<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">On 17/09/2015 16:30, Salz, Rich wrote:<br>
    </div>
    <blockquote cite="mid:1442503817863.52938@akamai.com" type="cite">
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
      <style type="text/css" style="display:none"><!--P{margin-top:0;margin-bottom:0;} --></style>
      <p><br>
      </p>
      <div style="color: rgb(33, 33, 33);">
        <div>
          <div dir="ltr">> The occasional cryptanalytic success
            implies that the NSA is generally more advanced, but not
            always.
            <br>
            <br>
            I am probably being dumb, but I don't see how the timeline
            justifies that conclusion.<br>
            <br>
            The only datapoint that we seem to be confident about is
            that the NSA quietly strengthened DES against differential
            attacks before the public community knew of them.<br>
          </div>
        </div>
      </div>
    </blockquote>
    <br>
      Not convinced all of that statement is true. It is now reasonably
    well established both that IBM knew about differential attacks and
    were asked to keep quiet about them, *and* that the NSA knew that
    when they strengthened DES against them. It would seem reasonable
    therefore that the NSA quietly strengthened DES against the attack
    because they knew it was no longer their own secret, and didn't
    trust it not to leak from IBM.  They could well have also known
    about linear, and not strengthened DES against that because they
    believed that knowledge was still restricted to themselves, hence
    strengthening against it would be a disclosure.<br>
  </body>
</html>