

Back doors are bad for security architecture - LukeLambert
https://blog.agilebits.com/2015/04/29/back-doors-are-bad-for-security-architecture/

======
exelius
In other news, the sky is blue. Just because you hand me a dog and say "look
at my beautiful cat!" doesn't mean it's a cat. And people with access to
"secure back doors" don't always have your best interests at heart, even in
the implausible situation that the government does.

~~~
jpgoldberg
Sure, you know that. I know that. And anyone who has been through this before
knows that.

In some of my earlier drafts of the article, it was titled "Back (door) to the
Crypto Wars". But just because we've had this conversation before, doesn't
mean that it doesn't have to be explained again (and again, and again).

Also, I think that I make a point beyond the obvious security problems of a
back door, and go on to the architectural ones.

------
hobarrera
Also in tonight's news: chewing glass is bad for your mouth.

------
blueflow
Captain Obvious strikes again.

~~~
dalke
Your comment reads like a reflex action based on the title. It contributes
nothing to the underlying political question of the essay, which concerns how
the authorities want to define that government accessible backdoor ("secure
golden key") is not actually a backdoor.

This is of course incorrect. But without articles like this, it's easy for the
authorities to say that it's obvious that backdoors are bad, but what they are
asking for isn't a backdoor.

~~~
blueflow
Its also obvious that things itself aren't different just because you give
them a different name.

~~~
dalke
What's a backdoor?

[http://en.wikipedia.org/wiki/Back_door](http://en.wikipedia.org/wiki/Back_door)
says "a hidden method for bypassing normal computer authentication systems".
[http://en.wikipedia.org/wiki/Backdoor_%28computing%29](http://en.wikipedia.org/wiki/Backdoor_%28computing%29)
elaborates:

> A backdoor in a computer system (or cryptosystem or algorithm) is a method
> of bypassing normal authentication, securing unauthorized remote access to a
> computer, obtaining access to plaintext, and so on, while attempting to
> remain undetected.

What the government says is that they want access to the front door. They
don't want a hidden method, and they don't want to remain undetected.

Ergo, they don't want a backdoor.

Why do you think they are the same things?

This essay says that that surface definition is incorrect, and explains why.

~~~
blueflow
The german, simple english and spanish versions of the same Wikipedia article
do not include the "hidden"-part. Doesn't that seem a little bit inconsistent?

Probably because Language in general is far from consistent and accurate, and
i won't waste time discussing with you over abstraction details (thats what
languages are).

What you say the authorities want is surely not what makes the security
situation better, especially because of the increasing abuse potential. And
just covering it up with some nice words won't make it any better.

~~~
dalke
"What you say the authorities want..."

There is no reason for you to care about my views of what the authorities
want. The article goes into those details, with quotes from government
officials about exactly what they want and links to sources.

> Prime Minister Cameron declared that there should be “no means of
> communication” that his government “cannot read.” Yet he also stated that
> this would not involve a “back door.”

> Why not, suggested [[NSA head] Rogers], require technology companies to
> create a digital key that could open any smartphone or other locked device
> to obtain text messages or photos, but divide the key into pieces so that no
> one person or agency alone could decide to use it?

I suggested that your comment "reads like a reflex action based on the title".
I still do not believe that you read the article before making your comment.

~~~
blueflow
Look at the other first-level comments. /thread

