Why the hell would the NSA offer MONEY for you to adopt their encryption proposal if it was actually legitimately good?
It doesn't matter if you have any other information on the security of the algorithm; the fact that they're offering you money should speak for itself.
Well, the NSA has a track record of making public encryption algorithms stronger. They proposed changes to DES which puzzled researchers at the time, but years later were shown to significantly harden the algorithm against some attacks.
I don't have the citation on hand right now, but if I recall correctly their recommendations strengthened DES against mathematical attacks, but weakened it against brute-force attacks.
I don't know what it means to weaken DES against brute-force attacks, but, if I recall correctly, their changes did weaken it against linear crypto analysis. Their change was to replace the random constants of DES's s-boxes with their own constants. They have since then published the criteria that they used to generated these constants. Based on the fact that everything I have read on the subject, and talking with several cryptographers, says that the change was to strengthen DES against differential crypto-analysis, I think it is reasonable to believe that this is supported by looking at how they generated the constants.
NSA suggested decreasing DES's key size. IBM ultimately agreed to use effectively 56-bit* keys. This by definition makes brute force attacks easier. It was apparently criticized at the time, but it's worth noting that there's nothing secretive about it -- it's a basic and obvious element of the algorithm.
The public cryptographic community started brute-forcing DES keys for fun in the '90s; with the NSA's budget, they could have been doing it from the beginning.
* DES keys are 64 bits, but 8 bits are for parity, so the meaningful key length is 56 bits.
The NSA is really bizarre because they have two missions: 1) to break encryption and spy, and 2) to make better encryption so the enemy can't spy on the U.S.
It makes sense if you think about it: Both goals are useful to Uncle Sam and both require the same skill set. The trouble is it obviously creates quite the conflict of interest.
It doesn't make sense. It's set up that way for historical reasons, and because the folk in charge have always really prioritised 1) over 2), and hence have had no motivation to suggest a better alternative.
While a separate organisation might be best, even a division within NSA etc. explicitly tasked with protection rather than intelligence gathering would be preferable to the status quo, so long as its head could be publically known. In the end it comes down to there being no individual with that responsibility. You need someone who is visible in that role, whose mission is purely to protect, overseeing a staff whose mission is purely to protect.
Because while the NSA would love to backdoor your application, they also want to be the only ones who backdoor your application. The NSA would still want to promote security to prevent other malicious attackers from being able to exploit a domestic corporation bad security.
It's in the best interests of national security for the NSA to promote both good and/or backdoored algorithms for all allied nations and their corporations.
It doesn't matter if you have any other information on the security of the algorithm; the fact that they're offering you money should speak for itself.