
http://www.nsa.gov/ia/industry/crypto_suite_b.cfm?MenuID=10.2.7
For actual encryption they recommend their Advanced Encryption Standard
http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf - solargroovy, on 10/12/2007, -1/+3Amen. The NSA has demonstrated a pathological fear of commercial encryption schemes that they can't break or engineer a backdoor
- snoble, on 10/12/2007, -1/+2That's kind of a cool little connection. How the two most famous math problems are related to the two famous forms of modern cryptography. (Famous in regular society... although I'm sure the same is true in mathematics as well, though some pedant may argue. I know in my old department, I could be pretty certain that every has heard of those two problems but I don't know if I can say the same for any other two problems.) I'm referring to the Riemman hypothesis and how it relates to certain prime factorizing methods, and how elliptical curves were used to prove Fermat's last theorem. (or at least so I've read for the 2nd. I've never really looked at elliptical curves much.) I wonder if you can encrypt with colourings and Hadwiger's conjecture somehow.
- craigtheguru, on 10/12/2007, -1/+2ECC was used in Mac OS 9's encryption feature. However it didn't make it to Mac OS X and I never learned why. Hopefully it will make it Leopard as, according to this article, it sounds good.
- Fedge, on 10/12/2007, -0/+1While it seems like ECC is very efficient, one large advantage of RSA is its pure simplicity.
- vvvv, on 10/12/2007, -0/+1The "NSA Recommendation" mentioned in the article refers to US Government information and that of companies doing business with the US Government. As the NSA website states:
"NSA's goal in presenting Suite B is to provide industry with a common set of cryptographic algorithms that they can use to create products that meet the needs of the widest range of US Government (USG) needs."
It is not very likely that anyone at the NSA cares what type of encryption private individuals happen to use to keep their moms from finding their porn. - tzahi, on 10/12/2007, -0/+1Yes, i also question their motives. Maybe they found it easier to break than RSA or found holes in it.
Till the last year or 2 i thought MD5 and SHA1 are pretty much secure, and of course they are not very.
I personally don't care if it would take another 60 millisecond to transfer an 1024 bit sig to make me feel more secure. - eylander, on 10/12/2007, -0/+1in the case of the RSA analog of ECC, it is just as vulnerable because it still depends upon the hardness of factoring products of huge prime numbers. The method that this form of cryptanalysis uses is called shor's factoring algorithm, but it requires a quantum computer. Quantum computers large enough for running shor's algorithm have yet to be publically invented.
- Nelson69, on 10/12/2007, -0/+1Yes and no. RSA is a very well studied cryptographic algorithm, but we know way more about elliptical curves mahematically than we do about factoring primes. Assuming that factoring primes is the only way to break RSA (I don't believe that this has been established) then you could make a case that we know much more about ECC.
All things being equal, I expect ECC to be pretty secure. There is no example of the NSA intentionally weakening anything, in fact there are well published and understood examples of them actually helping to make chipers more secure (like with DES) Plus ECC is radically faster than RSA and El Gamal. - natorator, on 10/12/2007, -0/+0Has anyone any insight as to whether ECC is more or less vulnerable than RSA to quantum cryptanalysis[1]?
1 http://n8o.r30.net/a2z/drupal/node/30 - sharph, on 10/12/2007, -1/+1yes...let us all trust the nsa....
- Fedge, on 10/12/2007, -0/+0I agree with you, I'd certainly prefer security to simplicity, I was just commenting that RSA can be implemented so quickly and so easily. I'm sure this has contributed to RSA being used for so long in the technical world.
- thunderbug, on 10/12/2007, -0/+0Please don't make the assumption ECC and ECDSA are based on integer factorization. They're not.
- simao, on 10/12/2007, -4/+1I definitely agree with this
- thejakester, on 10/12/2007, -5/+0aaa
- craigosbourne, on 10/12/2007, -10/+1RSA is more commonly used, thats what i use
Browsing Digg on your phone just got easier with our enhancements to the 
© Digg Inc. 2009
— Content created and posted by Digg users is