• Arghblarg@lemmy.ca
      link
      fedilink
      English
      arrow-up
      18
      ·
      edit-2
      9 hours ago

      Sure, but lots of people thought it was crazy conspiracy thinking that the NSA backdoored certain Elliptic Curves CSPRNGs years ago… yet it turned out they in fact did, and successfully, and it took years to come out. Whether or not some ‘threat model’ applies to the situation.

      The chances of a normal person being targeted by some obscure NSA backdoor is very low, certainly; but that doesn’t refute the historical fact that they do try to subvert standards processes.

      • mlg@lemmy.world
        link
        fedilink
        English
        arrow-up
        9
        ·
        9 hours ago

        I think it’s funny to think that the NSA has probably defeated RSA and those sketchy ECDSA curves, but they still haven’t broken AES because its symmetric.

        that they do try to subvert standards processes.

        This is why RSA is considered weak even at 4096. No hacker or APT is gonna break it but the NSA probably can and probably has, even if it was some loophole implementation bug.

        When you assume nation state funding and leverage, a lot of baseline security standards go out the window.