Greg Stark wrote:
> Gaetano Mendola <mendola@bigfoot.com> writes:
>
>
>>Well, when SHA-0 was ready NSA suggested to apply some changes in order to
>>correct some flaw discovered and SHA-1 comes out, interesting NSA never wrote
>>which flaw was corrected!
>>May be SHA-1 is trasparent water to NSA eyes :-)
>
>
> This is awfully similar to the story that's told about DES:
>
> When DES was under development the NSA told people to try a few specific
> constants for the "sboxes" stage of the cipher. As far as anyone at the time
> could tell they were completely random values and nearly any value would have
> been just as good.
>
> Then 30 years later when differential cryptanalysis was invented people found
> the values the NSA told them to use are particularly resistant to differential
> cryptanalysis attacks. Almost any other values and DES would have fallen right
> then.
>
> This means it's quite possible the NSA had differential cryptanalysis 30 years
> before anyone else. Quite a remarkable achievement. However it's unlikely that
> the same situation holds today. 30 years ago nobody outside the government was
> doing serious cryptanalysis. If you were a mathematician interested in the
> field you worked for the NSA or you changed fields. These days there's tons of
> research in universities and in the private sector in serious cryptanalysis.
> The NSA still employs plenty of good cryptanalysts but they no longer have the
> monopoly they did back then.
I will invite you to repeat the same sentence in 2034 ... :-)
Regards
Gaetano Mendola