White House Floats Idea Of Crypto Backdoor... If The Key Is Broken Into Multiple Pieces
from the crossing-the-threshold dept
It's no secret that some in the law enforcement and intelligence communities are hell bent on stopping encryption from being widely deployed to protect your data. They've made it 100% clear that they want backdoors into any encryption scheme. But when actual security folks press government officials on how they're going to do this without undermining people's own security and privacy, we get a lot of bureaucratic gobbledygook in response. Either that or magical fairy thinking about golden keys that basically any security expert will tell you are impossible without weakening security.Not surprisingly, the law enforcement and intelligence communities are not giving up yet. The latest is that the White House appears to be floating a proposal to setup a backdoor to encryption that requires multi-party keys. That is, rather than just having a single key that can decrypt the content, it would require multiple parties with "pieces" of the "key" to come together to unlock it:
Recently, the head of the National Security Agency provided a rare hint of what some U.S. officials think might be a technical solution. Why not, said Adm. Michael S. Rogers, require technology companies to create a digital key that could open any smartphone or other locked device to obtain text messages or photos, but divide the key into pieces so that no one person or agency alone could decide to use it?Of course, this proposal is nothing new. As Declan McCullagh points out, during the first "Crypto Wars" of the 1990s, the NSA proposed the same sort of thing with two parties holding parts of the escrow key. It was a dumb idea then and it's a dumb idea now.
“I don’t want a back door,” said Rogers, the director of the nation’s top electronic spy agency during a speech at Princeton University, using a tech industry term for covert measures to bypass device security. “I want a front door. And I want the front door to have multiple locks. Big locks.”
The idea being floated here is that by setting up such a system, it's less open to abuse by government/law enforcement/intelligence communities. And maybe that's true. It makes it marginally less likely to be abused by the government. But it can still be abused quite a bit. It's not like we haven't seen multiple government agencies team up to do nefarious things in the past, or even federal officials and private companies. Hell, just look at the recent discussions about the DEA's phone records surveillance program, where the DEA later teamed up with the NSA. And, also, that program required the more or less voluntary cooperation of telcos. So the idea that the requirement of multiple parties somehow lessens the risk seems like a stretch.
But, even if it actually did reduce the risk of direct abuse, it doesn't get anywhere near the real problem with this approach. If you're building in a back door, you're building in a vulnerability that others will eventually be able to exploit. You are flat out weakening the system -- whether or not you split up the key. You're still exposing the data to those with nefarious intent by weakening the overall system.
Thankfully, at least some in the government seem to recognize this:
“The basic question is, is it possible to design a completely secure system” to hold a master key available to the U.S. government but not adversaries, said Donna Dodson, chief cybersecurity advisor at the Commerce Department’s National Institute of Standards and Technologies. “There’s no way to do this where you don’t have unintentional vulnerabilities.”So, now the questions is if the White House will actually listen to the cybersecurity experts at NIST -- or the people who want to undermine cybersecurity at the NSA and the FBI?
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoors, crypto, cryptowars, encryption, key escrow, mobile encryption, multiple piece, nist, nsa, threshold
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
"So, now the questions is if the White House will actually listen to the cybersecurity experts at NIST "
I wouldn't rely on NIST any more than I'd suggest relying on what NIST represents, such as FIPS - which happens to be mandated on every machine and is basically an imaginary wishlist of "your machines/processes are secure!"
[ link to this | view in thread ]
[ link to this | view in thread ]
Lol, just KIDDING!
NSA would get all the pieces anyway - with or without the other agencies' permissions (as if I'm going to believe they wouldn't give them their pieces anyway).
[ link to this | view in thread ]
The stupid, it burns
In order to be used, the parts of the key have to be brought together. At which time, there is a whole key just waiting to be saved for future use.
Whatever reduction in the security problems breaking the key up in pieces brings only lasts until the first time the key is actually used. All bets are off after that.
[ link to this | view in thread ]
Sure If the US economy is Fiscally responsible If the key Is leaked
[ link to this | view in thread ]
Two people can keep a secret.
Two people can keep a secret only if one of them is dead.
[ link to this | view in thread ]
[ link to this | view in thread ]
US Gov = adversary
I think everyone sees the US government as an adversary.
