Gaetano Mendola <mendola@bigfoot.com> writes:
> Well, when SHA-0 was ready NSA suggested to apply some changes in order to
> correct some flaw discovered and SHA-1 comes out, interesting NSA never wrote
> which flaw was corrected!
> May be SHA-1 is trasparent water to NSA eyes :-)
This is awfully similar to the story that's told about DES:
When DES was under development the NSA told people to try a few specific
constants for the "sboxes" stage of the cipher. As far as anyone at the time
could tell they were completely random values and nearly any value would have
been just as good.
Then 30 years later when differential cryptanalysis was invented people found
the values the NSA told them to use are particularly resistant to differential
cryptanalysis attacks. Almost any other values and DES would have fallen right
then.
This means it's quite possible the NSA had differential cryptanalysis 30 years
before anyone else. Quite a remarkable achievement. However it's unlikely that
the same situation holds today. 30 years ago nobody outside the government was
doing serious cryptanalysis. If you were a mathematician interested in the
field you worked for the NSA or you changed fields. These days there's tons of
research in universities and in the private sector in serious cryptanalysis.
The NSA still employs plenty of good cryptanalysts but they no longer have the
monopoly they did back then.
--
greg