| 1 |
On Mon, Jan 12, 2015 at 1:48 PM, Ciaran McCreesh |
| 2 |
<ciaran.mccreesh@××××××××××.com> wrote: |
| 3 |
> On Mon, 12 Jan 2015 19:44:46 +0100 |
| 4 |
> Kristian Fiskerstrand <k_f@g.o> wrote: |
| 5 |
>> Shor's would be effective against discrete logs (including ECC) as |
| 6 |
>> well, so wouldn't be applicable to this selection. For post-quantum |
| 7 |
>> asymmetric crypto we'd likely need e.g a lattice based primitive. |
| 8 |
> |
| 9 |
> We're not post-quantum, and if we were no-one knows how anything would |
| 10 |
> do anyway... Why not stick to threats that actually exist? |
| 11 |
|
| 12 |
For the same reason that we don't deploy 1024-bit RSA keys? Also, you |
| 13 |
wouldn't necessarily know if we were post-quantum or not. |
| 14 |
|
| 15 |
Nobody made the claim that nobody should ever use RSA, just that this |
| 16 |
is an area of concern. |
| 17 |
|
| 18 |
-- |
| 19 |
Rich |
Archives