[ link to this | view in thread ]
They're probably afraid they'll lose out on their bribes.
Unless this is already implemented in hardware and waiting to be activated (like with cell phones/baseband)- it would have to be done with new hardware changes. Otherwise FOSS would just fork and code around this BS.
[ link to this | view in thread ]
Do you want ANYONE to have access to your things?
Actually, it doesnt matter if you want it or not because they will do it anyway. Point is, "m..muh terrurists" is not a good excuse, especially because almost every organized terror group can be linked to the US government.
O hey lets give these people guns and help them overthrow a legitimate government over there because while thats exactly how every scary terrorist group starts, this one will be different.
They want to fuck with their own people for something they did themselves.
[ link to this | view in thread ]
Master keys for the front door
[ link to this | view in thread ]
Re:
That's why the fact that certain government officials continue to insist that they don't want a backdoor is ludicrous and wrong by definition. And it's also why I will continue to ridicule them and disregard what they say on this topic as utter bullshit.
[ link to this | view in thread ]
Re: The stupid, it burns
You're right, the stupid burns!
[ link to this | view in thread ]
Re: US Gov = adversary
[ link to this | view in thread ]
Controlling the key holders is equivalent to being the sole holder of keys
[ link to this | view in thread ]
Partisanship
Elsewhere on the 'net, in another recent conversation about this Washington Post article, a commenter noted that the Clipper Chip proposal came during the Clinton administration.
So, is it that the Democratic party policy honchos believe in key escrow? Or is it just that the Clinton and Obama administrations just pushovers for the NSA and FBI on key escrow?
[ link to this | view in thread ]
Break key into parts small enough for NSA to break
[ link to this | view in thread ]
Re: Master keys for the front door
They'll just hit up Microsoft, Samsung, Sony, and/or Facebook and copy their data, since people willfully give up their privacy for a "Like" vote.
[ link to this | view in thread ]
I'm actually fine with this.
[ link to this | view in thread ]
2)Unless the really think that other governments will go along with the US having a golden key to all of their citizens communications, this will only be of use against US citizens, oh.. that is what they want.
3)This would make US proprietary technology toxic outside the US, and it would Boost Linux and the BSD's position in the market, which might Might Microsoft and Apple say something.
[ link to this | view in thread ]
Re: I'm actually fine with this.
/Sarc
[ link to this | view in thread ]
Re: Sure If the US economy is Fiscally responsible If the key Is leaked
[ link to this | view in thread ]
Re: Master keys for the front door
[ link to this | view in thread ]
Re: Re: Sure If the US economy is Fiscally responsible If the key Is leaked
It's not a vulnerability, it's not a backdoor, it's not a front door, it's not a golden key, it's not a key fragment...
It's (whatever the magical word of the day is)
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Partisanship
[ link to this | view in thread ]
The international deal [was Re: ]
• Russia will have keys for Russian communications.
They'll form an international consensus. Every person's communications must be open to surveillance by some responsible government.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Partisanship
You know, that actually has a little bit of ring to it, “the failed Clinton-administration era Clipper Chip.”
[ link to this | view in thread ]
Re: The stupid, it burns
The NSA would go to extreme effort to ensure that the first time that key is fully assembled from its parts, that the NSA is able to capture a copy of the complete key.
There is another alternative even if the master key is never assembled.
The NSA would secretly make it a priority to go after each party holding a part of that key and to obtain their part of the key. Maybe the NSA would find a way to compromise the original key generation or distribution process. There is no limit to what they would do because the stakes are so high.
This is nothing less than a key to everything! The NSA must be salivating at the mouth! Effectively once the NSA gets this key, and they will, what we've just done is to remove all controls that the NSA presently has. Now there wouldn't even be a need to go to a court for a warrant. The NSA could simply unlock anything, any time.
To be found using a system that does not implement this magic key approach would be illegal. That fact should tell you everything you need to know about what they think of your privacy.
[ link to this | view in thread ]
Re: The international deal [was Re: ]
[ link to this | view in thread ]
My plan for crypto backdoors
[ link to this | view in thread ]
Re: Re: Re: Partisanship
Sorry about that initial oversight. Don't want to have bad grammar, though. Need the comma to make sure “failed” modifies “Clipper Chip” rather than “Clinton-administration era”.
