Encryption: What The FBI Wants It Can Only Have By Destroying Computing And Censoring The Internet
from the and-it-doesn't-seem-to-understand-this dept
The FBI -- and by extension, every law enforcement agency it partners with -- wants holes carved in cellphone encryption. The problem is that it doesn't even know what specifically it wants.
When asked directly if the FBI wants a backdoor, [Amy] Hess [Asst. Director of FBI's Science & Technology branch] dodged the question and did not describe in detail what actual solution the FBI is seeking.That's asking the impossible -- for a great many reasons. First and foremost, compromised encryption is compromised encryption. It can be exploited by criminals and other unwanted entities just as certainly as it can assist law enforcement agencies in obtaining the information they're seeking. There's no way around this fact. You cannot have "good guys only" encryption.
“We are simply asking for information that we seek in response to a lawful order in a readable format,” Hess responded, while also repeating that the Bureau supports strong encryption. “But how that actually happens should be the decision of the provider.”
When pressed again, Hess said that it would be okay for the FBI not to have a key to decrypt data, if the provider “can get us that information by maintaining the key themselves.”
But beyond that, even if the FBI manages to get what it wants, it will do so at the expense of general computing. Requiring built-in backdoors or key escrow will dismantle the very systems it's meant to access. Computer scientist Jonathan Mayer delivers a long, detailed hypothetical involving the Android platform and how the FBI's desired access would fail -- and do severe collateral damage -- every step of the way. (via Boing Boing)
First off, if Google gives the FBI the backdoors it wants, that only nails down Google. But Google also distributes thousands of third-party apps through its Play store. And these apps may not contain the subverted encryption the FBI is looking for. Now, Google has to be in the business of regulating third-party apps to ensure they meet the government's standard for compromised encryption.
The obvious answer is that Google can’t stop with just backdooring disk encryption. It has to backdoor the entire Android cryptography library. Whenever a third-party app generates an encrypted blob of data, for any purpose, that blob has to include a backdoor.This move may work, but it only affects apps using Google's encryption. Other offerings may rely on other encryption methods. Then what? It has a few options, all of them carrying horrendous implications.
One option: require Google to police its app store for strong cryptography. Another option: mandate a notice-and-takedown system, where the government is responsible for spotting secure apps, and Google has a grace period to remove them. Either alternative would, of course, be entirely unacceptable to the technology sector—the DMCA’s notice-and-takedown system is widely reviled, and present federal law (CDA 230) disfavors intermediary liability.At this point, Mayer suggests the "solution" is already outside the realm of political feasibility. Would the FBI really push this far to obtain encryption backdoors? The FBI itself seems unsure of how far it's willing to go, and many officials quoted (like the one above) seem to think all the FBI really needs to do is be very insistent on this point, and techies will come up with some magical computing solution that maintains the protective qualities of encryption while simultaneously allowing the government to open the door and have a look around any time it wants to.
So, if the FBI is willing to travel this very dark road littered with an untold amount of collateral damage, it still hasn't managed to ensure the phones it encounters will open at its command. Considering phone users could still acquire apps from other sources, the government's reach would only extend as far as the heavily-policed official app store (and other large competitors' app stores). Now what? More government power and less operational stability.
The only solution is an app kill switch. (Google’s euphemism is “Remote Application Removal.”) Whenever the government discovers a strong encryption app, it would compel Google to nuke the app from Android phones worldwide. That level of government intrusion—reaching into personal devices to remove security software—certainly would not be well received. It raises serious Fourth Amendment issues, since it could be construed as a search of the device or a seizure of device functionality and app data. What’s more, the collateral damage would be extensive; innocent users of the app would lose their data.Even if the government were willing to take it this far, it still doesn't eradicate apps that it can't crack. (But it may be sufficient to only backdoor the most used apps, which may be all it's looking to achieve...) App creators could decide to avoid Google's government-walled garden and mandated kill switch by assigning random identifiers and handling a majority of the app's services (like a messaging service, etc.) via a website, out of reach of app removal tools and government intervention. To stop this, the US government would need to do the previously unimaginable:
In order to prevent secure data storage and end-to-end secure messaging, the government would have to block these web apps. The United States would have to engage in Internet censorship.Robert Graham at Errata Security makes similar points in his post on the subject, but raises a couple of other interesting (in the horrific train wreck meaning of the word) points. While the government may try to regulate the internet, it can't (theoretically) touch services hosted in foreign countries. (Although it may soon be able to hack away at them with zero legal repercussions…)
Such services could be located in another country, because there are no real national borders in cyberspace. In any event, such services aren't "phone" services, but instead just "contact" services. They let people find each other, but they don't control the phone call. It's possible to bypass such services anyway, by either using a peer-to-peer contact system, or overloading something completely different, like DNS.The FBI likely has no desire to take its fight against encryption this far. The problem is that it thinks its "solution" to encryption is "reasonable." But it isn't.
