Isn't the NSA portion in that Wikipedia article just explaining why people moved to using ec25519? It says:
> In 2013, interest began to increase considerably when it was discovered that the NSA had potentially implemented a backdoor into the P-256 curve based Dual_EC_DRBG algorithm.[12] While not directly related,[13] suspicious aspects of the NIST's P curve constants[14] led to concerns[15] that the NSA had chosen values that gave them an advantage in breaking the encryption.[16][17]
>
>>"I no longer trust the constants. I believe the NSA has manipulated them through their relationships with industry."
>
>— Bruce Schneier, The NSA Is Breaking Most Encryption on the Internet (2013)
>
>Since 2013, Curve25519 has become the de facto alternative to P-256, being used in a wide variety of applications.[18] Starting in 2014, OpenSSH[19] defaults to Curve25519-based ECDH and GnuPG adds support for Ed25519 keys for signing and encryption.[20] The use of the curve was eventually standardized for both key exchange and signature in 2020.[21][22]
That seems to say that people left P-256 for Curve25519.
CorrectAlias
@CorrectAlias@piefed.blahaj.zone
piefed.blahaj.zone
CorrectAlias
@CorrectAlias@piefed.blahaj.zone
piefed.blahaj.zone
@CorrectAlias@piefed.blahaj.zone
·
Apr 10, 2026
10
3
0
Conversation (3)
Showing 0 of 3 cached locally.
Syncing comments from the remote thread. 3 more replies are still loading.
Loading comments...