Hacker News new | ask | show | jobs
by beermonster 1722 days ago
Would you trust the NSA’s thoughts on recommended algs given their chequered history?
2 comments
er4hn 1722 days ago
I don't necessarily trust the NSA, things like DUAL EC DRBG are an excellent reason why.

However the govt standards for cryptography to use are known as FIPS 140. These standards are made by NIST, which has the NSA either heavily own or directly write the documents. This means that the NSA is defining the crypto standards for the rest of US Gov.

The conclusion is that if you want wireguard in govt networks, the NSA must bless their crypto primitives and algorithms. That's why I want to know their thoughts on it.

link
Spooky23 1722 days ago
You need read between the lines and look at the full context of what they recommend.

Just saying “NSA bad” is a lazy argument.

link
z3ncyberpunk 1722 days ago
> Just saying “NSA bad” is a lazy argument.

Yeah, so is that, and a stupid one given how much they, NIST, and the CIA rig things like elliptical curve standards

link