Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Monday May 16 2022, @02:51PM   Printer-friendly
from the so-were-there-backdoors-in-old-encryption? dept.

The National Security Agency's cybersecurity chief has claimed that next-generation encryption standards under development in the US will be unbreachable, even by the American government's own spies. The National Security Agency has been involved in parts of the process but insists it has no way of bypassing the new standards.

"There are no backdoors," said Rob Joyce, the NSA's director of cybersecurity at the National Security Agency, in an interview. A backdoor enables someone to exploit a deliberate, hidden flaw to break encryption. An encryption algorithm developed by the NSA was dropped as a federal standard in 2014 amid concerns that it contained a backdoor.

The new standards are intended to withstand quantum computing, a developing technology that is expected to be able to solve math problems that today's computers can't. But it's also one that the White House fears could allow the encrypted data that girds the U.S. economy – and national security secrets – to be hacked.

Bloomberg

[Related]:
EXECUTIVE ORDER 14028, IMPROVING THE NATION'S CYBERSECURITY

QUANTUM HEGEMONY ? China's Ambitions and the Challenge

Would you agree with the un-breachable encryption FUD that is being brandied about in this article ? If it is encrypted by humans, it can be decrypted by humans !!


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 4, Funny) by HiThere on Monday May 16 2022, @03:03PM (7 children)

    by HiThere (866) Subscriber Badge on Monday May 16 2022, @03:03PM (#1245331) Journal

    What else is there to say?

    --
    Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
    • (Score: 5, Insightful) by Immerman on Monday May 16 2022, @04:40PM (5 children)

      by Immerman (3985) on Monday May 16 2022, @04:40PM (#1245351)

      Yep. And I absolutely believe them this time.

      Sure they're an intelligence agency - which pretty much by definition means they're all trained in the most effective ways to lie, cheat, steal, and break laws with impunity. And sure they've been caught using those tactics domestically, even against their supposed bosses, in direct violation of their charter, and the laws that are supposed to keep them in check...

      But they'd never lie to the American Public about something that would make their job much easier, right? Right?

      • (Score: 4, Interesting) by JoeMerchant on Monday May 16 2022, @04:52PM (4 children)

        by JoeMerchant (3937) on Monday May 16 2022, @04:52PM (#1245360)

        And I absolutely believe them this time.

        Yes, but why bother? NSA encryption standards, whether backdoored or not, are useful for communicating securely with parties who are compelled to use NSA standard encryption.

        If neither communicating party is compelled to use NSA standard encryption - think of them then more as guidelines, maybe use the NSA standard encryption as one layer in a multi-layer scheme. If it's compromised, the layer(s) above and below it will make that compromise moot. If it's truly strong, and the other layers you have chosen are less strong, then it helps.

        If either communicating party is compelled to use NSA standard encryption: game over. Unless you feel like breaking ranks and being identified as non-compliant, you do what you're told. Maybe slip another layer of encryption (and possibly steganography) inside the NSA wrapper, if both parties feel the NSA layer is uncomfortably exposed for any reason.

        --
        🌻🌻 [google.com]
        • (Score: 2) by Immerman on Monday May 16 2022, @06:36PM (3 children)

          by Immerman (3985) on Monday May 16 2022, @06:36PM (#1245385)

          A better question is why do they bother saying it's not backdoored? Given the source, what sort of idiot would actually believe such a claim?

          • (Score: 3, Insightful) by JoeMerchant on Monday May 16 2022, @06:54PM (1 child)

            by JoeMerchant (3937) on Monday May 16 2022, @06:54PM (#1245398)

            What I expect to come out in 10-20 years is: "What we meant is that there's not a conventional backdoor in the sense of previous NSA backdoors which have been exposed. You see, at the time of the announcement, we were the only agency on the planet in possession of the para-quantum technology required to access the encrypted messages without knowing the keys, so it was safe for you to use because you can always trust us."

            Kinda like Kenobi explaining his lie to Luke about Vader...

            --
            🌻🌻 [google.com]
            • (Score: 1, Interesting) by Anonymous Coward on Monday May 16 2022, @11:06PM

              by Anonymous Coward on Monday May 16 2022, @11:06PM (#1245487)

              Are for when the hardware isn't backdoored.