[ link to this | view in thread ]
Question about Key Generation
Apparently there is a way to generate (at least) two completely working keys for some crypto algorithm.
1. A key for the person wanting privacy
2. A key (broken into parts) for the government
Can this cryptography algorithm generate keys 3 and 4? And 5 and 6? I'm sure this would have to be done at key generation time.
I'm just speculating about how this works, but it would seem that key generation time is a critical step. So where is the key generation done? Does the end user get to generate their own keys and then give the 'golden key pieces' to the government? (yeah, THAT seems secure) Or does the government generate the keys and give the end user their working key? That would mean that the government could just also keep the user's fully assembled key, along with numerous parties who intercept it in transit to the user who wants privacy.
Can anyone elaborate on how this type of multi key, multi key part cryptography actually works?
[ link to this | view in thread ]
front doors
Rogers doesn't point out that it's actually a separate front door, next to your regular front door, and you don't get any of the keys to this one. I guess it wouldn't sound so reasonable if he did...
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Question about Key Generation
Or you can consult one of the standard reference works on cryptography for various constructs with which to build a complete algorithm.
[ link to this | view in thread ]
What kind of Ceremony is required to assemble a key?
Or is it something like searching the pockets and all encrypted data of someone stopped for jaywalking? Something that will be done so widely and routinely that no effective controls actually exist.
[ link to this | view in thread ]
Re: Re: Re: Re: Partisanship
How about the failed Clinton-administration and clipper chip?
[ link to this | view in thread ]
It's the landlord with key issue
So, when the government requires front door keys why won't the guys they are REALLY worried about just use a different lock? The US laws won't apply EXCEPT for import restrictions... and why is the bad guy going to care that he downloaded a torrent file that has an import restriction when whatever he's hiding behind the encryption is far more nefarious that some stupid government law about which software he's "allowed" to use in the US?
The answer: He doesn't give a crap... and guess what... the gov has no front door, back door or anything else regardless of what law they pass.
See, the gov has this fantasy that that criminals follow laws. If he's hiding something in encryption which is illegal why would he care if his encryption software was legal?
So does this help catch terrorists or pedophiles like they claim it will? No. Those people, or at least those with an IQ over 80 will still be using stuff without giving the landlord a key. Everyone else is either stupid or not hiding something they feel the government wants to see.. Say a man hiding pics from his wife of his new girlfriend...
Totally pointless idea that just needs to die now.
[ link to this | view in thread ]
Re: front doors
[ link to this | view in thread ]
Re: It's the landlord with key issue
[ link to this | view in thread ]
Re: US Gov = adversary
As seen by every non-US customer of the companies that use such encryption - the US is a potential adversary. So they will never use/buy those products. So only US companies and citizens would be a market for said product. At that point, just like in the movie "Sneakers", the decryption machine is only good at spying on American citizens/companies.
So who is really perceived as a threat by the US government?
[ link to this | view in thread ]
Re: Re: Question about Key Generation
I haven't read Applied Cryptography since the 1990's. But I do remember, about page 100, (remember this is pre 9/11) the author talks about cryptography and how the government could severely curtail privacy if, say, there were a major terrorist attack, say on New York. Amazing foresight.
[ link to this | view in thread ]
Re: Partisanship
1) The President
2) The Speaker of the House
3) The Speaker of the Senate
4) The Supreme Court
All four would have to agree the the government has a valid case, probable cause, and imminent threat to enable the encryption to be performed.
Nah, still not good enough.
[ link to this | view in thread ]
Re: Re: Question about Key Generation
[ link to this | view in thread ]
Re: The stupid, it burns
NSA: Give us the key so we can look at those messages..
Telco: No..
NSA comes back with a secret FISA court warrant: Give us the key now and keep your mouth shut.
Telco: *sigh*
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Partisanship
The reader sees the juxtaposition of the words. But the reader can't really complain about the writer's accurate description of the Clipper Chip as “failed.” That Clinton-administration era initiative did fail. Hard.
So what if the reader knows “what's really going on” in the sentence fragment. The reader can't complain about the implied focus on the upcoming election—as long as the comma's in there.
