I program every single day of my life.
I understand what curves are, and why and how they get used in encryption. but it is a rudimentary understanding.
I cannot understand why there needs to be a standard curve that gets used. I get that there are programming standards.
I get that using curves is important. but I do not see the use in getting a standard curve, all that can lead to is a possible breach in encryption.
rather than having a standard for the curve you use there should be a machine with insane amounts of processing power, and the ability to attempt a force break of encryption.
so to have your encryption passed by the regulator, the encrypted file should be put under the crucible of a force break by one of the most powerful computers ever made. your certificate level is then awarded on amount of time it took the computer to force its way through.
Imagine google coming in and saying we have increased our encryption procedure from a 14 hour to a 16 hour encryption.
is it just me or does that actually seem like a solid idea? maybe I just misunderstood the entire thing.
As I remember it, NIST asked the NSA for assistance when deciding on which algorithms to use, then followed the NSA's recommendations without making this knowledge public.
Once this became known researchers started asking NIST if they could confirm that the NSA's recommendations were in fact for the strongest alternative; or were they for the weakest alternative, thus making it easier for the NSA to crack.
BTW certification is a two-step testing process: first at a certified laboratory and then (if you pass) at NIST. The testing involves compliance with the algorithms rather than test-to-destruction.
That's why the Germans, Chinese, French, Russians and others are starting to drop US IT companies from government contracts and also recommending their private sector not deal with such. This is going to cost the US companies a lot of lost revenue. There are downsides to this. In a way the NSA is killing the goose which lays the golden eggs. Instead of very rarely using US companies to take really valuable secrets they seem to have been using them a lot and with Snowden this has caused foreigners to want to protect themselves more at the expense of American intellectual property and technology all the while making spying more and more difficult.