
You can do encryption backdoors - xylon
http://cafereview.xylon.me.uk/you_can_do_encryption_backdoors.html
======
natch
The author forgets that governments aren't very good at protecting their own
secrets.

For example, if even the NSA can't protect its own secret hacking tools from
leaking, why should anyone expect they, or any such entity for that matter,
can be trusted to always protect all their secret keys? Answer: They can't.
Any other answer is a fantasy.

Unless I am missing something here, it seems this problem utterly destroys the
author's argument.

~~~
ryanlol
I'm not sure if this is actually the case. HSMs exist and it should be well
within the governments capabilities to implement sufficient physical controls
to defend against attacks.

I mean, they seem to manage pretty well with nuclear weapons.

~~~
natch
>I mean, they seem to manage pretty well with nuclear weapons.

"Seem to" but no. They don't. With countries like North Korea, Iran, Pakistan
and China all having got ahold of the know-how to make nukes, all evidence is
that government has failed spectacularly on this front.

~~~
gizmo686
Is there any evidence that those countries got access to US nuclear secrets?

Science and engineering technology has advanced considerably since it took a
Manhattan project for the US to build them. Plus, even from the beggining, the
US was not the only country reasearching the tech; so if those countries did
use another countries classified nuclear info, said info might still have
originated outside of the US

~~~
natch
>Is there any evidence that those countries got access to US nuclear secrets?

There is no evidence that they didn't. And why qualify your question with
United States? The leakage of secrets we need to be concerned about is not
just from the US. If they got secrets from non-US countries, that is a concern
too.

Turning back to encryption backdoor keys, other countries, besides the US,
will also have these keys, if such a thing is instituted. The leakage of these
keys will have consequences for everyone, in all countries, even if the keys
are different for different countries. International communication and
commerce is a commonplace daily activity for most of us now, so a breach of
security anywhere can affect people everywhere.

------
hannofcart
Am a near know-nothing when it comes to encryption.

While asymmetric key encryption like PGP can indeed be used to encrypt for
multiple agencies, is something similar possible for symmetric key encryption
algorithms? Presumably when people are storing their own data in encrypted
format, it's some symmetric key encryption that is used?

Of course one could get around that by using PGP to encrypt a randomly
generated password which then is used as the passkey for symmetric key
encryption like aes-256? Like the SSL handshake?

But then the original problem stays. If for some reason, the government's
private key were to leak, they'd render all data vulnerable.

But perhaps even THAT can be worked around by issuing the govt. a new private
key per user?

~~~
natch
>If for some reason, the government's private key were to leak, they'd render
all data vulnerable.

Yes and keep in mind that if private keys leak, this fact may be kept hidden
from the government, so the vulnerability of the data could also be unknown to
the government. And master keys can leak too. Of course the government would
work very hard to protect these keys. Just like they protected the NSA's
hacking toolkit that leaked.

~~~
ryanlol
>Just like they protected the NSA's hacking toolkit that leaked.

There's simply no comparison to be made between keys stored and generated
offline in a high-end HSM and warez.rar being passed around by a bunch of
analysts.

~~~
brokenmachine
In both instances they are things meant to be kept secret.

------
parliament32
"Can't" was never the problem. It's definitely technically possible.

The problem is, once you give the government this special key (ie your
recipient #2 on your GPG file), how do you trust them to not let it fall into
bad actors' hands?

------
IshKebab
Sounds like the author hasn't heard of the clipper chip.

