[erlang-questions] How safe is it to leave an open SSL port on the public internet?

Loïc Hoguin <>
Fri Sep 1 15:13:18 CEST 2017


On 09/01/2017 03:03 PM, zxq9 wrote:
> On 2017年09月01日 金曜日 14:57:04 Loïc Hoguin wrote:
>> On 08/30/2017 08:03 PM, code wiget wrote:
>>> Also, Fred, I re-read your post and wanted to either start a quick
>>> discussion/warn you about elliptic curves. According to the NSA: "the
>>> growth of elliptic curve use has bumped up against the fact of continued
>>> progress in the research on quantum computing, which has made it clear
>>> that *elliptic curve cryptography is not the long term solution many
>>> once hoped it would be.**”*
>>> *
>>> *
>>> The NSA has deprecated ECC, whether or not that means that some foreign
>>> actor has a crack or if they are that worried about quantum computing is
>>> to be seen, but for now it seems like we should be moving away from ECC.
>>
>> Surely the NSA's bigger concern is that they can't crack it today,
>> rather than it being too weak in the future.
> 
> The NSA's biggest concern is that once they realize they have a lead on cracking something there is an instant (and very well founded) fear reaction that someone else must have already achieved this, but never announced it. That is the #1 priority of the NSA in every fiber of its being.

In a post-Snowden world it should be obvious that this is not always the 
case. Anyway I just wanted to provide some healthy skepticism.

-- 
Loïc Hoguin
https://ninenines.eu


More information about the erlang-questions mailing list