this post was submitted on 10 Apr 2026
32 points (97.1% liked)

Privacy

5497 readers
164 users here now

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

  1. Be civil and no prejudice
  2. Don't promote big-tech software
  3. No apathy and defeatism for privacy (i.e. "They already have my data, why bother?")
  4. No reposting of news that was already posted
  5. No crypto, blockchain, NFTs
  6. No Xitter links (if absolutely necessary, use xcancel)

Related communities:

Some of these are only vaguely related, but great communities.

founded 1 year ago
MODERATORS
otter@lemmy.ca
shaytan@lemmy.dbzer0.com
32
Yikes, Encryption’s Y2K Moment is Coming Years Early (www.eff.org)
submitted 4 hours ago by schnurrito@discuss.tchncs.de to c/privacy@lemmy.dbzer0.com
15 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] bearboiblake@pawb.social 9 points 3 hours ago* (last edited 3 hours ago) (3 children)

There are theories that NSA has long since broken RSA and intentionally put vulnerabilities into Ec25519. I don't know how much credence to give those rumors, but I avoid both algorithms to be safe.

They probably have backdoors at the bare metal level anyways. There is no real chance of us defending ourselves against determined attackers from such agencies. Palantir probably doesn't come close.

[–] GreenCrunch@piefed.blahaj.zone 3 points 2 hours ago (1 children)

What are these theories based on? Is there a link to anything about this, or some evidence?

[–] bearboiblake@pawb.social 3 points 2 hours ago (1 children)

There's a pretty good blog post about potential backdoors in RSA on the Cloudflare blog but honestly I remember reading rumors about it on obscure internet forums and mailing lists going back a long time.

For Ec25519, there's some stuff about it in the History section of the wikipedia article.

[–] CorrectAlias@piefed.blahaj.zone 2 points 1 hour ago (1 children)

Isn't the NSA portion in that Wikipedia article just explaining why people moved to using ec25519? It says:

In 2013, interest began to increase considerably when it was discovered that the NSA had potentially implemented a backdoor into the P-256 curve based Dual_EC_DRBG algorithm.[12] While not directly related,[13] suspicious aspects of the NIST's P curve constants[14] led to concerns[15] that the NSA had chosen values that gave them an advantage in breaking the encryption.[16][17]

"I no longer trust the constants. I believe the NSA has manipulated them through their relationships with industry."

— Bruce Schneier, The NSA Is Breaking Most Encryption on the Internet (2013)

Since 2013, Curve25519 has become the de facto alternative to P-256, being used in a wide variety of applications.[18] Starting in 2014, OpenSSH[19] defaults to Curve25519-based ECDH and GnuPG adds support for Ed25519 keys for signing and encryption.[20] The use of the curve was eventually standardized for both key exchange and signature in 2020.[21][22]

That seems to say that people left P-256 for Curve25519.

[–] bearboiblake@pawb.social 2 points 1 hour ago

Oh, sorry, you're right. I can't remember where I read about Ec25519 vulnerabilities now, but I do remember that I switched to using Ed25519 instead which was not vulnerable. I think it was something to do with random number generation, you might be able to turn something up on your preferred search engine - sorry for not being more helpful, I'm replying from my phone away from my computer.

[–] wrinkle2409@lemmy.cafe 4 points 3 hours ago

Not with that attitude

[–] dansemacabreingalone@lemmy.dbzer0.com 2 points 3 hours ago (2 children)

Does the world lose anything for this little extra margin of safety?

[–] bearboiblake@pawb.social 2 points 3 hours ago* (last edited 2 hours ago)

Never mind, sorry, I figured out what you meant lmao, sorry for being dense, I am autistic. I already upvoted your comment, I don't like killing people because it's generally unproductive but I am totally with you in spirit, the NSA and Palantir should be abolished and those who worked with it should be put on trial for crimes against humanity... and then maybe executed. Or just forbidden from ever being in a position of authority or power. I'm open to discuss!