[ link to this | view in thread ]
I foresee the following
First, the UK says "me too", and the USA says "OK".
Then, Australia, Canada, and New Zealand say "Me 3, 4, 5" (eyes, get it). And the USA says "OK".
After that, Europe says we want it, and the USA can't say no, because of the amount of mutual trade, and various trade agreements.
Next, Russia and China draft the same laws, and US firms demand to be allowed to sell there. So they get keys. Rinse, repeat worldwide.
Meantime hackers already have all parts of the US key, and it's available to anyone for free on bittorrent.
And so - encryption is gone. And suddenly the US says "what about all our financial transactions???"
-tek
[ link to this | view in thread ]
Security would be a crime
Backdoors don't make sense except as a means to exploit and/or persecute law-abiding citizens.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Four pieces
What could go wrong?!
[ link to this | view in thread ]
and everything that Mary said, the feds were sure to know.
- Sam Simpson
[ link to this | view in thread ]
Re: Re: The stupid, it burns
Even if they don't get all of the key, knowing part of it can significantly reduce the effort to crack or brute-force the encryption. Anything that reduces the possible keyspace from the expected is a huge win to an attacker of a crypto system (cryptanalysis).
As a very simple example to explain the concept:
I've got a safe with a 4 digit combination. 0000 through 9999. There are 10,000 possible combinations to this safe. I break my key up into two parts: the first two digits and the second two. I give you the first two, which happen to be 64##, to the safemaker. I give the second two ##32, to the police.
Q: How many tries would either the safemaker or the police need to try to get into the safe?
A: Maximum, they would each need 100 tries.
The safe maker would try 6400, 6401, 6402, and so on. The police would try 0032, 0132, 0232, and so on. The average for either would only be 50, assuming they knew nothing else, like my penchant for choosing powers of 2 as a safe combination.
Further info:
http://en.wikipedia.org/wiki/Cryptanalysis
http://en.wikipedia.org/wiki/Related-key_attack
[ link to this | view in thread ]
And other countries?
Will their government be willing to use programs where the US government - and only the US government - has a back door? Or will the US government share the keys (in pieces) with the other Five Eyes countries? Let alone Germany and the rest?
Will foreign corporations - or foreign subsidiaries of American corporations - allow the use of programs where the US government has a back door? Knowing full well that the NSA and others have used their spying for economic espionage?
With the inevitable availability of programs WITHOUT back doors for everyone outside the US - including open source solutions - what stops Americans from using them too?
[ link to this | view in thread ]
The door analogy
My suggestion is that if they want to use the door analogy they have to use it the whole way and include it in the context of the doors on your house. Imagine the government 'floating' an idea of all the lock manufacturers had to have a master key that was handed over to the government that allowed them to come into your house whenever they wanted to. This is what they are asking for....
Wake up people, the sound you hear is the sound of marching jack boots plodding slowly closer to a police state. Like a light rain on a tin roof, it started as a whisper which lulled to sleep, now it is a thunderous roar which can hardly hear.
[ link to this | view in thread ]
Secret sharing
So any multi-part password would remain "more secure" up until the first time it was used, and never again thereafter. So where is the security benefit?
[ link to this | view in thread ]
it's just paving the way for prophesy
Yeah, I know; call me a religious nut. I'll be that; I welcome the ridicule. Yet no one can honestly deny that all of the technology (monitoring systems, tracing systems, surveillance systems, erosion of privacy, GPS, RFID, yada, yada, yada...) is consistently heading to a point in time where one political leader can monitor almost everyone...but I'm nut.
So what's the fix? Buy a gun and move to the desert? No. Accept Jesus Christ as your savior and escape Hell and/or the tribulation.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Partisanship
When have all four of those ever agreed on anything?
Also don't you mean to allow the decryption?
[ link to this | view in thread ]
Re:
Such a simple little word. But the US government hasn't heard it enough. It's forgotten there was ever even the _possibility_ of being refused. But they need to hear it. Repeatedly. From the entire social strata of the citizenry: "No."
May we spy on you? "No."
May we control what you say and when you say it? "No."
May we muzzle scientific discourse and free inquiry? "No."