              They can get into every piece of hardware they need to thanks to signed firmware (making it impossible for the owner of the hardware to lock down or bypass), 'trusted' platform modules, and OS spyware. With those three features, why *WOULD* they need the encryption itself to be insecure?

              The downside is: The data being protected by crypto is JUST AS VULNERABLE to foreign actors, for the same reasons compromised crypto would be. But they won't realize that until the first large scale attack akin to Conti or whatever it was called.

              For the rest of us it is either stockpiling legacy hardware, or designing new equipment with FPGAs and simple components which have no firmware signing yet.

          • (Score: 3, Interesting) by VLM on Monday May 16 2022, @08:23PM

            by VLM (445) Subscriber Badge on Monday May 16 2022, @08:23PM (#1245425)

            They got away with it exactly one time historically, AFAIK:

            https://en.wikipedia.org/wiki/Dual_EC_DRBG [wikipedia.org]

            Nobody knows for sure if they tried this strategy other times and haven't gotten caught yet.

            This is good reading:

            https://en.wikipedia.org/wiki/Nothing-up-my-sleeve_number [wikipedia.org]

    • (Score: 2) by Rosco P. Coltrane on Monday May 16 2022, @04:52PM

      by Rosco P. Coltrane (4757) on Monday May 16 2022, @04:52PM (#1245359)

      The real meaning of this message is: they don't need a backdoor, as they probably have enough unencrypted data kindly provided by Big Data, and possibly enough computational power to break non-backdoored encryption.

  • (Score: 4, Troll) by negrace on Monday May 16 2022, @03:32PM (11 children)

    by negrace (4010) on Monday May 16 2022, @03:32PM (#1245335)

    1. All the previous standards had backdoors.

    2. Nothing is gonna change.

    • (Score: 0) by Anonymous Coward on Monday May 16 2022, @04:00PM (4 children)

      by Anonymous Coward on Monday May 16 2022, @04:00PM (#1245343)

      DES didn't have any backdoors and the NSA's actually improved it's security. It just sucked.

      • (Score: 2, Informative) by Anonymous Coward on Monday May 16 2022, @04:45PM

        by Anonymous Coward on Monday May 16 2022, @04:45PM (#1245354)

        DES WAS the backdoor. NSA had it limited to the number of bits which they could break.

      • (Score: 1) by pTamok on Monday May 16 2022, @07:30PM (2 children)

        by pTamok (3042) on Monday May 16 2022, @07:30PM (#1245412)

        DES didn't have any backdoors and the NSA's actually improved it's security. It just sucked.

        Let me correct that slightly:

        DES didn't have any backdoors that we know of, and the NSA's [sic] actually improved it's security. (Well, yes, they changed the S-box values to make the algorithm resistant to differential cryptanalysis.)

        Stack Exchange: How were the DES S-box values determined? [stackexchange.com]

        However, we still don't know if the NSA had/has a 'backdoor' for DES. It is probably academic, and the NSA can't prove a negative. There's no benefit to the NSA telling us if they had a backdoor for DES.

        • (Score: 3, Informative) by maxwell demon on Tuesday May 17 2022, @07:37AM (1 child)

          by maxwell demon (1608) on Tuesday May 17 2022, @07:37AM (#1245573) Journal

          the NSA's [sic] actually improved

          Contraction of "the NSA has actually improved". Completely correct, no [sic] needed.

          improved it's security.

          Improved its security. Possessive pronoun, not a contraction of "it is". Therefore no apostrophe.

          --
          The Tao of math: The numbers you can count are not the real numbers.
          • (Score: 0) by Anonymous Coward on Tuesday May 17 2022, @03:55PM

            by Anonymous Coward on Tuesday May 17 2022, @03:55PM (#1245686)

            Insufficient of proofreading on my part on both counts.

    • (Score: 0) by Anonymous Coward on Monday May 16 2022, @05:20PM (5 children)

      by Anonymous Coward on Monday May 16 2022, @05:20PM (#1245368)

      Granted, it was sponsored by the National Institute of Standards and Technology (NIST), not the NSA, but the NSA immediately adopted it after NIST did. Twenty years ago, NIST held an open, international competition to see who could come up with the best design, and a Belgian team won. There was nothing closed or nefarious in that process, and it's the most used encryption standard today.

