<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 17/09/2015 16:30, Salz, Rich wrote:<br>
</div>
<blockquote cite="mid:1442503817863.52938@akamai.com" type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css" style="display:none"><!--P{margin-top:0;margin-bottom:0;} --></style>
<p><br>
</p>
<div style="color: rgb(33, 33, 33);">
<div>
<div dir="ltr">> The occasional cryptanalytic success
implies that the NSA is generally more advanced, but not
always.
<br>
<br>
I am probably being dumb, but I don't see how the timeline
justifies that conclusion.<br>
<br>
The only datapoint that we seem to be confident about is
that the NSA quietly strengthened DES against differential
attacks before the public community knew of them.<br>
</div>
</div>
</div>
</blockquote>
<br>
Not convinced all of that statement is true. It is now reasonably
well established both that IBM knew about differential attacks and
were asked to keep quiet about them, *and* that the NSA knew that
when they strengthened DES against them. It would seem reasonable
therefore that the NSA quietly strengthened DES against the attack
because they knew it was no longer their own secret, and didn't
trust it not to leak from IBM. They could well have also known
about linear, and not strengthened DES against that because they
believed that knowledge was still restricted to themselves, hence
strengthening against it would be a disclosure.<br>
</body>
</html>