That used to be the norm! My personal favorite story along those lines was how they proposed changes to DES S-boxes without any detailed explanation. The open community was skeptical but it later turned out that the changes they proposed protected against differential cryptanalysis[1], which was at the time not known outside the intelligence community. That said, they did cut the key size dramatically which ended up weakening DES to the point that it could be trivially brute forced by the early 2000s, which led to 3DES and AES.
they did strengthen the s-boxes against differential cryptanalysis, yes, but since 02004 we have evidence that they also sabotaged it as part of a deliberate policy they'd put in place in 01968: https://blog.cr.yp.to/20220805-nsa.html
The sleight of hand here is to equate publicly reducing the key size, which was known (presumably at the time as well) to be a weakening of the system, with a supposed weakness injected cryptically into the S-boxes --- which we now know is the opposite of what happened.
Further, the truncated version of DES that got standardized far outlasted its expected lifetime --- the National Bureau of Standards expected DES to have a useful lifetime of about 5 years. And even at the time it was understood that you could expand the keysize by tripling up the DES core.
I think there's a really big difference between publicly weakening a standard, in effect telling the world "we want a standard that is adequate for commercial purposes but inadequate for military purposes, so as to retain our national edge", and doing what they did with Dual-EC, where it was impossible (apparently) for people to reason about what NSA was up to.
> and doing what they did with Dual-EC, where it was impossible (apparently) for people to reason about what NSA was up to.
Schneier was clearly able to reason about what NSA was up to, and told everyone in 2007 not to use Dual-EC, 6 years before the Snowden revelations.
I believe you have admitted that you thought that “Dual-EC has a backdoor” was a wild conspiracy theory until the Snowden revelations? Which makes the “impossible (apparently)” part a classic case of projection.
(I thought nobody should use Dual EC! But that was my reason for thinking it wasn't an NSA backdoor, because it was too dumb to be one. I underestimated the industry's capacity for "dumb". Also: I was dumb! I am dumb a lot.)
I never understood the Dual-EC backdoor. What was the point? Who would be dumb enough to use that as their CSPRNG when so many simpler, faster, and less sus options were available?
I supposed they did (allegedly) pay RSA Security to make this the default choice in BSAFE but that seems like an awful lot of work to hack one product.
That was my take too, but in fairness to everyone else who was right about this, once you stepped back and looked at the design for what it was, rather than as a weird concoction that happened to spit out random numbers, it was extremely obvious what the purpose of the design was. Another thing happening with me and Dual EC: I just know a lot more about cryptography today than I did 13 years ago. (I'm not a cryptographer; I'm a vulnerability person that happens to specialize a bit in cryptography vulnerabilities. It's a great rhetorical hedge.)
Another thing I was very certain (and certainly wrong) about was that no competent team was using BSAFE in 2010. The more I've learned about cryptography the less confidence I've held onto in industry cryptography practices outside of Google, Apple, and Microsoft. I would have assumed the major networking vendors were playing at roughly the same level. Yikes, no.
Yeah they unfortunately abused the good will they got from that. Once differential cryptanalysis was known and it was clear the NSA had strengthened the DES S-boxes, people started trusting them. And they started making lots of suggestions to various standards. Only now they were inserting back doors. It wasn’t until Snowden that the pendulum of public paranoia swung back the other way.
Unless you count Clipper as a "backdoor", this article asks the same question I am. The whole point of Clipper, of course, was that keys were escrowed.
Clipper was deliberately backdoored (the key exchange had a trap door), with that backdoor only publicly found after its release. This was more the a just key escrow. Why would that not count?
The NSA being the good guys for once feels strange. Especially caring for public interest.
Only if everything you know about the NSA comes from the evil, cackling, mustache-twirling caricatures of it promulgated by angry people on the internet.
Once you look beyond the politics, propaganda, and axe-grinding that is endemic to the online world you find out all sorts of fascinating things about the U.S. government.
Of course the NSA (and arguably any topic) is more nuanced than internet discourse likes to admit. That said, they've done plenty to warrant people's paranoia of them and not a lot to dissuade it.
It's entertaining how many people online think government intelligence agencies actually care about them at all, considering the limited amount of time in the day and all the info that said agencies need to know about adversary countries and other important topics.
