[chatmasta]

But "don't roll your own crypto..."

If your attacker is breaking your TLS implementation, surely the next step is to break your shitty custom crypto protocol wrapped inside of it.

[jedberg]

See the bottom of the page where he talks about the link to their internal (previously top secret) CIA crypto standards, which is probably one of the few cryptos that is actually any good (most of it was done with the NSA and just talks about which protocols are secure).

[bryanrasmussen]

so probably the only ones who can break the CIAs crypto are the NSA.

[jedberg]

Pretty sure that's the plot of Sneakers.

[bryanrasmussen]

No, the plot of Sneakers is at the end the NSA thinks they're the only ones who can break the CIA's encryption but really the only one who can do it is Robert Redford!

Postscript: Redford of course then goes ahead and basically announces it to the NSA by stealing all the Republican party's money (and someone else - can't remember) and donating it to causes like Greenpeace and Amnesty International.

[milcron]

You can supplement TLS without rolling your own crypto. Sending a GPG message, for example.

[jessaustin]

Haha it's like CIA knew this would get leaked, and wrote this to troll HN in advance...

[divbit]

probably true