I'm sorry, but my post said things worked out - not that they cracked the code. I was clear they wouldn't tell me anything. I had always assumed the mug was from the gift shop. It would be hard to think otherwise.

You're absolutely right...I forgot the time diff as I wrote the story and some is just plain fuzzy after all this time. I spent hours on the phone with them that night and I was giving them guidance by memory since I was so familiar with the code. Somewhere in the course of that they ventured to ask for he source.

Yeah, makes sense. And I planned it all out even down to timing the post to hit last night after midnight before all the pipe bomb news this morning on TV. Or, much closer to reality, maybe I just wanted to see if I could write a post that got some traction. Don't overthink it.

This is an incredibly condescending and insensitive post... Why would you attack the completely valid opinion from that person in this way?

I did not roll my own. Very few people in the world are smart enough to do that. I just create a very nice user interface to make things easy for ordinary Windows users.

The only thing I did masterfully was write a Medium article that got some attention. I didn't even include a link to the old software which hasn't been updated in a decade. It's nothing more than an interesting story about one night nearly 20 years ago. Sorry to disappoint.

Can I return the blenders?

Ha ha. We moved on years ago. Our conversations are now typically about the fact he as way more patents than me. I only have two ;)

Exactly. TrueCrypt was the big open source product at the time. A great product used by many hundreds of thousands of people -- I know, because I used to track their progress.

The laws were different back then. The State Dept changed the rules a decade or more ago, I forget when, and AES 256 has been the default cipher ever since. Encryption is listed as a munition. I would have gone to jail if I put anything greater than 40-bit encryption on the shareware sites. Look what happened with Phil Z with PGP.

The law was changed a year before your story takes place.

All commercial encryption software uses the same public ciphers. Do you really think nearly 20 years after the fact I'm trying to impress anyone? But, they were impressed at the time about my user interface which wrapped the ciphers, and they later had a group visit me in California about some internal uses of that same UX; but nothing came of it in the end.

Yeah that was the impression the blogpost left me with. If I'm in the wrong I apologize but as always I feel that honesty is the best policy.

The ciphers are public. Providing source for this specific implementation of "user interface" did nothing more than indicate sizes of file headers, etc. No customers were put at risk. All I did was save the NSA maybe a few hours of time during a critical moment. Do you really think they couldn't have figured out there is a 4K file header (see, I've said it here, no harm).

Can you explain how you can prove you are talking to the NSA by call foo ask to be transferred to bar, ask to speak to baz?

Logically the fact that you called into the navy base indicates you are talking to them but by the time you get transferred how do you know who you are ultimately talking to?

Couldn't you be talking to anyone who works at the navy or works with someone who works at the navy? One great thing about court orders is that its trivial to authenticate them and they get the exciting task of making sure the person asking for them is a legitimate actor on legitimate business.

If a random private wanted to fool you couldn't they have had you call in in such a way as you would trivially be talking to a known party who will ultimately transfer you said party? Hey this joker is going to be transferred to your extension asking to speak to john doe at the NSA send him to my extension please.

Considering that we now know that intelligence apparatus was used to spy on love interests how do you know you were collaborating with a legitimate legal operation as opposed to illegal spying on citizens?

Likely you aren't in a position to judge right which is why we have you know judges and court orders and such ceremony.

I respond to random calls that seem strange by hanging up and telling them to send me something official in the mail.

Neither the people who claim they would like me to give me a fortune I inherited overseas, the guy who claimed I won the lottery, or the guy that claimed to be the IRS demanding immediate payment have followed up yet.

At best your judgement is questionable.

Here's how I looked at it -- they are 1000x smarter than me on matters of encryption. It was totally unlikely I knew something they didn't. At most, I saved them a few hours on a matter of life and death, and I had minutes to make that decision. And recall, back then, people felt differently about the NSA. If this was a total spoof - the reality is I didn't give anything up. I didn't invent the encryption ciphers. I just packaged common ciphers in a user interface people really liked.

But in response to the people here who think I was tricked. That's not the case. What I didn't put in the post was that a team from the NSA visited me in California a few months later. But again, had I been tricked, it wouldn't have mattered.

You remembered to mention the coffee cup but you forgot to mention the team from the NSA that visited you to confirm the authenticity of what sounds on the face like a story of you getting scammed.

I'm sorry this is utterly beyond belief.

Are you OK with a freedom of information request regarding the NSA's request for your participation in helping the NSA break into your customers machines?

If I understand correctly such a request could be made by anyone running your software.