Making and breaking encryption is one of the main roles of a signals intelligence agency. That the National Security Agency (NSA) engages in such activities is not surprising. Aspects of this work aren't even secret: NSA involvement in the development of some cryptographic standards was legally mandated and openly acknowledged.
What we don't know, in general, are any specific details. Recent headlines, both here at Ars and elsewhere, paint a grim picture, suggesting that many or all of the cryptographic safeguards that people use to protect their privacy have been undermined. Simultaneous with this, cryptographic experts have said that the mathematics underpinning crypto is still basically sound. These attacks instead depend on implementation flaws, bad passwords, weak algorithms, corporate cooperation, and, perhaps, backdoors.
These mixed messages and ill-defined capabilities sound scary but perhaps scarier than they really are.
Read 14 remaining paragraphs | Comments