undefined | Better HN

0 pointskragen9mo ago0 comments

Historically the NSA has sabotaged public cryptography standards so that it could crack them, while adversaries hopefully couldn't. It pays its employees to do this. It seems plausible that that's what's going on here, but even if so, whether that's because they know of a fatal weakness in NTRU they fear adversaries will exploit, or know of one in Kyber that they hope to exploit themselves, is anybody's guess.

0 comments

bigfatkitten9mo ago

NSA makes public their own policy for national security systems.

https://media.defense.gov/2025/May/30/2003728741/-1/-1/0/CSA...

If the U.S. Government is willing to bet the SECRET-and-above farm on particular cryptography standards and implementations, it’s probably safe for you to use them too.

pxeger19mo ago

If NSA and only NSA can crack a particular system, they probably wouldn't mind using it for their own secrets.

And anyway why is there any reason to believe they really do use the system they say they use?

bigfatkitten9mo ago

> If NSA and only NSA can crack a particular system, they probably wouldn't mind using it for their own secrets.

How do you think they could assess that they, and only they will ever be able to exploit a particular cryptographic vulnerability at any time over the next few decades?

They can’t, they would be well aware of that, and they are extremely risk averse.

> And anyway why is there any reason to believe they really do use the system they say they use?

Because these systems exist widely throughout government today.

https://www.nsa.gov/Resources/Commercial-Solutions-for-Class...

https://www.disa.mil/-/media/files/disa/fact-sheets/dmcc-s-f...

jandrewrogers9mo ago

FWIW, the US government actively develops and maintains a suite of classified cryptography algorithms[0] which are completely separate from the suite of algorithms they publish publicly. The reason for the existence of Suite A algorithms has never really been explained. I’ve heard rumors that it contains capabilities not known in public cryptographic algorithms, but that’s speculation.

[0] https://en.wikipedia.org/wiki/NSA_Suite_A_Cryptography

bigfatkitten9mo ago

They do, and there are a lot of situations in which those algorithms are not usable, such as on mobile devices, hence the introduction of Suite B and now CNSA.

kragenOP9mo ago

What they've been doing consistently for the last 50 years counts for more than what they say today.

bigfatkitten9mo ago

They haven’t been using commercial cryptography to protect classified information for 50 years.

The fact they are now is a relatively recent development, and it’s significant because they now have their own skin in the game whereas they previously did not.

j / k navigate · click thread line to collapse

0 comments

bigfatkitten9mo ago

NSA makes public their own policy for national security systems.

https://media.defense.gov/2025/May/30/2003728741/-1/-1/0/CSA...

If the U.S. Government is willing to bet the SECRET-and-above farm on particular cryptography standards and implementations, it’s probably safe for you to use them too.

pxeger19mo ago

If NSA and only NSA can crack a particular system, they probably wouldn't mind using it for their own secrets.

And anyway why is there any reason to believe they really do use the system they say they use?

bigfatkitten9mo ago

> If NSA and only NSA can crack a particular system, they probably wouldn't mind using it for their own secrets.

How do you think they could assess that they, and only they will ever be able to exploit a particular cryptographic vulnerability at any time over the next few decades?

They can’t, they would be well aware of that, and they are extremely risk averse.

> And anyway why is there any reason to believe they really do use the system they say they use?

Because these systems exist widely throughout government today.

https://www.nsa.gov/Resources/Commercial-Solutions-for-Class...

https://www.disa.mil/-/media/files/disa/fact-sheets/dmcc-s-f...

jandrewrogers9mo ago

[0] https://en.wikipedia.org/wiki/NSA_Suite_A_Cryptography

bigfatkitten9mo ago

They do, and there are a lot of situations in which those algorithms are not usable, such as on mobile devices, hence the introduction of Suite B and now CNSA.

kragenOP9mo ago

What they've been doing consistently for the last 50 years counts for more than what they say today.

bigfatkitten9mo ago

They haven’t been using commercial cryptography to protect classified information for 50 years.

The fact they are now is a relatively recent development, and it’s significant because they now have their own skin in the game whereas they previously did not.

j / k navigate · click thread line to collapse