And just maybe, if enough people could stand together and say together with one voice "No. We will not give in. We will not sacrifice the principles on which this country was founded. Our Bill of Rights will not be given up as an offering on an alter of lies to appease your rampant insatiable ego and need for absolute control. We refuse." then we could yet save this country from its slow and inexorable decay.
Something radical will need to be done soon. Perhaps like Rome's succession of the Plebeians, which was needed before their central government would yield.
[ link to this | view in thread ]
Stupid Idea - Easily Broken
[ link to this | view in thread ]
Gah!
[ link to this | view in thread ]
Re: The stupid, it burns
[ link to this | view in thread ]
Re: Gah!
[ link to this | view in thread ]
The thing is...
This is essentially an unbreakable vault that will incinerate all your files before it will yield to safecracking.
Now as a civilian, I think this is perfectly fine.
But as a government that doesn't trust its people, they're freaked out.
Interestingly, they want to be able to hide things from the people using such impenetrable technology. But they don't want things hidden from them by people.
(And at this point we have steganographic tech that makes encrypted files look like garbage in unused sectors of a drive. If we really want to hide something, it's gone.)
[ link to this | view in thread ]
Re: Gah!
[ link to this | view in thread ]
Re: Re: The stupid, it burns
It's still a stupid idea. At some point, all of those virtuous people are going to have to get together and assemble their pieces into a whole key. That key is then susceptible to theft by parties unknown to the virtuous key-piece-holders.
[ link to this | view in thread ]
Security vs Privacy
The problem with this thinking is that they are not equivalent in any way.
While it is possible to have 100% privacy it is not possible to have 100% security. The question should be framed to adequately reflect the NSA's intentions:
"Are you willing to give up 100% of your privacy for 0% increase in security?"
[ link to this | view in thread ]
Except Jesus is in on the take.
But they can only watch us and abuse us so far before they realize there are so many more of us than them.
[ link to this | view in thread ]
Re: The thing is...
Which can be used to hide messages in photos, posted to photo-sharing sites.
[ link to this | view in thread ]
Re: Re: Re: The stupid, it burns
The first moment anything is compromised its over-with. And we all know how government is on the uptake of when things go wrong. The first thing they do is gird loins to prevent the incoming dick kick, to hell with the actual victims.
[ link to this | view in thread ]
Re: Re: Re: The stupid, it burns
> key are indeed incorruptibly good and virtuous.
Even if today's keyholders are angles (and they are not), what about tomorrow's keyholders?
[ link to this | view in thread ]
Re: Security would be a crime
And outlaw all existing source code for effective cryptographic software?
Good luck with that.
[ link to this | view in thread ]
Re: Re: Re: Re: The stupid, it burns
[ link to this | view in thread ]
Re: it's just paving the way for prophesy
I'm sure you are not the only person to have privately made this observation. But hey, there is at least what the third angel says in Rev 14:9-12.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Security vs Privacy
[ link to this | view in thread ]
Re: Re: Re: Question about Key Generation
NY is a big target and they were bombed before 9/11 anyways. Plus add to that the history of Government setting up slippery slopes all over the place and you have someone who can understand history, unlike the vast majority of humans on the planet.
There is a reason we are doomed to repeat history.
[ link to this | view in thread ]
Re: Security vs Privacy
"While it is possible to have 100% privacy"
It is no more possible to have 100% privacy than it is to have 100% security. They both can only be achieved the same way: by completely isolating yourself from any chance of interacting, even indirectly, with other human beings.
[ link to this | view in thread ]
Maybe people will start using whatever brainpower they have and realize they say whatever they think people will believe. The white house doesn't care about your rights only enriching themselves at the peasants expense.
[ link to this | view in thread ]
The door analogy
My suggestion is that if they want to use the door analogy they have to use it the whole way and include it in the context of the doors on your house. Imagine the government 'floating' an idea of all the lock manufacturers had to have a master key that was handed over to the government that allowed them to come into your house whenever they wanted to. This is what they are asking for....
Wake up people, the sound you hear is the sound of marching jack boots plodding slowly closer to a police state. Like a light rain on a tin roof, it started as a whisper which lulled to sleep, now it is a thunderous roar which can hardly hear.
[ link to this | view in thread ]
Re: Re: Re: Question about Key Generation
But these days, we have some more up-to-date references.
