The NSA’s work to make crypto worse and better

Backdoors. Useful on buildings. Crappy in cryptography.

The mission of the US National Institute of Standards and Technology, NIST, is to create technical and measurement standards to make US manufacturing and industry more competitive.

In 1987, the Computer Security Act tasked NIST (then known as the National Bureau of Standards, NBS) with the creation of computer standards to ensure the security of federal computer systems. The best known standard that came from this work is probably the Advanced Encryption Standard (AES) algorithm. NIST held a competition between 1997 and 2000 to pick a symmetric cipher (that is, one where the same key is used for both encryption and decryption). The winner of the competition was Belgian algorithm Rijndael, and accordingly, Rijndael is known as AES.

The CSA explicitly required NIST to seek the advice and guidance of the National Security Agency (NSA) when creating these standards. The NSA is, after all, where the government's cryptography experts work, and once upon a time, the organization was pretty helpful in this area. Before the CSA, the NSA had helped develop old NBS standards. In the 1970s, NBS created a standard for AES's predecessor, called the Data Encryption Standard (DES).

Read 15 remaining paragraphs | Comments