[simcop2387]

> NSA interventions in cryptographic design have historically gone in the opposite direction[1].

I'm not sure I'd say that given that there are some other designs and things that have gone on[1][2]. Particularly the Dual EC debacle. They have a history of helping make suspect or down right compromised crypto if they think they can get away with it. That said it does look like they avoid doing it to anything that gets USA GOV approval for use internally but it's difficult to say to what level they would actually go to for getting a backdoor out into the world that would let them look at other secrets.

[1] https://en.wikipedia.org/wiki/Export_of_cryptography_from_th... [2] https://en.wikipedia.org/wiki/Dual_EC_DRBG

[woodruffw]

That’s fair. Maybe this is too fine of a hair to split, but I would categorize the Dual_EC fracas as less an intervention and more of a ham-fisted attempt to standardize something that mainstream cryptography was immediately suspicious of. But I suppose you could argue that there was similar suspicion around DES from the very beginning.