Like crypto, the entire Internet is based on the concept of end-to-end, where there is nothing special inside the network that provides a service you can regulate.
The point is this. Forcing Apple to insert a "Golden Key" into the iPhone looks reasonable, but the truth is the problem explodes to something far outside of any sort of reasonableness. It would mean outlawing certain kinds of code -- which is probably not possible in our legal system.The biggest problem here is that no one arguing for "golden keys," key escrow, "good guy" backdoors, etc. seems to have any idea what implementing this could actually result in. They think it's just tech companies sticking it to The Man, possibly because a former NSA sysadmin went halfway around the world with a pile of documents and a suitcase of whistles with "BLOW ME" printed on the side.
But it isn't. And their continual shrugged assertion that the "smart guys" at tech companies will figure this all out for them is not only lazy, it's colossally ignorant. There isn't a solution. The government can't demand that companies not provide encryption. It's not willing to ban encryption, nor is it in any position to make that ban stick. It doesn't know what it needs. It only knows what it wants. And it can't have what it wants -- not because no one wants to give it to them -- but because no one can give it to them.
Yes, many tech companies are far more wary of collaborating with the government in this post-Snowden era, but in this case, the tech world cannot give the FBI what it wants without destroying nearly everything surrounding the "back door." And continually trotting out kidnappers, child porn enthusiasts and upskirt photographers as reasons for breaking cell phone platforms doesn't change the fact that it cannot be done without potentially harming every non-criminal phone owner and the services they use.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoors, computer security, cybersecurity, encryption, fbi, jonathan mayer, security
Reader Comments
The First Word
“In addition
Jonathan Mayer's analysis is excellent, but I want to add an additional point about subverted encryption of the sort that the feds are looking for:Criminals who hide their activities through encryption will just continue to do so, using crypto that is readily available and installable (on Android, anyway) without involving any app store at all. There is no need to use an app store to install apps on an Android device, after all, so no provider would have the chance to vet the software.
So we'd just end up with a world of decreased security, computers that people can't trust (even more so than right now), but with the ability of criminals to hide their activities just as strong as ever.
In other words, what the feds are asking for is a world where the criminals are in an even stronger position (relative to law-abiding users) than they are now.
Subscribe: RSS
View by: Time | Thread
Sic Transit Gloria Mundi
8KL++oiMoM0587Sdi1kk7VvnGVLB8Q0eA5r5+hDb1lYfiIuMq8hzEJbjTzhnDG/ztWHcFNSaOgXLRziR+qUl5SR3 cRXcY4rtSZSep7IHNFHF0p6QKUe7xArY+jYvwBod36eUFxS2c5TCDElAKbQAiQ==
[ link to this | view in thread ]
Playing the Game
People are dumb enough to allow government call them non-citizens then turn around and bitch about them collecting your data.
Business should have every right and protection a citizen has against the government, because at the end of the day, you a citizen has been regulated too. IF you are to ignorant to understand how... just go for a drive without your license, in a black smoke billowing car, blaring 120 decibel music, with glass-packs. Be sure to piss on the cops shoe when he pulls you over.
Law = Regulation... because if you don't follow regulations you are breaking the law.
I am sure you will figure it out, hell who am I kidding you wont figure shit out.
[ link to this | view in thread ]
In addition
Criminals who hide their activities through encryption will just continue to do so, using crypto that is readily available and installable (on Android, anyway) without involving any app store at all. There is no need to use an app store to install apps on an Android device, after all, so no provider would have the chance to vet the software.
So we'd just end up with a world of decreased security, computers that people can't trust (even more so than right now), but with the ability of criminals to hide their activities just as strong as ever.
In other words, what the feds are asking for is a world where the criminals are in an even stronger position (relative to law-abiding users) than they are now.
[ link to this | view in thread ]
(Wasn't there a shooting incident recently by someone they were aware of as being a danger?/rherorical)
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Playing the Game
In contrast to big business that is fighting them? That's why they like big business? Additionally, I don't remember being called a non-citizen recently, could you elaborate?
I think the music and glasspack is a bit of overkill, and im not sure why those needed to be indicated, because driving in a car billowing smoke, id expect to get pulled over. And then if you are breaking the law and piss on the cops shoe you are supposed to be surprised when the cops react negatively? Not entirely sure where you are going there. And how is this supposed to prove businesses deserve rights and protections against the government? Yeah, regulations are laws...thats kid of the definition. Not sure what mind blowing theory you've explored here.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: In addition
[ link to this | view in thread ]
I hear it's hard to tell if a random number generator has been compromised. There's really no reliable tests that can be run to verify the output of RNGs.
