On Sat, Nov 21, 2009 at 05:42:48PM -0500, Samuel Baldwin wrote: > 2009/11/21 AG <computing.acco...@googlemail.com>: > > Depends on whether one trusts the NSA or not. > > That's the nice thing about open source software; we don't have to, > because we can verify their code or mathematics ourselves.
Anything can be backdoored. An agency that wants to do so would probably be less obvious about it. I don't know the current state of NSA mathematical research, obviously, but it used to be THE biggest employer of mathematicians on the planet, and there was a point when it had a considerable advance in cryptography to about anybody else. It's a well-documented story that the NSA suggested changes to the DES initialisation vector before it became a standard. Backdoor ? no. Resistance to differential cryptanalysis ? you bet. The fun thing about that is that, at that point, differential cryptanalysis hadn't been invented... and wouldn't be for roughly ten years. For the general public, that is. I don't know if they still have this kind of advance. Probably less. Good luck verifying the mathematics yourself, though.
