Really weird reading stuff written 5-7 years ago about curve25519 where everyone is pushing a narrative that the 'sales pitch' is that it's faster rather than that the NIST curves can't be trusted.
Conversation
Replying to
The most annoying thing about that sales pitch is that I've never found it to match reality in widely used cryptography / TLS libraries.
OpenSSL has slower ed25519 than P-256 on every x86_64 and arm64 CPU I've tested despite ed25519 being the default key exchange algorithm now.
From a (pre-Ed25519) perspective of "why would you want to use Curve25519 in ECDSA?! the only point is it's faster, but it's not faster in an ECDSA context!" 🤦🤦🤦
1
1
Show replies