Certicom? [...] [Fwd: NSA Turns To Commercial Software For Encryption]

Adam L Beberg beberg at mithral.com
Sun Oct 26 13:04:59 PST 2003


On Sunday, October 26, 2003, at 01:09  PM, Dr. Robert J. Harley wrote:

> This has been coming for a while.  IMO, the NSA doesn't trust RSA for
> high-grade/long-term security.  I don't either.  At the ECC 2001
> conference, we heard an NSA guy saying that they had decided to
> transition sensitive information to ECC.

It doesn't really matter what the NSA does, for the rest of us in the 
real world ECC is far too patent encumbered and thus dangerous to use. 
I don't have the data handy but it will be another 15-ish years before 
anyone else uses ECC. Too bad for Robert really, but the open source 
movement made paying for software so uncool.

Besides 4K-RSA + AES-256 + SHA-256 are all way way way stronger then my 
knuckles, which is of course the only brute force method the NSA uses.

Ask once shoot twice.

- Adam L. Beberg - beberg at mithral.com
   http://www.mithral.com/~beberg/



More information about the FoRK mailing list