[bediger4000]

Some have speculated that the entire credit card system is compromised, end to end. I think the real question is why NSA didn't intervene in the early 1990s. Online commerce was just beginning, and the importance of electronic funds transfer was obvious, but the method wasn't set in stone. NSA knew about public key crypto well before the rest of us did. They could have helped set up very secure electronic payments, but chose not to for unknown reasons.

[lxgr]

What do you mean by "compromised end to end"? A compromise implies that something isn't working as originally designed.

Credit and debit cards (except for 3DS and EMV) are working exactly as designed; the design just isn't very good from a security perspective.

[yieldcrv]

NSA prefers compromised security so that answers your question

Credit card system was already around for decades before though

[jongjong]

Reminds me of when I wrote a lightweight blockchain from scratch including the Lamport OTS (quantum resistant) signature scheme and then most of the leaders from my crypto community at the time turned against me for no reason.

The signature scheme I implemented was thoroughly tested. Implemented from reading the Lamport and Merkel academic papers and under 1000 lines of code in total so pretty easy to audit... Nobody found an issue with it in 5 years. But the suppression was suspicious. The narrative of "Don't roll your own crypto" is suspicious... Is it really better to use the same library as hundreds of thousands of other projects? Is that really lower risk? Didn't we learn from the Axios hack that popularity doesn't provide security.

[fhdkweig]

I heard a rumor that NSA suggested changes to DES encryption that strengthened it from differential cryptanalysis attacks that the public cryptologists weren't aware of yet.

[plorkyeran]

That isn't a rumor? It's a pretty well documented fact that the NSA was involved in the design of DES and that the magic numbers that people initially assumed were a back door of some sort turned out to make differential cryptanalysis more difficult than randomly chosen ones would have.

[bagels]

"The RSA algorithm was publicly described in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman at MIT"