Specifically, we’re talking about their involvement with NIST standard elliptic curves.

Now, let me start by saying that I have nothing against NIST or NSA (well, maybe just a little bit). But when it comes to cryptography and security, these guys can be pretty sneaky sometimes. And in this case, they really outdid themselves.

So here’s the story: back in 2013, NIST was working on updating their standard for elliptic curve cryptography (ECC). They were looking at a few different options, including some proposed by the RSA company. And that’s when things got interesting.

You see, the RSA company had developed this fancy new ECC algorithm called Dual EC. It was supposed to be really secure and efficient, but there was one problem: it was also really slow. Like, painfully slow. But hey, who cares about speed when you’re trying to keep your secrets safe?

Well, apparently NSA did care about speed. And they had a little something up their sleeve that would allow them to use Dual EC without anyone noticing. You see, NIST was in the process of updating its standard for ECC parameters (the numbers used to generate keys and encrypt data). And NSA knew just how to make sure that Dual EC got included in the new standard.

First, they paid RSA $10 million to make Dual EC “the preferred or default method for number generation” in their BSafe software. This would ensure that anyone using BSafe (which is a popular encryption tool) would be using Dual EC without even realizing it.

But NSA didn’t stop there. They also convinced NIST to include Dual EC as an option in the new standard, despite its slow speed and other issues. And they did this by making sure that their friends at NIST knew how much money was on the table if Dual EC got included.

Now, I know what you’re thinking: “But wait! If Dual EC is so slow, why would anyone use it?” Well, bro, that’s where things get really interesting. You see, Dual EC has a little-known back door built into it. This means that NSA (or any other government agency with the right resources) can easily decrypt messages encrypted using Dual EC.

So why would anyone use an algorithm with a known back door? Well, for starters, it’s really secure when used properly. And if you don’t know about the back door, then there’s no reason to worry, right? Plus, NSA can always clgoal that they didn’t put the back door in on purpose (even though we all know better).

But here’s the thing: this kind of manipulation is not okay. It undermines the trust and integrity of standards bodies like NIST, which are supposed to be impartial and objective. And it puts us all at risk by creating vulnerabilities that can be exploited by bad actors (like, say, foreign governments).

So what’s the solution? Well, for starters, we need to hold these agencies accountable for their actions. We need to demand transparency and openness in our standards bodies, so that everyone knows exactly how decisions are made. And we need to ensure that any back doors or other vulnerabilities are disclosed upfront, so that they can be addressed before they’re exploited by bad actors.

In short: let’s not let NSA (or anyone else) manipulate our standards for their own benefit. Let’s work together to create a more secure and trustworthy world for all of us.