The US government has already attacked RNGs when it backdoored RSA's RNG by using a pre-selected seed value that allowed US Intelligence to decrypt any cypher text encrypted using that pre-selected seed.
I think Mike's analogy summed it up best. "There are things that are difficult (getting to the moon) and things that are impossible (arguing we only let "good people" go to the moon.)"
[ link to this | view in thread ]
Re: Re: Playing the Game
[ link to this | view in thread ]
Why we can't have nice things...
[ link to this | view in thread ]
Well, then, you subpoena the owner of the phone where the informationis to be found. Were you absent the day they covered that in Junior G-Man School?
[ link to this | view in thread ]
Re:
Attacking the RNG is one of the standard ways of weakening encryption (since crypto relies VERY heavily on statistically excellent random number generation), so your worry is well-founded. This is why serious crypto libraries provide their own RNG rather than trusting the one that the OS provides.
If crypto is using /dev/random (or the equivalent in other OSes) as its source of random numbers, that crypto cannot be trusted in the first place. Even if the feds don't get what they want.
[ link to this | view in thread ]
Still misses the point..but just barely this time.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
What's that?
Oh... That's hard and it's easier to make the job someone else's responsibility? I think that's what got us here in the first place...
[ link to this | view in thread ]
So now you know!
So that's the real aganda, isn't it?
[ link to this | view in thread ]
Re: Sic Transit Gloria Mundi
[ link to this | view in thread ]
Cryptography For Cretins
http://www.mcclatchydc.com/2014/07/16/233483/investigators-blast-justice-depts.html?sp=/99 /200/365/
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
By Destroying Computing And Censoring The Internet
Anyone concerned about security would move their services outside the US to places where reliable encryption was still allowed.
[ link to this | view in thread ]
None of that other stuff
There's a message here - "Fix this, or we'll make congress write some laws. Think long and hard about how that worked out for you last time." It's an effective message that has solved many more difficult issues in the past.
[ link to this | view in thread ]
Re: None of that other stuff
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Did the FBI make such a ruckus when they discovered that people could talk to each other in private
Oh, by the way, aren't there a bunch of businesses that want to maintain data communications that cannot be snooped through by the public? I'm pretty sure they had those long before we used cellphones, even if that meant wacky scramblers and messengers on bicycles.
This reeks of the ignorant moral panic that people have whenever it is discovered we can do a thing on a computer.
And to be fair, I have no trust that law enforcement exists for my best interests anyway.
[ link to this | view in thread ]
Re: None of that other stuff
[ link to this | view in thread ]
Re: Still misses the point..but just barely this time.
...recapitulating "if you outlaw guns, only outlaws will have guns".
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Sic Transit Gloria Mundi
[ link to this | view in thread ]
Re: Re: Sic Transit Gloria Mundi
https://en.wikipedia.org/wiki/MIDI#System_Exclusive_messages
Maybe some entrerprising midi enthusiast will enlighten us?
[ link to this | view in thread ]
Importance of F-Droid
[ link to this | view in thread ]
Don't kid yourself
'So, if the FBI is willing to travel this very dark road littered with an untold amount of collateral damage, it still hasn't managed to ensure the phones it encounters will open at its command.'
'Even if the government were willing to take it this far, it still doesn't eradicate apps that it can't crack.
There is no 'if' about it, if they thought they could get away with it, they would absolutely order such back-doors to be included in every piece of tech they could get their hands on, security be damned. The only hesitation they have regarding the matter is admitting to what they truly want.
[ link to this | view in thread ]
Re: None of that other stuff
I'm not sure you understood the article. This is not a matter of someone being unwilling to fix it. This is a problem that has no solution. Congress and the FBI can do a pretty good job of destroying the internet as we know it, but they still will not have accomplished the goal of having a back door in everyone's encryption. Maybe, at most, they will succeed in compromising the encryption of law-abiding US citizens. Everyone else will still have uncompromised strong encryption.
[ link to this | view in thread ]
Re: Importance of F-Droid
Do you have any reading material on that? I'm not sure what search terms to use to get this subject and not pages and pages of "how to uninstall android apps".
[ link to this | view in thread ]
Re: In addition
What exactly will the FBI do when I put an open source encryption method on all of my devices? Are they going to criminalize and shut down GPG? PGP? OTR? Will it become a felony to use Jabber, VPN's, proxy services? SSL? HTTPS? How far are they going to actually go with this nonsense?
