@aryastark - What's the nature of AES 128 & Co., meaning: Who can and cannot discover flaws? Is this like open source where the whole world can watch or is this somehow a closed thing like Windows, MacOS, etc.?
These are openly available, highly reviewed algorithms - their adoption as standards, too, is done by a process of open competition. And it's probably safe to say that the amount of research and analysis being done on them in the open exceeds that done in secret by government agencies by a wide margin.
Also, note that while AES and friends are public and designed "in the open", the government also has a number of algorithms that are developed and used internally and are not "public".
Correct. The AES family of algorithms are public knowledge, not proprietary. They are open for scrutiny by mathematicians and crypto experts across the world.
As a (related) example, consider the SHA family of hashing algorithms.
Competitions are held in which anyone can submit their own algorithm as a possible contender. Like a beauty pageant, the entries are narrowed down over a few rounds until just a few are left. Eventually, one algorithm is chosen and declared the winner!
The whole process is done in the open and, similar to RFCs, anyone who wishes to may provide feedback.
The SHA-3 competition took roughly five years. You can read about the whole process on the NIST's web site:
I'm not a developer or math whiz so most of the underlying principles of crypto are over my head but read about the process (above) is quite interesting and gave me a much better understanding in general.
