My understanding was that NSA was the bad actor here. Not NIST. They intentionally withheld information about a timing vulnerability in an encryption algorithm that was being evaluated for standardization by NIST.
We’ll see once Bernstein v NIST[1] settles, though I’m willing to accept that was normal bureaucratic apathy and inertia rather than anything nefarious. Still, if we change “trust NIST [not to be evil]” to “trust NIST’s processes [not to be exploitable by evil]”, I’m not at all reassured. It pays to remember the backdoor was not at all unknown[2] even before the standard entered NIST from ANSI.
Honestly, the whole debacle with making NIST be in charge of (civilian) cryptography makes me more than a little bit sad. Originally, it’s a metrology institution. Metrologists (worldwide) are a very small circle of narrow-focused (and not outrageously well-paid) specialists that usually react to anybody being interested in their field with the kind of joy most often encountered in small fluffy animals. (They are similar to archivists, observational astronomers, or invertebrate biologists in that way.) Now it seems as though the whole enterprise in the US has become tainted by the association with the national security behemoth.
If it were not for the fact that this has happened multiple times, and that each time the cryptography community was openly skeptical, I could believe "normal bureaucratic apathy and inertia."
Bernstein vs. NIST is just a FOIA suit, about an open standards contest where all the participants were public academics. It's not going to uncover the next BULLRUN.
I don’t really expect it to (and the known situation is bad enough already that I don’t expect much would change even if it did).
But I do hope it’ll shed some light on the entanglement (pun not intended) between the NSA and whatever process drives NIST’s crypto publications. There obviously has to be some, given the former is the US government crypto expert and the other is the issuer of public documents on US government crypto. But as a data point for NIST’s credibility, it’d be nice to know how screwed up it is there. Maybe I won’t learn anything about that here either? Dunno.
If you're going to blame NIST for what NSA did in this case - you might as well say "don't even trust anyone for digital privacy" since the NSA already collects literally everything from everyone.
I think the implication that NIST lacks integrity is unfair.