For 99 44/100 percent of the online outrage bait, I'm like "you're not that interesting, and they almost certainly don't care about you anyway."
I don't think the Federal government has had much control over public perception of itself for quite some time now. We're not living in an age of manufactured consent in which the dominating central tendency is more or less obvious.
The concept of manufactured consent always felt a bit suspect, but Kamala Harris' presidential candidacy has been covered by say, the NYTimes and The Guardian with little to no criticism, and they seem to be intentionally masking the fact that she has no real policies or any sort of platform. What else, if anything, points you towards the image of a state in whose operations it wants to appear as ambiguous as possible? The real threat, the known threat to state security is Trump, because he and his followers are crazy.
If the NSA, and other intelligence agencies, had any influence on the election, why wouldn't they do exactly what it would appear they are doing now and get a milquetoast liberal elected to office who will easily capitulate to their demands?
> intentionally masking the fact that she has no real policies or any sort of platform
What you're suggesting doesn't exist - and is being skirted around by the news - is in fact widely available. Google's right there.
> If the NSA, and other intelligence agencies, had any influence on the election, why wouldn't they do exactly what it would appear they are doing now and get a milquetoast liberal elected to office who will easily capitulate to their demands?
This strikes me as working backwards from a conclusion. If in your view the intelligence community would operate in that way, how would you ever know one way or the other?
One thing we can certainly agree on is that Trump is the real threat. It is pretty damning of our age that "not having a platform"(to your satisfaction) is supposed to be met as a serious criticism, but her opponent's openly unhinged behavior is just "how it is".
Lol, she's discussed far more of a platform than Trump. Trump never gets into specifics. The closest we've gotten is his insane plan for a flat 10% tariff which would be devastating for the middle class.[1] Other than that, he deals solely in empty platitudes.[2]
Meanwhile, Harris has made specific policy promises on a wide range of issues.[3]
>and they seem to be intentionally masking the fact that she has no real policies or any sort of platform
She doesn't need one: the fact that she's not Trump, and she's not old enough to be senile or on death's door, is all she needs for most voters. It's not like the Democratic Party had a bunch of other viable candidates in a position to mount a presidential campaign this close to the election.
If you want to criticize the US for having a crappy FPTP election system that basically guarantees only two viable parties on the national stage, that's fair, but that's not the fault of journalism outlets, it's baked into the Constitution and other legislation.
<The real threat, the known threat to state security is Trump, because he and his followers are crazy. If the NSA, and other intelligence agencies, had any influence on the election...
Also, those news outlets may very well have their own agenda they're pushing, without any help from the intelligence agencies or anyone else: back in 2015, the media did help to make Hillary look bad. Perhaps they're blaming themselves partially for Trump getting elected, so this time around they want to make sure they don't turn off voters to the non-crazy candidate just because she isn't perfect. (And granted, Kamala doesn't have nearly as much baggage as Hillary did, which helps a lot.)
What, exactly, did they do to further their evil plans?
Did they inject Biden with a dementia drug to force a withdrawal and engineer the timing such that the current Vice President was pretty much the only viable option for the US Democrats to rally behind?
Seems like a tightrope feat of Rube Goldberg Heath Robinson needle threading.
>Did they inject Biden with a dementia drug to force a withdrawal and engineer the timing such that the current Vice President was pretty much the only viable option for the US Democrats to rally behind?
It's not a one-way relation to power. Intelligence agencies are nothing if not opportunistic, they can influence elections but if one of the candidates is clearly incompetent there isn't much they can do unless he drops out. You're forgetting that Jill Stein would've never been endorsed by Biden; what appears to be chaotic and contingent actually has a strong set of boundary conditions of possibility that all the contingency is contained within, and intelligence agencies, including even the state department for foreign affairs, try to control that. Not individual actions, but the ability to perform them, the rationality of it. The fact that you can't even imagine a candidate besides Donald Trump who poses a serious threat to the state intelligence apparatus shows you that they've already won, or at least nearly so.
With the type of work the NSA does, I can't imagine many of the didn't know who Grace Hopper was. I expect they did it out of respect for her, rather than for the benefit of the general public.
1: https://www.schneier.com/blog/archives/2004/10/the_legacy_of...