FREAK, Logjam, DROWN All a Result of Weaknesses Demanded By US Gov't

itwbennett writes: You need look no further than the FREAK and Logjam attacks in 2015 and the DROWN attack announced just this week to get a sense of 'the dangers of deliberately weakening security protocols by introducing backdoors or other access mechanisms like those that law enforcement agencies and the intelligence community are calling for today,' writes Lucian Constantin. But this isn't a new problem. 'One approach [the government] used throughout the 1990s [to keep encryption under its control] was to enforce export controls on products that used encryption by limiting the key lengths, allowing the National Security Agency to easily decrypt foreign communications,' says Constantin. 'This gave birth to so-called 'export-grade' encryption algorithms that have been integrated into cryptographic libraries and have survived to this day.'

Re:What about "Import Grade"

[freeze128]

But would a US Citizen trust encryption from another country to not have a backdoor or other such weakness that might allow that country's government to crack it easily?

"Government's Fault" is a bit of a reach

[xxxJonBoyxxx]

I remember the 1990's crypto wars. But we've also had plenty of time to refactor our code, create secure-by-default installations and disable insecure implementations. In fact, as an industry, we've done it before for SSL 2.0, MD5, SSL 3.0, RC4 and now SHA1.

Re:What about "Import Grade"

[Sperbels]

Haven't you been paying attention to the government's whole argument for weakening encryption? Because one out of every few million nobodies like you and me become radical bombers and do things like blow up sky scrapers/marathons/etc and they want to be able to track down all your friends, family, and associates after the event.