Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

To which "constants" is he referrin? Is he suggesting not using the NIST curves, which were themselves selected to avoid a different class of curve attack? Ok, then don't use those curves.


For end users, this is rather difficult. I maintain a Jetty web server, which is based on Java. The SSL/TLS implementation relies on the cipher suites provided by the JVM. I can restrict Jetty to using ECC as preferred cipher suites but not choose the curves. I assume this is also the case for many other web servers out there.

On the other hand it is easy to avoid ECC altogether in this scenario.

EDIT: Grammar




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: