NSA Encryption backdoor?

Posted by jerry as Security

I am always skeptical of conspiracy in a given situation. The article is basically claiming that the NSA knowingly put a backdoor key in to an algorithm, then forced it into the standard doc. Oh, and it’s apparently ‘obvious’ that secret keys exist, whether known or unknown.

This reminds me a lot of the debate about the sboxes used in DES - the assumption was that the government did it to be able to crack DES, but turned out to be an intentional design element that actually increased the security of DES.

I can think of a few scenarios off hand:

1. The creator knew about the weakness and intentionally chose values that are very difficult to reverse engineer.  The algorithm is substantially secure to be trusted in spite of this.

2. No such set of second numbers are available, and this is a misunderstanding.

3. The creator legitamately did not know about the issue.  People in the NSA are crapping bricks now.

4. There in fact is a secret set of numbers in the algorithm and the NSA has a specific use in government applications for a computationally intensive, and recoverable application. They know that general use is not likely because of those two fact.

I can see some utility in a computationally expensive encryption algorithm. I have to believe that the NSA didn’t ’sneak’ in an algorithm that is so obviously inferior, expecting the world at large to use it so they can snoop. Despite iraq and 9/11, they really aren’t a dumb organization.

I think the real story here is that we have to be so suspicious of the motives of our government. Given the many spying stories, the telecom amnesty issue, Guantanamo Bay, the TSA, etc, it seems like a plausible story that the NSA really would do such a thing.  In that light, maybe I’m wrong - maybe they did try to pull one over on us. One thing’s for sure - we’ll never get an answer we can trust from the CIA.