Comment by sigil

3 years ago

It’s compelling in context. If the NSA influenced NIST standards 3x in the past — DES, DSA, Dual EC — then shouldn’t we be on high alert this 4th time around?

That NSA is already recommending against hybrid, instead of waiting for the contest results, might signal they’ve once again managed to game the standardization process itself.

At the very least — given the exhaustive history in this post — you’d like to know what interactions NSA and NIST have had this time around. Thus, djb’s FOIA. And thus the lawsuit when the FOIA went unanswered. It all seems very reasonable to me.

What’s that old saying, “fool me thrice…”?

6 comments

sigil

Reply
tptacek  3 years ago

Everybody is on high alert. Being on high alert doesn't make Bernstein right.

I don't even support the premise of NIST crypto standardization, let alone trust them to do it.

  • blueprint  3 years ago

    > Everybody is on high alert. Being on high alert doesn't make Bernstein right.

    What exactly are you arguing for, with this? Pretty sure the dude you're replying to knows about the existence of cognitive biases, thanks.

    • tptacek  3 years ago

      It's pretty obvious, right? What Bernstein is saying here can (and probably is) a load of horseshit, and it's still a terrible idea to trust NIST. Seems like a simple argument.

      3 replies →