[ethbr1]

Everyone also discounts the other reason NIST (with NSA behind the scenes) might be shifty -- they know of a mathematical or computational exploit class that no one else does.

And therefore want to do things-which-seem-pointless-to-everyone-else to an algorithm to guard against it.

Without disclosing what "it" is.

Everyone's quick to jump to the "NSA is weakening algorithms" explanation, but there's both historical and practical precedent for the strengthening alternative.

After all, if the US government and military use a NIST-standardized algorithm too... how is using one with known flaws good for the NSA? They have a dual mission.

[floxy]

>there's both historical and practical precedent for the strengthening alternative.

I'm aware of the DES S-boxes, are there other examples of this?

[tjalfi]

SHA was withdrawn after publication and replaced with a stronger version[0].

[0] https://en.wikipedia.org/wiki/SHA-1#Development

[nonrandomstring]

> They have a dual mission

Which is why I don't buy anything from the apologists for "manageable" backdoors.

> strengthen

This is a good theory and interesting take.

[oalae5niMiel7qu]

> And therefore want to do things-which-seem-pointless-to-everyone-else to an algorithm to guard against it.

Or, more likely, to exploit it.