Along those rough lines, I've had one book on my reading list for the past couple months now (Gutmann, 2014, Engineering Security (draft)). One of these weeks I'll get around to it... Gutmann's draft probably doesn't cover secret-sharing schemes, though.
[ link to this | view in thread ]
Re: The door analogy
If no-one but you has a key, it is not useful, except to protect a backup. The problem with keeping encryption secure is managing the keys needed by the communicating parties while preventing others from breaking into the communications. This protection includes preventing spyware from running on the computers involved in the communications.
[ link to this | view in thread ]
Re: Re:
I like your comment, except that by definition it's impossible to prevent something inexorable.
[ link to this | view in thread ]
Re: The door analogy
The door analogy holds in a different way, too. Because it is in line with my hacker nature, I learned to pick (physical) locks decades ago. One of the things that I learned was that locks that accept a master key are much easier to pick than locks that don't accept a master key.
[ link to this | view in thread ]
Re: Re: The door analogy
That's not true (assuming by "you" you mean "only one person"). If I encrypt a message using your public key, nobody but you has the decryption key. Still very useful.
[ link to this | view in thread ]
Question
How hard would it be to close this door...permanently?
[ link to this | view in thread ]
Re: "So, now the questions is if the White House will actually listen to the cybersecurity experts at NIST "
FWIW, NIST appears to have undergone something of a radical shift in response to the NSA stuff. It has come out strongly against the NSA's activities on that one and since then has been pretty regularly standing up for good encryption practices. I think it got religion in a good way.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re:
So whilst is is a bad idea and I don't think there should be any compromise, perhaps we should argue that if there were keys they shouldn't be the ones to get them.
How about, oh I don't know... Amnesty international, Interpol, or something like that. Other countries expectation of their own privacy may be our best protection of our own.
[ link to this | view in thread ]
Bypassing crypto to get data anyhow
(H/T FourthAmendment.com blog)
[ link to this | view in thread ]
Re: Re: "So, now the questions is if the White House will actually listen to the cybersecurity experts at NIST "
You have a lot of faith there.
[ link to this | view in thread ]
Re: Re: Re: The stupid, it burns
That's not how secret sharing works.
With your example, the key is 6432. The key is broken in two parts, which have to be summed to get the correct key.
So one part, for instance 7754, is given to the safemaker. The second part, 8678, is given to the police. Each part is completely useless without the other: even if you have the first part, there are precisely 10000 possible values for the second part, and each of them will give one of the 10000 possible values for the combination.
It's simpler to visualize it with a traditional 12-hour clock. The first part is the initial time, for instance 8 hours. The second part is the number of hours to add to it to get the correct time, for instance 10 hours. It's easy to see that, given only the initial time, you have no idea where it'll end up, and given only the number of hours to add but not the initial time, you still have no idea where it'll end up.
For real-world usage, you would use the XOR operation instead of addition, with the same effect. For a more advanced system (k of n), take a look at Shamir's Secret Sharing.
[ link to this | view in thread ]
Stupidity . .
[ link to this | view in thread ]
Re: Re: Re:
The whole point was that it _seems_ unstoppable, but there is yet some hope. Give it another decade or two, though, and I honestly wonder if you could ever do enough at that point without shattering the very system you're trying to save.
[ link to this | view in thread ]
Re: Re: "So, now the questions is if the White House will actually listen to the cybersecurity experts at NIST "
I suspect it got on the "say one thing in public, do another behind closed doors" bandwagon.
[ link to this | view in thread ]
Re: Re: Re: "So, now the questions is if the White House will actually listen to the cybersecurity experts at NIST "
[ link to this | view in thread ]
Re: Re:
That same Month The white house said anyone that does that very same thing to them could be considered an act of war if done to America.
Do what I say not what I do
[ link to this | view in thread ]
Re: Re: US Gov = adversary
[ link to this | view in thread ]
Re: US Gov = adversary
[ link to this | view in thread ]
It's just on the tip of my tongue
Oh, right, Lord of the Rings:
And it worked out so well back then, too, those multiple keys...oops, I mean, rings.
[ link to this | view in thread ]
Re: It's just on the tip of my tongue
That's an... ummm... an interesting perspective.
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Controlling the key holders is equivalent to being the sole holder of keys
[ link to this | view in thread ]
Sauce for the Goose?
[ link to this | view in thread ]
Re: Re: The thing is...
[ link to this | view in thread ]
objective reality
"non A is A" is a fücking BIG contradiction;
wishfull thinking and sheeple debate is not gonna change reality.
Either you plant exploitable vulnerabilities in your "secure" system or you do not.
Dear IT Geniuses just read Ayn Rand's Atlas Shrugged:
You can only follow the governments proposal by ignoring reason.
Reason is the tool that helps you define reality and keeps you alive.
If you ignore reason, you are going to die.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: The stupid, it burns
[ link to this | view in thread ]
Re: objective reality
[ link to this | view in thread ]
One Key to bring them all and in the darkness bind them.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
Why isn't the industry raising hell against this?
If this front door abomination goes on, nobody who isn't under US heels would accept anything produced in the US or from US corporations.
Right now there is still the thin veil of a judicial process to uncover any customer data/protection entrusted into US products/services.
Imagine any US made or developed product (Hardware/Software) is now freely accessible to any n+1 government agencys who would like access to you. And probably without leaving a trace.
I presume almost no foreign government, corporation or citizen would like this.
So any product/services would be shunned on the non-domestic market as there could be no trust in it anymore.
And thats just "legitimate" government actors.
And thats not even touching on illegitimate actors having access.
And with the US setting a blazing example, every other government would like to have its own access.
So say hello to a fractured market.
I think the front door analogy is more like, we force anyone to have an open front door with multiple signs "government access only. Pretty please"
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Partisanship
I believe that is a feature, not a bug.
[ link to this | view in thread ]
Re: The thing is...
[ link to this | view in thread ]
-Look into the Replicant project, OsmocomBB, and coreboot to learn more.
The way this would have to be done to have any hope of working as intended would be by making bios/efi/uefi into the eqivelent of cellular baseband co-procesors. It would be more then just a backdoor to encryption, but to the entire device architecture. Otherwise, your right- people would just code around it.
[ link to this | view in thread ]
Re: Question
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: The thing is...
https://www.youtube.com/watch?v=BcDbKlz06no#t=1073
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Re: The thing is...
[ link to this | view in thread ]
Re: Re:
Background on the VCAT report from NIST press release:
[ link to this | view in thread ]
Re: Re:
The only way to accomplish that is to reencrypt whatever data has been accessed so that it uses a different key and the old key will no longer work. This is unworkable from a performance and logistical point of view, but more importantly would be 100% ineffective -- all that would need to be done to work around it is to decrypt the data on a system that won't do the reencryption step.
[ link to this | view in thread ]
Re: Re: Question
[ link to this | view in thread ]
Re: Why isn't the industry raising hell against this?
Well, it's certainly objecting, but I think "the industry" is picking its battles. There's not a lot of worry about this sort of thing right now because it currently has exactly zero chance of becoming law. Nobody is even considering writing a bill.
The instant that it looks like it has a chance of becoming real, hell will be raised.
[ link to this | view in thread ]
Re: Re: Re:
Consider homomorphic schemes.
[ link to this | view in thread ]
Re: Re: Why isn't the industry raising hell against this?
[ link to this | view in thread ]
2 + 2 = 5 -- -- There are four lights
And people find ideology-driven values to be far easier to comprehend than reason.
[ link to this | view in thread ]
Re: Re: Re: Re: The stupid, it burns
[ link to this | view in thread ]
More big government power grabbing by the Dems
[ link to this | view in thread ]
Re: More big government power grabbing by the Dems
You're an idiot if you think the Republicans are out there fighting for your privacy.
[ link to this | view in thread ]
Re: Re: More big government power grabbing by the Dems
[ link to this | view in thread ]
Re: Re: It's just on the tip of my tongue
There might be multiple keys, but I bet among those will still be just one key, that does the work of all the other keys. One key to rule them all. Because otherwise DEA might get possessive and refuse to share it's key with FBI, and we all know how bad that will be.
So this promise of key splitting is just nonsense--no matter what, there will be one key that rules them all.
[ link to this | view in thread ]