I think a 3rd option is actually much more likely and (semi) less conspiratorial:
3. NSA realized that "frontal assaults" against encryption were a lot less fruitful than simply finding ways to access info once it has been decrypted.
Would have to search for the quote, but Snowden himself said exactly that, something along the lines of "Encryption works, and the NSA doesn't have some obscure 'Too Many Secrets' encryption breaking machine. But endpoint security is so bad that the NSA has lots of tools that can read messages when you do." And indeed, that's exactly what we saw in things like the Snowden revelations, Pegasus, and I'd argue even things like side-chain attacks.
Plus, I don't even know what "The three letter agencies successfully subverted the entire chain of trust" means. In the case of something like TLS root certificates that makes sense, but there are many, many forms of cryptography (like cryptocurrency) where no keys are any more privileged than any other keys - there is no "chain of trust" to speak about in the first place.
I've long (post-snowden?) estimated NSAs capabilities are roughly what you imply. Lots of implementation-specific attacks, plus a collection of stolen/coerced/reversed TLS certs so they can MITM a great deal of web traffic. US-based cloud represents another big backdoor for them to everyone's data there, I think.
They've presumably got a pretty vested interest in making sure most communications are legitimately secure against most common attacks - arguably good for national security overall, but doubly good for making sure that if anyone can find a novel way in, its them, and not any of their adversarial peers.
There's a reason many corporate information security programs don't go overboard with mitigations for targeted, persistent, nation-state level attacks. Security is a set of compromises, and we've seen time and time again in industry that this sort of agency doesn't need to break your encryption to get what they need.
When the NSA for example has access to the Intel ME or AMDs version of it(and I think they do) then they surely don't need to break any encryption. They don't even need to hack. They just would have direct access, to most Desktops/Servers.
Even this is too conspiratorial for me. Not because I believe the NSA wouldn't like access, but because it's not the best approach. Convincing Intel or AMD to have a hidden back door, and to somehow keep that it hidden, is a nearly impossible task. Compare that with just hunting for 0-days like the rest of the world, which the NSA has shown to be quite good at.
Not saying there couldn't be a targeted supply chain attack (that's essentially what was revealed in some of the Snowden leaks, e.g. targeting networking cables leased by big tech companies), but I don't believe there is some widely dispersed secret backdoor, even if just for the reason that it's too hard to keep secret.
At a minimum, it's a thing that certain security conscious consumers (cough DoD) were able to get Intel to include a hidden (not typically user accessible) bios flag for disabling most features of the management engine. So they're at least concerned about it as a security risk. That doesn't necessarily mean they also have backdoors into it, but it's not crazy to think they might. It's hard to be too conspiratorially minded with respect to intelligence stuff, if you aren't making the mistake of treating suppositions as facts.
>Convincing Intel or AMD to have a hidden back door, and to somehow keep that it hidden, is a nearly impossible task
Interesting, how would an X86 instruction with hardcoded 256-bit key would be detected? IIRC it's really hard to audit the instruction space for CISC architecture.
Well sure, they would not use it for everyday standard cases to limit exposure. Intel does have something to loose, if this would became public knowledge.
But I cannot believe they resisted the temptation to use that opportunity to get such an easy access to so many devices.
Huh? As far as I know every Intel ME has access to the internet, can receive push firmware updates and write access to everything else on the system. It does not need a modified version, they can just use the official way, the normal Intel ME on target devices, if they can cloack their access of the official server, which I think could be achieved of using just the key of the official server and then use another server posing as the official server.
But it has been a while that I read about it and I never took it apart myself, so maybe what I wrote is not possible for technical reasons.
I don't think that's the case. Don't you need to have a selected NIC, integrated properly to get the Intel ME network features? Typically branded as "Intel vPro"
Otherwise, you need something in your OS to ship data back and forth between the ME and whatever NIC you have.
vPro, also known as AMT, is proprietary and it's for professional desktop and laptop systems. ME instead is based on IPMI and is for server-class systems.
Are they reusing the name to be more confusing? Intel ME calls to mind the management engine that's been embedded in most Intel based computers for the last 15 or so years.
The trouble is, as far as I know, that the ME cannot be deactivated. Even if you are a really sensitive network.
Your option is to find some of the few Intel chips without it, or find another chip vendor.
This often means you can't use common off the shelf systems, so now you can be a victim of a targetted supply chain attack.
Attacking machines directly over the network is dangerous for them from the standpoint of detection, though. You can bet that any ME/PSP remote access exploits are used very carefully due to potential detection.
You're right though, I guess I didn't mean to say that NSA would give up on or would not want back doors into widely deployed crypto algorithms, but even with Dual_EC_DRBG the suspicions were widely known and discussed before it was a NIST standard (i.e. I guess you could say it was a conspiracy, but it wasn't really a secret conspiracy), and the standard was withdrawn in 2014.
3. NSA realized that "frontal assaults" against encryption were a lot less fruitful than simply finding ways to access info once it has been decrypted.
Would have to search for the quote, but Snowden himself said exactly that, something along the lines of "Encryption works, and the NSA doesn't have some obscure 'Too Many Secrets' encryption breaking machine. But endpoint security is so bad that the NSA has lots of tools that can read messages when you do." And indeed, that's exactly what we saw in things like the Snowden revelations, Pegasus, and I'd argue even things like side-chain attacks.
Plus, I don't even know what "The three letter agencies successfully subverted the entire chain of trust" means. In the case of something like TLS root certificates that makes sense, but there are many, many forms of cryptography (like cryptocurrency) where no keys are any more privileged than any other keys - there is no "chain of trust" to speak about in the first place.