A recent wikileaks dump of CIA material included a file called “Network Operations Division Cryptographic Requirements“. Assuming it’s genuine, this 17-page PDF describes crypto policy that must be followed by developers of “tools used to advance the CIA’s intelligence collection activities”.
Since a government security agency has insight into the state of the art in non-public cryptanalysis, it’s interesting to see what government spies recommend as a secure policy for crypto usage. Here I’ve picked out a few of the highlights that were interesting to me, in particular in the ways they’re different from other public crypto standards like PCI or ECRYPT.