Migrate from RSA to ECC
Elliptic curve cryptography would show performance increases and keysize decreases over RSA.
8 comments

james commented
Nope,a post quantum algorithm is better!!!!!!!
For example NTRU 
Colin Arnott commented
You are aware that this article is discussing the use of quantum computers. Since these do not exist this, for the time, is a moot point. It is also known that most modern crypto is broken with quantum computing.

anonymous commented
Ecc is easier to break then rsa,

Colin Arnott commented
While your article is informative, I think you have the wrong take away message and it seems like you did not read many parts:
0) the only NIST standard that is known to be compromised is the Dual Elliptic Curve Deterministic Random Bit Generator; and "Researchers have warned since 2007 that Dual_EC_DRBG has a serious weakness".
1) "Silent Circle's new decision ... doesn't mean that these standards are insecure"
2) even Silent Circle is not moving away from ECC: "Silent Circle plans to replace the P384 elliptic curve with one or more curves that are being designed by cryptographers Daniel Bernstein and Tanja Lange"
Now, if you read through all the comments to this request, you will notice that I never suggested any NIST curves be used. This is because for me too, "the spell is broken". Of curves that I proposed [Curve1174, Curve25519, Curve383187, Curve41417], Curve1174, Curve25519, and Curve41417] were designed by the same "Daniel Bernstein and Tanja Lange" that Silent Circle is using. So correct me if I am wrong, but I believe I am suggesting curves from the same subset that Silent Circle is using.
There are several other considerations that you can use when selecting a good curve and there are such things as secure or safe elliptic curves. For this, I once again direct anyone to [ http://safecurves.cr.yp.to/ ] for a more in depth analysis by PhDs.Furthermore, ECC is based on a difficult maths problem [discrete logarithm] in the same way that RSA is based on a difficult maths problem [prime number factoring]. While the two problems are likely not of the same difficulty, they are both hard enough that current computational methods cannot solve current implementations. So, it is not as though one was weakened by the NSA. As well the discrete logarithm problem is used elsewhere in crypto [diffiehelman key exchanges], so there is twice the implementation to find possible flaws.

anonymous commented
No, just upgrade to 4096 bit RSA. It is safer since the NSA has tried to weaken ECC. We are only sending emails, not large amounts of data like with VPN. We are not sure yet what ECC's are secure (if any).

Anonymous commented
I agree with Colin Arnott

Winston commented
If not a complete migration, I would at least like the option to use ECC over RSA

Colin Arnott commented
While any ecc curve can be used, you should really look into cryptographically secure curves. I would advise the following curves based on your keysize preference: [Curve1174, Curve25519, Curve383187, Curve41417] See the following for more information about why to NOT use NIST and some other curves: <http://safecurves.cr.yp.to/>.