'The Washington Post is reporting that these are legitimate NSA tools.
'I looked at two tools and found:
128-bit keys generated using 64 bits of entropy.'Maybe I simply picked bad tools and the others are all fantastic, but I kind of doubt it. Overall, I’m not impressed by what I’ve seen here.'
Apparently repeated IVs.
(Update) IV leaks bits of the hash of the plain text.
No authentication of the encrypted communication channel.
Sloppy and buggy code.