[breakwaterlabs]

It seems wildly shortsighted as well.

I think everyone here is pretty clear how they would ethically view such a thing, but view it from NIST's (/ NSA's) perspective for the sake of argument. Maybe there's a specific threat where NIST (or presumably the NSA) believes it has a mandate to insert a backdoor.

In order to successfully do this, NIST needs to maintain a very large bank of social capital and industry trust that it can spend on very narrow issues.

But over the years there have been enough strange things (Dual EC DRBG being the most notorious) that that trust, at least when it comes to crypto design, simply isn't there. My perception is that newer ECC standards promoted by NIST have been trusted substantially less than AES was when it was released, and I can think of a number of major issues over the years that would lead to this distrust.

The inevitable outcome is that NIST loses much of its influence on the industry, which certainly is not in its own interest.

[ethbr1]

Everyone also discounts the other reason NIST (with NSA behind the scenes) might be shifty -- they know of a mathematical or computational exploit class that no one else does.

And therefore want to do things-which-seem-pointless-to-everyone-else to an algorithm to guard against it.

Without disclosing what "it" is.

Everyone's quick to jump to the "NSA is weakening algorithms" explanation, but there's both historical and practical precedent for the strengthening alternative.

After all, if the US government and military use a NIST-standardized algorithm too... how is using one with known flaws good for the NSA? They have a dual mission.

[floxy]

>there's both historical and practical precedent for the strengthening alternative.

I'm aware of the DES S-boxes, are there other examples of this?

[tjalfi]

SHA was withdrawn after publication and replaced with a stronger version[0].

[0] https://en.wikipedia.org/wiki/SHA-1#Development

[nonrandomstring]

> They have a dual mission

Which is why I don't buy anything from the apologists for "manageable" backdoors.

> strengthen

This is a good theory and interesting take.

[oalae5niMiel7qu]

> And therefore want to do things-which-seem-pointless-to-everyone-else to an algorithm to guard against it.

Or, more likely, to exploit it.

[oalae5niMiel7qu]

>I think everyone here is pretty clear how they would ethically view such a thing, but view it from NIST's (/ NSA's) perspective for the sake of argument. Maybe there's a specific threat where NIST (or presumably the NSA) believes it has a mandate to insert a backdoor.

That's an incredibly charitable version of their point of view. How's this for their POV: They're angry that they can't see every single piece of communications, and they think they can get away with weakening encryption because nobody can stop them legally (because the proof is classified), and nobody's going to stop them by any other avenue either.

[nonrandomstring]

> view it from NIST's (/ NSA's) perspective for the sake of argument. Maybe there's a specific threat where NIST (or presumably the NSA) believes it has a mandate to insert a backdoor.

Without any /sarcasm tags I have to take that on face value, and frankly there are few words to fully describe what a colossally stupid idea (not your idea, I am sure) that is. Belief in containable backdoors is the height of naivety and recklessly playing fast and loose with everyone's personal security, our entire economy and national security.

That is to say, even taking Hollywood Terror Plots into consideration [0], I don't believe there is ever a "mandate to insert a backdoor".

> In order to successfully do this, NIST needs to maintain a very large bank of social capital and industry trust that it can spend on very narrow issues.

Having some "trust to burn" is great for lone operatives, undercover mercs, double agents and crooks that John le Carre described as fugitives living by the seat of expedient alliances and fast goodbyes. Fine if you can disappear tomorrow, reinvent yourself and pop up somewhere else anew.

But absolutely no use for institutions holding on to any hope for permanence and the power that brings.

> The inevitable outcome is that NIST loses much of its influence on the industry, which certainly is not in its own interest.

Exactly this. And corrosion of institutional trust is a massive loss. Not for NIST or a bunch of corrupt academics who'd stop getting brown envelopes to stuff their pockets, but for the entire world.

But since you obliquely raise an interesting question... what is NIST's "interest" here?

Surely we're not saying that by spending trust "on very narrow issues" it's ultimate ploy is to deceive, defect and double-cross everything the public believe it was created to protect? [1]

I'm all for the game, subterfuge and craft, but sometimes you just bump up against the brute reality of principles and this is one of those cases. Backdoors always cost you more than you ever thought you'd save, and I've always assumed the people at a place like NIST are smart enough to know that.

[0] https://www.schneier.com/essays/archives/2005/09/terrorists_...

[1] https://cybershow.uk/episodes.php?id=16

[michaelteter]

> Belief in containable backdoors is the height of naivety

What if it is acceptable for potential enemies to (eventually) also have access to that backdoor, and your goal in providing the backdoor is just to give the masses a false belief that they can communicate secretly?

Obviously those in the know would not use the flawed system, but instead would have a similar/better one without the intentional flaws.

[nonrandomstring]

> Obviously those in the know would not use the flawed system

Perhaps the clearest argument against such a ploy is the TETRA radio system. Turns out in this case that "the masses" are our:

- police and emergency services

- military and civil defence forces

- diplomatic and political security, escorts, attaches and close security

You see the problem is this concept of "in the know". It's an insoluble information-hazard and boundary problem;

Two people can keep a secret, if one of them is dead.