Thread 106233241

Why doesn't /g/ trust elliptic curves?

>>106233241 (OP)
>4096-but

>>106233241 (OP)
I like them curves.
Sharp elliptic curves ones are undeniably a banger.
Its the only thing I trust.

>>106233241 (OP)
ecc is vulnerable to quantum

>>106233443
Yes they both are but for some reason many on /g/ don't trust elliptic curves.

Because the NSA/CIA were shilling it hard to replace RSA for some reason.

>>106235126
It seems it's because RSA is very prone to implementation flaws.

>>106235189
Either that or they have a very convenient backdoor in ECC that they would love to use.

>>106233241 (OP)
There's some pretty good reasons when you look into it.
Sure (((RSA))) has issues too, but it's had the best, Whitest minds picking through it for 50 years, with no issues found - something (((((((((ECC))))))))) hasn't.

>>106233241 (OP)
Its strange they kinda force everyone to use their constants

>>106235313
ECC is used to secure billions and billions of dollars in Bitcoin. Either the ones with the backdoor don't care to compromise Bitcoin, or it's simply unbroken.

>>106235522
Probably the former. I don't see the point of cracking bitcoin for an intelligence agency. They don't care about money. They care about reading your private messages.

>>106235564
I'm not sure the extent it'd break Monero's anonymity but depending on how much, it would would be very relevant to intelligence agencies in tracking down criminals.

>>106235522
If they used their backdoors to steal buttcoin everyone would know about the backdoors. They're obviously not gonna blow it on stupid shit like that.

>>106235522
Sure anon, the glowies of the world would blow their cover to get your internet magic beans.

>>106235772
What about Monero then >>106235628

>>106233241 (OP)
I do. I only use it. the problem is a lot of the NIST and G*rm curves are retarded.

>>106233241 (OP)
Because they don't understand it.

>>106235804
Goalpost shuffles from
>m-my internet magic beans are just so i-important!!!
to
>i-im just so i-important!!!
You wouldn't believe it if you didn't just witness it - but rest assured, professional paranoid-delusional victims like this exist (but are usually female).

>>106235313
>no issues
you can't have perfect forward secrecy with RSA Key Exchange for instance...

>>106235884
What? My point is that criminals probably would've noticed by now if ECC was backdoored and their Monero transactions were getting them caught.

I'm a djb fanboy, so I blibdly trust ed25519.
No idea how trustworthy are the NSA curves, though they are widely adopted.
RSA4096 is so freaking huge and slow that it's almost not worth it.

>>106233443
Every classical cryptosystem is. ECC is just a lower barrier and it seems like quantum computers as theorized are a meme as well so it's not a real concern.

>>106236122
They are all fine, but not ideal, unlike Edward's.

>>106235891
I think you can it's just no one uses it that way in gpg. You need a sign only key that you use to verify temporary session keys which are discarded but most people use gpg with the same key to encrypt all their messages.

STOP USING AES

I feel like RSA is gonna fall to someone finding a way to quickly factorize numbers, or at least quickly factorize semiprimes.

>>106236296
No. Only 128-bit block ciphers operate in SIV mode which is the only IV-reuse resistant mode. And of 128-bit block ciphers, AES is the most battle tested.

>>106236334
>le block cipher
That is the problem, if you don't use "le hardware" extension it's really hard to implement it in a secure way and have a good performance.

>>106233241 (OP)
because I can't make the keys 4096-but

>>106233241 (OP)
Not supported on libmaid (yet)

>>106235189
Wrong. It's because ECC is backdoored. This was already proved with math in court.

>>106237464
Someone posted these in another thread
https://blog.trailofbits.com/2019/07/08/fuck-rsa/
https://crocs.fi.muni.cz/public/papers/rsa_ccs17

>RSA is an intrinsically fragile cryptosystem containing countless foot-guns which the average software engineer cannot be expected to avoid. Weak parameters can be difficult, if not impossible, to check, and its poor performance compels developers to take risky shortcuts. Even worse, padding oracle attacks remain rampant 20 years after they were discovered. While it may be theoretically possible to implement RSA correctly, decades of devastating attacks have proven that such a feat may be unachievable in practice.

>This was already proved with math in court.
Source?

>>106237464
The proven backdoored ECC was DUAL_EC_DRBG, and the certainly backdoored but not proven ones are the NIST curves
Curve25519 and others are made with nothing-up-my-sleeve numbers

>>106237505
>containing countless foot-guns which the average software engineer cannot be expected to avoid
NTA but skill issue by the way

test

>>106237505
>Someone posted these in another thread
Yeah, the NSA did. They think they're pretty clever with all their interactive Internet activities lol.

bump

Wtf mod banned me for spamming/flooding. If you look at the thread "bump" and "test" got deleted. Probably thought they were both me when I just bumped the thread.

>>106233443
just like RSA

>>106235639
> used their backdoors to steal buttcoin
75% of bitcoin has already been stolen, although not through attacks on cryptosystems.
People have shirt memories on Mt. Gox. Must be the thin air.

>>106233241 (OP)

jpeg at FAT16
jpeg at FAT32
jpeg at aes

>>106235628
>>106235804
it would be a complete anonymity break for Monero: two discrete logs and you can link key image to the true spend.

Use both. Run RSA certificates with an ECDH cipher suite. 25519 is fine. Run crystals Kyber for PQC.