Hacker News new | past | comments | ask | show | jobs | submit login

Would be interested to know if anyone here has had customers push back about the use of ECDSA, especially those in the defence sector?



I haven't, though RSA is much more common

EcDSA is included in NIST SP 800-73 (PIV) but I've never seen cards with it


Working in the finance sector, I haven't seen push back because I haven't seen anybody or anything use ECDSA. ^^

Usage and support is relatively low. Most people have no idea what ECDSA is or how to use it. There are some issues in java versions (7 or 8) if you try to use ECDSA. I personally don't find the elliptic curves and parameters easy to grasp and I have a math background (multiplying large numbers was much more palatable), I think a developer would quickly hit a roadblock if they tried to work with it.

Long story short. There is no benefits to ECDSA (over RSA) so there is really no reason to push for it.

The only place where DSA is somewhat used is SSH keys. SSH has its own crypto routines, they've added support and pushed DSA for some time. Keys are a bit shorter so it's nicer to copy paste to github or digital ocean.


ECDSA is the standard format used for WebAuthn registration/auth. It's going to become more commonplace.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: