> applications tend to "borrow" the OS's, and no OS I know of uses a design taken directly from NIST.
Windows has support for it (although it's up to applications to choose to use it or not).
If it's part of a standard then it might be required by some organisations. For example other government/military agencies and people dealing with them. They could also look to pass laws to require corporations protect their customers private data using the standard. And just have people recommend the standard to everyone, after all was designed by NIST/NSA.
It's also likely to end up in software that wants to support those use cases which could have seen it filter out to other uses. And possibly hardware support.
If the potential for a backdoor hadn't been discovered people wouldn't have objected/noticed.
> Dual EC is very slow. Nobody would willingly use it.
Which leaves the question of why it would end up in the NIST standard if it's not very good.
Of course maybe they where just testing the waters.
Windows has support for it (although it's up to applications to choose to use it or not).
If it's part of a standard then it might be required by some organisations. For example other government/military agencies and people dealing with them. They could also look to pass laws to require corporations protect their customers private data using the standard. And just have people recommend the standard to everyone, after all was designed by NIST/NSA.
It's also likely to end up in software that wants to support those use cases which could have seen it filter out to other uses. And possibly hardware support.
If the potential for a backdoor hadn't been discovered people wouldn't have objected/noticed.
> Dual EC is very slow. Nobody would willingly use it.
Which leaves the question of why it would end up in the NIST standard if it's not very good.
Of course maybe they where just testing the waters.