Certicom? [...] [Fwd: NSA Turns To Commercial Software For
Adam L Beberg
beberg at mithral.com
Sun Oct 26 13:04:59 PST 2003
On Sunday, October 26, 2003, at 01:09 PM, Dr. Robert J. Harley wrote:
> This has been coming for a while. IMO, the NSA doesn't trust RSA for
> high-grade/long-term security. I don't either. At the ECC 2001
> conference, we heard an NSA guy saying that they had decided to
> transition sensitive information to ECC.
It doesn't really matter what the NSA does, for the rest of us in the
real world ECC is far too patent encumbered and thus dangerous to use.
I don't have the data handy but it will be another 15-ish years before
anyone else uses ECC. Too bad for Robert really, but the open source
movement made paying for software so uncool.
Besides 4K-RSA + AES-256 + SHA-256 are all way way way stronger then my
knuckles, which is of course the only brute force method the NSA uses.
Ask once shoot twice.
- Adam L. Beberg - beberg at mithral.com
More information about the FoRK