      • (Score: 2, Informative) by pTamok on Monday May 16 2022, @07:42PM (2 children)

        by pTamok (3042) on Monday May 16 2022, @07:42PM (#1245416)

        Well AES is a subset of Rijndael. Why choose a subset?

        https://www.techtalk7.com/differences-between-rijndael-and-aes/ [techtalk7.com]

        And while the algorithm has been pretty resistant to attacks, implementations have not: it turns out to be pretty difficult to write an AES encryptor that is not susceptible to side channel attacks/leakage; as are hardware implementations. So while brute forcing AES continues to be difficult, if you can monitor the hardware doing the encryption, it's less difficult than computing until the heat death of the universe to extract keys. The NSA have known about side-channel attacks for decades, so it is noteworthy that more attention is not paid to that attack method. Shades of "This vulnerability is not the vulnerability you are looking for.".

        https://crypto.stackexchange.com/questions/19525/side-channel-attacks-on-aes [stackexchange.com]
        Deep-Learning Side-Channel Attacks on AES [diva-portal.org]
        Ease of Side-Channel Attacks on AES-192/256 by Targeting Extreme Keys [iacr.org]
        Side Channel Attack On AES [pufsecurity.com]

        • (Score: 0) by Anonymous Coward on Tuesday May 17 2022, @12:07AM (1 child)

          by Anonymous Coward on Tuesday May 17 2022, @12:07AM (#1245504)

          if you can monitor the hardware doing the encryption

          If the NSA are monitoring my hardware to that level they can already get my secrets in easier ways.

          • (Score: 0) by Anonymous Coward on Tuesday May 17 2022, @04:02PM

            by Anonymous Coward on Tuesday May 17 2022, @04:02PM (#1245688)

            SPECTRE is a sufficient side channel, and it isn't just the NSA using it.

      • (Score: 2) by DannyB on Monday May 16 2022, @07:48PM (1 child)

        by DannyB (5839) Subscriber Badge on Monday May 16 2022, @07:48PM (#1245417) Journal

        When AES was developed, computing horsepower[1] was much more expensive than today.

        While AES may still be secure today for most uses, attackers may be able to wield a much greater amount of brute force, or specialized attack force than they could twenty years ago.

        If AES gets broken some day, then any saved up AES messages from the last twenty years are now compromised. Ah ha, so now we now where the bodies are buried!

        [1]the amount of thinking one horse can do in one day

        --
        People today are educated enough to repeat what they are taught but not to question what they are taught.
        • (Score: 0) by Anonymous Coward on Monday May 16 2022, @10:24PM

          by Anonymous Coward on Monday May 16 2022, @10:24PM (#1245476)

          I feel like you are all looking in the wrong place. I wonder if that is the whole point of the "no backdoors" in the algorithms. It makes you focus on the algorithms themselves. However, it is usually much easier to break the scheme or implementation. AES could be perfectly fine, but if the NSA knows the key, your implementation is wrong, or the server itself gives away the secrets, you are hosed anyway. As an example, there was a story here where an AES-1024 scheme was broken an AES-256 reduced to less than a textbook AES-128 despite the cryptographic algorithms working correctly and remaining unbroken precisely because of scheme and implementation problems.

  • (Score: 4, Informative) by Anonymous Coward on Monday May 16 2022, @03:32PM (2 children)

    by Anonymous Coward on Monday May 16 2022, @03:32PM (#1245336)

    If it is encrypted by humans, it can be decrypted by humans !!

    While I have no doubt that the NSA lies to us, and may be lying to us in this case, this premise is wrong. All modern encryption is based on the premise that some mathematical operations are asymmetrical. They are harder to perform in one direction than the other. The classic example of this is multiplication vs. factorization. It is much easier to multiply two small numbers to get a large number than it is to factor the large number back into the two small numbers. Cryptography exploits this by arranging for a calculation that is trivial for the encrypter/decrypter to perform but is not feasible for an attacker to perform with any reasonable amount of resources. As technology changes, the set of calculations that is feasible changes. But that does not change the fundamental premise that there are some calculations that are trivial for the encrypter/decrpyter, but not feasible in any practical way for an attacker.
    It doesn't help that we keep calibrating the keys that we use to "it would take years for an attacker to crack this" to "it would take billions of years for an attacker to crack this" in order to save a little time and space for the encrypter/decrypter.

