This website contains age-restricted materials including nudity and explicit depictions of sexual activity.
By entering, you affirm that you are at least 18 years of age or the age of majority in the jurisdiction you are accessing the website from and you consent to viewing sexually explicit content.
So I wrote a long-ass rundown of this but it won’t post for some reason (too long)? So TLDR: this is a 17,600-word nothingburger.
DJB is a brilliant, thorough and accomplished cryptographer. He has also spent the past 5 years burning his reputation to the ground, largely by exhaustively arguing for positions that correlate more with his ego than with the truth. Not just this position. It’s been a whole thing.
DJB’s accusation, that NSA is manipulating this process to promote a weaker outcome, is plausible. They might have! It’s a worrisome possibility! The community must be on guard against it! But his argument that it actually happened is rambling, nitpicky and dishonest, and as far as I can tell the other experts in the community do not agree with it.
So yes, take NIST’s recommendation for Kyber with a grain of salt. Use Kyber768 + X448 or whatever instead of just Kyber512. But also take DJB’s accusations with a grain of salt.
Honestly at this point… I’d be surprised if they are seriously undermining encryption. NIST and NSA need encryption to work to protect the government itself … they’re to my knowledge not staffed by idiots, and a lot has changed since the 90s and early 2000s. Encryption is a core portion of security in 2023.