13 Aug
2013
13 Aug
'13
8:25 p.m.
On Tue, Aug 13, 2013 at 4:13 AM, Nick Mathewson nickm@torproject.orgwrote:
Ed25519 (specifically, Ed25519-SHA-512 as described and specified at http://ed25519.cr.yp.to/) is a desirable choice here: it's secure, fast, has small keys and small signatures, is bulletproof in several important ways, and supports fast batch verification. (It isn't quite as fast as RSA1024 when it comes to public key operations, since RSA gets to take advantage of small exponents when generating public keys.)
At the risk of invoking something that was already discussed to death (and I was not aware): why not go with something established like P-521 that would apparently be a drop-in replacement with OpenSSL? Are the benefits really worth it?
--
Maxim Kammerer
Liberté Linux: http://dee.su/liberte