    • (Score: 0) by Anonymous Coward on Monday May 16 2022, @04:15PM (1 child)

      by Anonymous Coward on Monday May 16 2022, @04:15PM (#1245348)

      256 bits entropy is resistant to brute force using the entire energy output of the sun from now until the heat death of the universe. For symmetric encryption that is all you will ever need. Asymmetric keys are harder to do so they need longer keys, but no key size is sufficient if the algorithm you are using is flawed or contains a deliberate back door like Dual ECC did.

      The NSA used to work for better encryption, but ever since they were folded into Homeland Security they've become as bad as the CIA and FBI.

      • (Score: 0) by Anonymous Coward on Monday May 16 2022, @06:36PM

        by Anonymous Coward on Monday May 16 2022, @06:36PM (#1245386)

        or contains a deliberate back door like Dual ECC did.

        Thanks. Had to lookup that one:

        https://en.wikipedia.org/wiki/Dual_EC_DRBG [wikipedia.org]

  • (Score: 4, Funny) by Snotnose on Monday May 16 2022, @03:53PM (1 child)

    by Snotnose (1623) on Monday May 16 2022, @03:53PM (#1245341)

    This time you can trust us. Pinky swear!

    --
    Why shouldn't we judge a book by it's cover? It's got the author, title, and a summary of what the book's about.
  • (Score: 5, Insightful) by tangomargarine on Monday May 16 2022, @04:08PM (3 children)

    by tangomargarine (667) on Monday May 16 2022, @04:08PM (#1245347)

    These are the same guys who were ordered by Congress to stop spying domestically, then they got caught still doing it 8 months later or whatever it was. They clearly are not above a bit of blatant lying.

    --
    "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
    • (Score: -1, Troll) by Anonymous Coward on Monday May 16 2022, @05:24PM (2 children)

      by Anonymous Coward on Monday May 16 2022, @05:24PM (#1245369)

      Congress, the President, and the administrative agencies lie. Why should NSA be held to a different standard?

      • (Score: 2) by tangomargarine on Monday May 16 2022, @10:13PM (1 child)

        by tangomargarine (667) on Monday May 16 2022, @10:13PM (#1245474)

        Yes, that's a great retort: "Well everything else in the government sucks, so why should I care that this specific aspect of the government sucks?"

        Or how about we work on un-sucking it one piece at a time?

        --
        "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
        • (Score: 0) by Anonymous Coward on Monday May 16 2022, @10:37PM

          by Anonymous Coward on Monday May 16 2022, @10:37PM (#1245479)

          Or how about we work on un-sucking it one piece at a time?

          Nuke it from orbit. It's the only way to be sure.

  • (Score: 4, Touché) by maxwell demon on Monday May 16 2022, @04:21PM (6 children)

    by maxwell demon (1608) on Monday May 16 2022, @04:21PM (#1245349) Journal

    If it is encrypted by humans, it can be decrypted by humans !!

    Sure it can be decrypted by humans (or at least by computers), that's the whole point. The question is whether it also can be decrypted by those humans who don't have the decryption key.

    --
    The Tao of math: The numbers you can count are not the real numbers.
    • (Score: 2) by jasassin on Monday May 16 2022, @04:54PM (5 children)

      by jasassin (3566) <jasassin@gmail.com> on Monday May 16 2022, @04:54PM (#1245361) Homepage Journal

      Sure it can be decrypted by humans (or at least by computers), that's the whole point.

      Yeah, not really sure where he was going with that final statement. Perhaps whoever wrote that could elaborate?

      --
      jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
      • (Score: 3, Informative) by AnonTechie on Monday May 16 2022, @08:15PM (4 children)

        by AnonTechie (2275) on Monday May 16 2022, @08:15PM (#1245422) Journal

        I posted this story and based on what transpired before, I am not confident that any encryption standard would remain un-hackable. Here are some of the comments which led me to make that statement:

        NSA does not have... shall we say, an amazing track record when it comes to backdoors [gizmodo.com]. Don’t forget that...

        In 2013, it was reported that the NSA had paid $10 million to the security company RSA, in exchange for which, RSA allegedly implanted a compromised encryption algorithm into its products’ software called Dual_EC_DRBG. This algorithm is widely believed to have acted as a backdoor for the NSA.

