There is, for example, some evidence that the NSA has inserted weaknesses into some random-number generation standards, ...No, I meant how does the NSA insert something into a standard?The same way it always did. [Wikipedia article on DES]
If the NSA activity we're talking about is anything like what is described in the Wikipedia article on DES, then "has inserted weaknesses" is entirely inappropriate wording. The NSA's involvement in DES, according to the article was:
The US government wanted to establish a standard for encrypting US government data. It sought proposals, via the National Bureau of Standards, from the public and consulted with NSA to evaluate them. IBM submitted a proposal and consulted with the NSA in developing it. NSA suggested two changes to IBM's initial proposal. One was a reworking of the "s-tables," which IBM's encryption experts analyzed and found to be good and accepted. The other was to reduce the key length from 64 bits to 48. IBM rejected that. NSA then proposed 54 bits and IBM found that to be better than 64 and accepted it. IBM made the resulting proposal to NBS and NBS accepted the proposal as a standard for encrypting US government data. Some time later, public standards bodies including ANSI and ISO adopted the same standard. The article doesn't tell the process by which ANSI and ISO adopted it, but I see no evidence that NSA was involved.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds