I suppose you could argue that weaknesses in ECC just haven't been discovered yet.
Whereas RSA is more thoroughly researched and various weaknesses revealed.
I don't know if that's true, I wrote a toy ECDSA implementation years ago (during highschool), and compared to RSA, ECC is certainly more complicated. Sure there are fewer parameters, and we currently know of fewer requirements for these parameters. But who is to say a weak class of ECC private keys won't be discovered in the future?
If you're paranoid about what weaknesses might be discovered, I suppose using RSA+ECC is a option :)
You're getting downvotes and not replies, so I'll bite. My guess is that it's because you're advancing a common crypto fallacy. Two weak cryptosystems do not combine into a strong cryptosystem. Do not wing it. Use vetted code; don't roll your own.
Whereas RSA is more thoroughly researched and various weaknesses revealed.
I don't know if that's true, I wrote a toy ECDSA implementation years ago (during highschool), and compared to RSA, ECC is certainly more complicated. Sure there are fewer parameters, and we currently know of fewer requirements for these parameters. But who is to say a weak class of ECC private keys won't be discovered in the future?
If you're paranoid about what weaknesses might be discovered, I suppose using RSA+ECC is a option :)