We are in a curious situation in which if the NSA says something is insecure, we trust their advice, but if they say something is secure, we don't trust them. Of course, this is because cryptanalysis results can be independently verified.
This does suggest a way for the NSA to regain public confidence, at least among cryptographers: publish more cutting edge cryptanalysis. Does the NSA need more public confidence? There is a political component to putting regulations in place for the government to secure its own secrets, one of the NSA's mandates (Information Assurance).
Much like the poisoned wine puzzle in The Princess Bride: the NSA could be saying to trust something (that they believe is secure) in hopes others don't trust them, so the others use insecure cryptography instead, which was the NSA's Signals Intelligence (surveillance) goal. However, knowing that this might be the case, what should the others do? Fun with game theory.
No comments :
Post a Comment