When you do require a "magic constant" in a cryptographic algorithm, it is common to show good faith by deriving it in a way that would make it difficult to embed a backdoor. For instance ascii text, digits of pi, or the lowest AES encrypted number that fulfils certain criteria.
The initialization constant in SipHash is awesome: "somepseudorandomlychosenbytes".
Right, but that would be a backdoor in that particular implementation. If you implement RSA yourself, you're safe from backdoors. (With the usual caveats about compilers, operating system and hardware.)
The insidious thing about cryptographic backdoors is that they're embedded in the specification itself. Any conforming implementation will be vulnerable.
When you do require a "magic constant" in a cryptographic algorithm, it is common to show good faith by deriving it in a way that would make it difficult to embed a backdoor. For instance ascii text, digits of pi, or the lowest AES encrypted number that fulfils certain criteria.
The initialization constant in SipHash is awesome: "somepseudorandomlychosenbytes".