Of all of the revelations about the NSA that have come to light in recent months, two stand out as the most worrisome and surprising to cybersecurity experts. The first is that the NSA has worked to weaken the international cryptographic standards that define how computers secure communications and data. The second is that the NSA has deliberately introduced backdoors into security-critical software and hardware. If the NSA has indeed engaged in such activities, it has risked the computer security of the United States (and the world) as much as any malicious attacks have to date.
No one is surprised that the NSA breaks codes; the agency is famous for its cryptanalytic prowess. And, in general, the race between designers who try to build strong codes and cryptanalysts who try to break them ultimately benefits security. But surreptitiously implanting deliberate weaknesses or actively encouraging the public to use codes that have secretly been broken -- especially under the aegis of government authority -- is a dirty trick. It diminishes computer security for everyone and harms the United States’ national cyberdefense interests in a number of ways.
Few people realize the extent to which the cryptography that underpins Internet security relies on trust. One of the dirty secrets of the crypto world is that nobody knows how to prove mathematically that core crypto algorithms -- the foundations of online financial transactions and encrypted laptops -- are secure. Instead, we trust that they are secure because they were created by some of the world's most experienced cryptographers and because other specialists tried diligently to break them and failed.
Since the 1970s, the U.S. National Institute of Standards and Technology (NIST) has played a central role in coordinating this trust, and in deciding which algorithms are worthwhile, by setting the cryptographic standards used by governments and industries the world over. NIST has done an admirable job of organizing the efforts of cryptographic experts to design and evaluate ciphers. It has also been