On 01/02/2016 05:42 PM, Tim Wilson-Brown - teor wrote: > And if we can't use the reference implementation, we have some decent > programmers… > (On the other hand, if there's no reference implementation, then that > makes it hard to recommend that particular crypto scheme.) That sounds pretty close to a "roll your own crypto" idea, which as I'm sure you know is almost always a poor idea. Classical algorithms like RSA and Diffie-Hellman are ~40 years old but they have many side-channels and are still hard to implement correctly. There are so many subtleties with ECDHE and ECDSA, with the notable exception of the safer *25519 cryptosystems from djb. Post-quantum cryptography is over my head, but considering the pattern and the newness of the field I wouldn't trust any implementation unless it was written or at least vetted by the authors of the respective post-quantum cryptosystem. That being said, I'd like to thank Schanck, Whyte, and Zhang for their work, their paper, and their reference implementation. -- Jesse V
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev