It is my, unsubstantiated, guess that these kinds of standards are kept deliberately complicated and weak to allow the “three letter agencies” to exploit them. I would expect the government itself when needed uses the most secure or even an improved version of the spec which does not have these obvious vulnerabilities.
It is my, unsubstantiated, guess that these kinds of standards are kept deliberately complicated and weak to allow the “three letter agencies” to exploit them. I would expect the government itself when needed uses the most secure or even an improved version of the spec which does not have these obvious vulnerabilities.