> In this way, entire sections of industry will auto-assume the backdoor was both deliberate, and used both both friendlies & hostiles.
That’s fine. But they should be equally paranoid of all substitute products/services that use other recommendations from NIST, right? Are there greater than zero products on the (US) market with no encryption in the system recommended by NIST?
Also, I don’t think I was limiting my thinking to a customer of the weak encryption product. I was also thinking through the lens of legal implications.
That’s fine. But they should be equally paranoid of all substitute products/services that use other recommendations from NIST, right? Are there greater than zero products on the (US) market with no encryption in the system recommended by NIST?
Also, I don’t think I was limiting my thinking to a customer of the weak encryption product. I was also thinking through the lens of legal implications.