FREAK, Logjam, DROWN All a Result of Weaknesses Demanded By US Gov't

itwbennett writes: You need look no further than the FREAK and Logjam attacks in 2015 and the DROWN attack announced just this week to get a sense of 'the dangers of deliberately weakening security protocols by introducing backdoors or other access mechanisms like those that law enforcement agencies and the intelligence community are calling for today,' writes Lucian Constantin. But this isn't a new problem. 'One approach [the government] used throughout the 1990s [to keep encryption under its control] was to enforce export controls on products that used encryption by limiting the key lengths, allowing the National Security Agency to easily decrypt foreign communications,' says Constantin. 'This gave birth to so-called 'export-grade' encryption algorithms that have been integrated into cryptographic libraries and have survived to this day.'

"Government's Fault" is a bit of a reach

[xxxJonBoyxxx]

I remember the 1990's crypto wars. But we've also had plenty of time to refactor our code, create secure-by-default installations and disable insecure implementations. In fact, as an industry, we've done it before for SSL 2.0, MD5, SSL 3.0, RC4 and now SHA1.