Hello Alice, On Wed, 2016-10-19 at 14:22 -0700, Alice Wonder wrote: > I formerly used secp521r1 but suddenly Google with no warning stopped > supporting it in chrome. That company is too powerful. Actually this is something the NSA insists on: https://www.iad.gov/iad/customcf/openAttachment.cfm?FilePath=/iad/library/ia-guidance/ia-solutions-for-classified/algorithm-guidance/assets/public/upload/CNSA-Suite-and-Quantum-Computing-FAQ.pdf&WpKes=aF6woL7fQp3dJiC4qaMYyEVfFwN9wmQ9umeApa Q: To whom is the CNSS Advisory Memorandum 02-15 addressed? A: NSA's announcement of changes from Suite B cryptography to the Commercial National Security Algorithm Suite are for organizations that run classified or unclassified national security systems (NSS) and vendors that build products used in NSS. <snip> I suppose Google is such a vendor. Q: Can I use the NIST P-521 curve for ECDH or ECDSA on NSS? A: In order to enhance system interoperability NSA recommends the use of NIST P-384. CNSSP-15 does not permit use of NIST P-521. Use of NIST P-521 needs to be approved by NSA as an exception to policy. This continues under CNSS Advisory Memorandum 02-15. Because of "interoperability" the use of strong crypto is discouraged. Reminds me of the fact that not so long ago (and quite a while after the algorithm was considered broken) openwall (then org, now com) insisted on standardizing on MD5 for password hashes in phpass "because the algorithm is available on nearly every system." As if catering for the lowest common denominator is good practice when security is a concern. Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research