> I filed a FOIA request "NSA, NIST, and post-quantum cryptography" in March 2022. NIST stonewalled, in violation of the law. Civil-rights firm Loevy & Loevy filed a lawsuit on my behalf.
> That lawsuit has been gradually revealing secret NIST documents, shedding some light on what was actually going on behind the scenes, including much heavier NSA involvement than indicated by NIST's public narrative.
even if I had never heard of DUAL_EC_whatsit, there's enough here to make me mistrust NIST.
He/she means that there have been good things coming out of the NSA/NIST collaborations (another example is SHA0->SHA1, introducing a "mysterious" left shift that made SHA1 much stronger), and the bad ones are caught quickly.
How so? Or rather, taking change for a given, what are believable indicators that a secret organization outside normal systems of law and publicity has changed _for the better_? After all, the Snowden relevations lead not to the NSA deciding that creating a global panopticon for a super-surveillance state would be a bad idea, but rather them doing their damnedest that never again the American public would be informed of the true scale of their dystopian actions.
from the article:
> I filed a FOIA request "NSA, NIST, and post-quantum cryptography" in March 2022. NIST stonewalled, in violation of the law. Civil-rights firm Loevy & Loevy filed a lawsuit on my behalf.
> That lawsuit has been gradually revealing secret NIST documents, shedding some light on what was actually going on behind the scenes, including much heavier NSA involvement than indicated by NIST's public narrative.
even if I had never heard of DUAL_EC_whatsit, there's enough here to make me mistrust NIST.
You mean ANSI/ISO/NIST and Dual_EC_DRBG, that everyone suspected had a backdoor before it was included as one of multiple options? https://en.m.wikipedia.org/wiki/Dual_EC_DRBG#Timeline_of_Dua...
Or the s-boxes in DES, that the NSA suggested to IBM + NIST's predecessor, so as to be resistant to then-not-widely-known differential cryptanalysis? https://web.archive.org/web/20120106042939/http://securespee...
One of those things happened after 9/11, and one of those things happened before.
There is a widely held belief that the US IC changed fundamentally in terms of their regard for their own raison d’etre that day.
It'll be curious, looking back from the near future, what prompted the next fundamental change.
I'd like to think the US is in the midst of that now, with the Afghan withdrawal and Ukraine war.
[flagged]
He/she means that there have been good things coming out of the NSA/NIST collaborations (another example is SHA0->SHA1, introducing a "mysterious" left shift that made SHA1 much stronger), and the bad ones are caught quickly.
Things have changed quite a bit since then.
How so? Or rather, taking change for a given, what are believable indicators that a secret organization outside normal systems of law and publicity has changed _for the better_? After all, the Snowden relevations lead not to the NSA deciding that creating a global panopticon for a super-surveillance state would be a bad idea, but rather them doing their damnedest that never again the American public would be informed of the true scale of their dystopian actions.