        In 2014, it was reported that the NSA had been intercepting U.S.-made hardware that was being sent abroad. NSA operatives would allegedly implant the products with backdoors, repackage them, then send them on their way.

        In 2015, networking products manufacturer Juniper Networks announced that a suspected backdoor had been discovered inside the operating system that runs its firewalls. The NSA is long suspected of having been involved or having been inadvertently responsible for security weaknesses that allowed hackers to get inside the devices.

        In 2020, Congress tried to get a straight answer out of the NSA as to whether it was still planting backdoors in U.S.-made hardware and software. Then NSA staffer Anne Neuberger said: “We don’t share specific processes and procedures.”

        In February, it was reported that a backdoor affecting most Linux distributions had been discovered. The backdoor, dubbed “Bvp47,” was reportedly “linked” to the Equation Group, a well-known hacking group inside the NSA.

        Also: The NSA Says that There are No Known Flaws in NIST’s Quantum-Resistant Algorithms [schneier.com]

        --
        Albert Einstein - "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
        • (Score: 0) by Anonymous Coward on Monday May 16 2022, @11:44PM

          by Anonymous Coward on Monday May 16 2022, @11:44PM (#1245498)

          $10m sounds kinda low for something like that. Perhaps they had some kompromat on the CEO.

        • (Score: 0) by Anonymous Coward on Tuesday May 17 2022, @12:19AM

          by Anonymous Coward on Tuesday May 17 2022, @12:19AM (#1245509)
        • (Score: 2) by maxwell demon on Tuesday May 17 2022, @03:41AM (1 child)

          by maxwell demon (1608) on Tuesday May 17 2022, @03:41AM (#1245542) Journal

          There is a difference between an encryption standard being hackable, and backdoors being implanted in devices.

          With backdoors in devices, it doesn't matter whether encryption is good, because you can read the data before it gets encrypted. That doesn't tell you anything about the encryption.

          Now there is a danger that a backdoor gets inserted in the algorithm itself. But that can only be done by those who are involved in the development of the algorithm. Any algorithm not developed with the help (or other influence) of the NSA will not have NSA backdoors.

          --
          The Tao of math: The numbers you can count are not the real numbers.
  • (Score: 0) by Anonymous Coward on Monday May 16 2022, @04:49PM (4 children)

    by Anonymous Coward on Monday May 16 2022, @04:49PM (#1245357)

    NSA doesn't stand for Nice Security Agency. Surely you don't doubt that they are laser focused on directing their dirty tricks to the right folks?

    The more interesting thing here is making an encryption standard that is more quantum resistant. Aside from just being more complex, what does that mean?

    • (Score: 3, Insightful) by hendrikboom on Monday May 16 2022, @06:44PM

      by hendrikboom (1125) Subscriber Badge on Monday May 16 2022, @06:44PM (#1245393) Homepage Journal

      It probably means that factoring large numbers won't help crack it.

    • (Score: 2) by maxwell demon on Tuesday May 17 2022, @03:52AM (2 children)

      by maxwell demon (1608) on Tuesday May 17 2022, @03:52AM (#1245545) Journal

      It means that having a quantum computer won't help you in breaking it.

      There are certain tasks where it is believed that the best algorithm on a classical computer is exponential, while there are known polynomial algorithms on quantum computers. The best known example is factoring numbers.

      Now if your encryption relies on the difficulty of a task which isn't difficult on a quantum computer (such as factorizing large integers), then as soon as someone develops a scalable quantum computer, that person can immediately break that encryption.

      Quantum-safe encryption means that a quantum computer does not have an exponential advantage in breaking it.

      Note that quantum computers can speed up brute-forcing through Grover search, but that's polynomial improvement (classical search is O(N), Grover search is O(sqrt(N))) and therefore can easily be countered by doubling your key length.

      --
      The Tao of math: The numbers you can count are not the real numbers.
      • (Score: 0) by Anonymous Coward on Tuesday May 17 2022, @02:14PM (1 child)

        by Anonymous Coward on Tuesday May 17 2022, @02:14PM (#1245643)

        Assuming that qc are a real thing that we will eventually have,
            I can see that there are a few quantum algorithms that have been discovered that will provide the exponential advantage given qc.

        But think back to the history of classic computers. Algorithms were discovered after the computers.
            Should one expect other quantum algorithms to show up once qc becomes a thing?

