“It's not that I have any reason to fear that RSA or DSA might be weak, but that I have no reason to believe that either is too weak, so running both in parallel does not hurt security and does improve my ability to respond to a changing environment, which at some point in time will critically improve my security.
Likewise, ECC and the ECDSA support: [...]”
I also noted:
“that when the NSA tinkered with DES there was a lot of paranoia, but when public cryptography finally caught up it turned out that the NSA had made DES stronger. The evidence, rather than loud-mouthing, to date suggests that the NSA does its job honestly, making real crypto stronger and protecting the US government and public in this manner.”
The context here is that NIST has been pushing US federal agencies towards use of ECC cryptography for the past few years. My understanding is that NIST's advice here comes from the NSA.
I am not a nice troll; I am given to erring on the paranoid side and distrustful of those who set themselves up as authority figures. There is a reason for being a grumpy troll: I'm proven correct too often. So choosing to trust the NSA … does not come easily.
But now we have a new report in Wired from James Bamford, author of “The Puzzle Palace” and related books, on the NSA's new datacenter in Utah [article in one page]. The money quote:
“According to another top official also involved with the program, the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US. The upshot, according to this official: “Everybody’s a target; everybody with communication is a target.””
Later in the article, Bamford focuses on AES as the attack surface. And yet, “They were thinking that this computing breakthrough was going to give them the ability to crack current public encryption.” (an unnamed former senior intelligence official; emphasis mine).
The implication is that by "public", they mean "systems publicly used", rather than "public-key", and since they're targetting older communications, then something like 3DES. But that's not what's said.
There are no certainties here.
At this point, I am becoming increasingly apprehensive about the continued use of RSA and am inclined to push harder for deployment of ECC.