Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Humor me... if encryption had a backdoor, then ransomware could be effectively mitigated.... Though I'm not a proponent of backdoors by any means, I don't see the logical flaw here.


...Because criminals are going to use state-sanctioned encryption software with mandated backdoors?

Even if everything off the shelf and open source has some built-in escrow unlocking keys compiled in, hackers are just going to find those code paths and remove them. Encryption works because of certain mathematical principals and laws.

Backdoors will only let governments look at legitimately encrypted data and not anything made by criminals who know how technology works.

There's a bigger question here: what if the NSA or CIA or some other intelligence/defence organisation discovers a solution to solve some of these hard problems in polynomial time .. and then doesn't release that information so they can use it to spy.

In that situation you're going even further: you have agents who are literally holding back scientific research that could change the entire field of mathematics and human understanding, research that could advance number theory by orders of magnitude (a jump equal to that of going from the first flight Kitty Hawk to the Saturn 5 rocket), for limited political gain.


That makes sense...

So "If encryption had a backdoor" is meaningless. It's really "If a given encryption implementation had a back door" and no one is making the criminals use certain algorithms.

thanks


Well, the bigger problem would be ensuring that the criminals used known broken encryption. The only advantage is that many of these attacks are copy-cat, so if you released the source code for a broken ransomware implementation, it will probably get used more or less verbatim… as has been shown in the past. (https://threatpost.com/bitcrypt-ransomware-deploying-weak-cr..., https://www.utkusen.com/blog/destroying-the-encryption-of-hi...)

Anyone who actually knows what they are doing, and are prepared to break the law, would just use AES. All of those law-abiding institutions would be forced to use a weak encryption scheme.

Sure, it might help stop script kiddies, but it won't help to stop professionals, and professionals are the ones that you have to worry about, since they end up hosing 45,000+ installations in a day.


If they don't just replace your data outright with noise.


Assuming that the criminal opts to use the encryption with an NSA backdoor and the victim is able to schedule time at their local NSA Genius Bar to recover their data.


> if encryption had a backdoor

This is the flaw in the logic. "Encryption" can't have a backdoor any more than math can have a back door.

Specific types of encryption can. But there's nothing to stop a malicious user from using a non-backdoored encryption algorithm or inventing their own.


Yeah, I don't think ransomware is going to use the US approved algorithm. What they are doing is already illegal.


So developers of ransomware would build backdoors into their ransomware because the law requires them to?


How would you practically do that? Send all those encrypted hard drives to NSA to be decrypted? Publish the backdoor, effectively rendering that encryption scheme broken?


Just ask the NSA to send you the un-encrypted files - they probably have them in their database anyway.


Wouldn't the attackers just use a crypto scheme that didn't have a backdoor?


The logic is that encryption without a backdoor already exists, and no law can stop a criminal writing a virus from using that.


Then encryption wouldn't be doing what it's set out to do.


The logic is sound in theory. But in practice if the government can't protect its exploits, they mot likely can't protect their keys to the backdoor.


Why would the people reaping the rewards of ransomware use encryption that has backdoors if backdoorless encryption already exists.


It's either turtles all the way down (backdoor of the backdoor of the backdoor..) or you always strive for secure software.


Why would ransomers use encryption with a back door? It's not like you can force them to only use the crackable math.


Who has the keys to the backdoor? How do you force the ransomware authors not to use the good encryption?


Only if the bad guys use the NSA-backdoored encryption.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: