Your email is very cynical, perhaps too cynical for reality - but we need cynics to keep reality in check.
I don't know much about crypto politics, but... isn't it utterly obvious that the mere fact that the NSA suggest a certain algorithm (say Rijndael) for a national standard and recomends its use internationally imply that they have a pretty darn good idea (if not actual technology) on how to break it efficiently? I just don't see why else they would advocate its use.
The NSA exists in part as a national authority on computer and communications security, and therefore should recommended an algorithm for use as a means to protect its citizens and countries national security. By recommending its use "internationally", I assume that the fine print is that they recommend it for use by US nationals in an international environment, not to international users (a subtle but useful distinction, the NSA is a domestic agency, I don't think it attempts to speak for the world yet). Ideally, the NSA should be able to break this algorithm when no one else in the world can, as this would give it an advantage in its signals intelligence activities - supposedly these are activites used "in the national interest", for the benefit of citizens and society as a whole - commerce, etc. Well, society is no utopia and there are many other interests (relationships with policy in washington, etc), but you know what I mean.
After all isn't the fact that NSA could break DES since the 70's the reason for the 'success' of DES?
Complicated answer. By 'approving' DES, then medium security grade products procured by the government would presumably have had to have DES and ANSI conformance before they would be bought by the government. This at least then made DES a commercial choice for government use and something that industry had experience with because there is virtually no other choice, and thence also for financial institutions, and thence eventually more and more into the public arena as the need for information security products became more prevalent. Also, there were few alternatives to DES, and in fact during the 1970s and 1980s, significant academic activity was put into fiestal network research, S-box research, cipher modes of operation, cryptoanalytic attacks (differential cryptanalysis, for instance). From this, new symmetric algorithms, sometimes based on similar design principles to DES, or new principles investigated as an alternative, were created. You must remember that a large proportion of DES use in commercial products is outside the scope of technological paranoics (that is not entirely fair, there are many objective technologists) and in the scope of money men and corporate standards conformance and spread sheets - these people are more than happy with a NSA/NIST approved solution. What you see in the AES candidates are the fruits of decades of research and activity partially thanks to DES, but also a result of the age we live in (in the same way that "people knew the internet was coming, but they didn't know that it would be the internet", you could say that symmetric, assymetric ciphers were going to happen, they just happened to be DES and RSA to start with, the ball has to start somewhere, and it turned out that DES was a pretty good choice thanks to the skill of Coppersmith and associates at IBM). Whether the NSA could break DES is up for debate, and may be known in the future perhaps - what is known now is that the advance of technology has made DES an uneconomically feasible solution for medium to high grade risk situations. As a result of the AES selection, you must also remember that now there are 5 highly valued symmetric algorithms created by world class cryptographers, and 1 exceptional algorithm. While the AES may be recommended, they are now alternatives and additional algorithms that could be used for those desiring increased security (i.e. as wrappers for the AES, or alternatives to the AES, or whatever). What you will see in the coming years is a focus on analysing the strengths and weaknesses of the AES - hopefully this will only further prove that it is a good candidate. Also, in the same way that 3DES and Ritter style DES networks were seen as advantageous modes of operation, perhaps additional AES modes of operation will add a further layer of security that may allay some concerns about whether the NSA can break the algorithm. That's my rough answer, no doubt a few people could iron out my bumps. Best regards, Matthew Gream Year 2000 Grand Tour Madrid, Spain (enraptured by Goya and his use of diagonal line) _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com.