        If so, is there something more fundamental about qc which will make some encryption choices better than just avoiding the currently known algorithms?

        • (Score: 0) by Anonymous Coward on Tuesday May 17 2022, @04:16PM

          by Anonymous Coward on Tuesday May 17 2022, @04:16PM (#1245693)

          Quantum computers already exist, they just aren't very powerful yet and are expensive. Both of those factors should improve over time.

          Algorithms were known to the Babylonians by 2500BC [wikipedia.org].

          We can and have analyzed quantum algorithms without quantum computers just like we could and did analyze classical algorithms without classical computers. Research has been ongoing since 1980.

          Quantum supremacy [wikipedia.org] has not yet been proven, but we are still at the early stages. The biggest issue seems to be in actually building a quantum computer that is powerful enough to challenge classical supercomputers. If that proves infeasible then it won't matter if QC is technically more powerful than CC.

  • (Score: 4, Funny) by Rosco P. Coltrane on Monday May 16 2022, @04:50PM

    by Rosco P. Coltrane (4757) on Monday May 16 2022, @04:50PM (#1245358)

    I believe him more than I believe the NSA.

  • (Score: 4, Funny) by ElizabethGreene on Monday May 16 2022, @08:07PM (3 children)

    by ElizabethGreene (6748) Subscriber Badge on Monday May 16 2022, @08:07PM (#1245420) Journal

    If they hadn't said anything I wouldn't have wondered, but now I'm suspicious.

    It's like when a politician says, "I did not molest any ducks." You just *know* there is a duck out there with a story to tell.

    • (Score: 5, Touché) by Runaway1956 on Monday May 16 2022, @08:52PM (1 child)

      by Runaway1956 (2926) Subscriber Badge on Monday May 16 2022, @08:52PM (#1245437) Journal

      That's the thing though: the politician didn't molest any ducks. He was more into geese, turkeys, and pigeons. But, he has succeeded in making you look at ducks, so you won't look too closely at those other birds.

      • (Score: 1, Informative) by Anonymous Coward on Monday May 16 2022, @11:13PM

        by Anonymous Coward on Monday May 16 2022, @11:13PM (#1245490)

        AKA Republican SOP

        For the acronym challenged: Also known as Republican standard operating procedure

    • (Score: 1, Funny) by Anonymous Coward on Monday May 16 2022, @09:53PM

      by Anonymous Coward on Monday May 16 2022, @09:53PM (#1245466)

      It is like the running joke on The Simpsons of Troy McClure insisting that he isn't banned from the Springfield Aquarium.

  • (Score: 0) by Anonymous Coward on Monday May 16 2022, @09:15PM

    by Anonymous Coward on Monday May 16 2022, @09:15PM (#1245451)

    it's a endless swing back and forth:
    "we're backdooring, terrorists and all."

    all terrorist are dead or have busied themself with more constructive stuff.

    then back to no-backdoor. then something happens.
    back to "yup, need back door".

    curious which PhD issuing department will figure out what the exact mechanisms are that precipitate these swings ...

  • (Score: 2) by inertnet on Monday May 16 2022, @11:19PM (1 child)

    by inertnet (4071) on Monday May 16 2022, @11:19PM (#1245491) Journal

    It's possible that technically he didn't tell a lie, but reading between the lines might reveal a backdoor, so to speak. Like: "There are no backdoors, but there's a revolving door that I won't tell you about."

    • (Score: 2) by maxwell demon on Tuesday May 17 2022, @07:43AM

      by maxwell demon (1608) on Tuesday May 17 2022, @07:43AM (#1245575) Journal

      From the summary:

      A backdoor enables someone to exploit a deliberate, hidden flaw to break encryption.

      So, maybe the flaw was accidental, but when they discovered it they decided to leave it in? So, not a backdoor according to that definition.

      --
      The Tao of math: The numbers you can count are not the real numbers.
  • (Score: 0) by Anonymous Coward on Tuesday May 17 2022, @05:04PM

    by Anonymous Coward on Tuesday May 17 2022, @05:04PM (#1245720)

    ... I wouldn't bother asking the NSA anything.

    They're just not a source of useful information. Even if they tell the truth, you have no way of verifying it. It's rather like a magic 8-ball with a federal budget.

    And that's also why I'd vote against any budget that funds them.

(1)