[throwaway654329]

You’re making a lot of assumptions and guesses to imply they helped overall when we know they weakened DES by reducing the key size such that it was practically breakable as a hobby project. At the time of DES creation, Hellman remarked that this was a bad enough problem to fix it by raising the key size. NSA and IBM and others ignored the cryptographers who were not compromised. Any benefit against DC attacks seems clearly like a hedge against DES being replaced sooner and against known adversary capabilities. When did the Russians learn that technique? Probably before the public did, I would wager.

The longer DES stays, the longer NSA retain their capabilities. Any design changes made by NSA are for their benefit first. That’s the primary lesson from my perspective.

[gonehome]

I don’t think they helped overall, I’d agree on net they acted to make things less secure by arguing for the small key sizes. We mostly agree. I just think strengthening public DES based on a security issue that was not public at the time is an interesting example of a time they did the opposite of inserting a backdoor, people were afraid their suggestions were weakening DES, but they were strengthening it. That paired with the history suggested some internal arguing about priorities.