[pavritch]

I'm the author of the article. All common ciphers are available as open source already. I just packaged it into a product. Encryption done right does not suddenly become vulnerable if published to an open forum. I gave up nothing. I did not put any customers at risk, nor did I put my product at risk. People who think otherwise do not really know how encryption works. It works because the ciphers are public and tested by time. And for the record -- I would do it again if asked.

[tgsovlerkhgsel]

What the NSA was looking for was a mistake in implementing the encryption, or rather, for a significantly faster/easier way to find and exploit such a mistake, if one exists.

They specifically asked for the code for this purpose. If you made no mistakes, your action did not help them nor hurt your customers. But if you have made a mistake that you're not yet aware, you took a conscious step to make it easier for the NSA to exploit that.

While the availability of source code does not make a difference in theory, this falls apart once you realize that even though the NSA has lots of resources, those resources aren't infinite.

[wltprgm]

Totally agree with you, especially if they think time is the limiting factor

[cmroanirgo]

Thanks for your honesty.

However, I would probably respond along the lines, "I'd be happy to supply this, right after you show me a court order". Otherwise, no matter what, I cannot see how it would not be used for anything other than a nefarious purpose.

[tarboreus]

If it doesn't help them get into files used to encrypt the software, then why did they need it?