And while we're on the subject: are the FBI, CIA, NSA and other law enforcement organizations going to provide "golden keys" to their encryption for the ACLU and other government watch groups to check for corrupt and immoral practices? I mean, its only fair that they do. How else are citizens supposed to be 100% positive that our tax dollars are being spent wisely and our rights aren't being violated?
I'm sure there has to be someone in the Justice Department smart enough to be asking these questions, and probably getting confused looks back as an answer.
[ link to this | view in thread ]
Re: Re: In addition
An even better question than that: If I already had the ability to to intercept every type of communication I wanted whenever I wanted with little to no oversight, no need to answer to anyone or even divulge the methods that I used to intercept those communications, why would I continue to make such a fuss about encryption?
They have supercomputers that do nothing all day but crack encryption. Why such a push for backdoors, when with enough money and computing power, you could crack the best encryption on the planet in matter of days and we know that they have the budget to do this and they know that we know?
It's like begging in front of a gas station when you just got away clean with robbing the safe in the back. It makes zero sense.
[ link to this | view in thread ]
Re: None of that other stuff
[ link to this | view in thread ]
Re: Re: Importance of F-Droid
Have you ever installed an app from the Google Play store website (desktop)? It installs without confirmation from the endpoint device. There is a notification, but it's trivial to design a system not to show those, especially if Google has root (which is all devices with the Play Store installed).
[ link to this | view in thread ]
losing the battle to win the war.
[ link to this | view in thread ]
Incidentally, there's also...
That is, encrypted data that, to an observer without the correct reader and a proper password resembles random bits of unused hard-drive space.
Steganography for the 21st century.
So that even if they require all legal crypto to have backdoors, you can stash all your business secrets (terrorist plots, child porn and biographical leverage) on this, and they can't prove it's even there.
shāh māt
[ link to this | view in thread ]
LEO has been demonstrated it can't use such a method
[ link to this | view in thread ]
Re: Re: Still misses the point..but just barely this time.
[ link to this | view in thread ]
I Smell Fear
This is pure and simple fear of the loss of power. The upper echelons of power brokers need information to retain their power and they can see it fading in the light of the public backlash to their machinations.
[ link to this | view in thread ]
Re: Re: Re: In addition
That being said, breaking encryption *does* require some targeting, and is not instantaneous. While it's reasonably safe to assume that if the government really wants into someone's computer, they're going to get in, common encryption means they won't have the general data available to identify that guy in the first place. Many of these systems are likely using mass data analysis, and you can't analyze data on a massive scale if you have to crack it all first.
That's what they really want. They want to use the NSA version of Google Adwords to find the bad guys with an algorithm. That style of thing doesn't work with mass encryption because by the time you break all the locks the data is meaningless.
Considering I don't want them running my email through their terrorist filter in the first place I don't see this as much of a loss. But that's exactly what they want to do, and why they keep saying "we're not really reading your stuff." Yeah, neither is Google, but I still get targeted ads. The ads I don't mind so much, although Adwords does not always present stuff I'm actually interested in. Being targeted as a terrorist because some computer system thinks I need to be watched, whether I hit their criteria or not?
No thanks.
[ link to this | view in thread ]
Re: Re: Re: Re: In addition
If used correctly, one time pad encryption is unbreakable.
[ link to this | view in thread ]
Re: Re: Re: Importance of F-Droid
Good point!
if Google has root (which is all devices with the Play Store installed).
By "has root" do you mean literally Google has root-level access and can remotely run any commands they want on a device?
[ link to this | view in thread ]
We are still a couple steps up from the mid 90's when crypto was a munition and you could theoretically go to jail for reading (or writing) the wrong book.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re: Re: Re: In addition
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re: Re: Re: In addition
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: In addition
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: In addition
[ link to this | view in thread ]
Re: Re: Re: In addition
For a couple of reasons. First, there' no monolithic "they". There is a large number of different law enforcement/spy agencies with very different resources and capabilities. Your local police department, for example, doesn't have the ability to break any crypto they want.
Second, even with the big name agencies that have crypto-busting supercomputers, they don't have enough computing power to decrypt everything that they want to. It takes a large effort, so they have to be very, very interested in you specifically to do it. This is unworkable if what you want to do is have a widespread surveillance capability.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: In addition
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Re: In addition
In this context, there's an important distinction between the cleartext and a cleartext.
"It does have a flaw when dealing with corrupt law enforcement, they can write the message they want you to say, in the same message length, and then generate the key to 'decrypt it' from the cipher text."
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Re: In addition
Right, but that doesn't necessarily imply that a key can be derived from a cleartext and a ciphertext. I wasn't sure if that was possible or not.
On the other hand, there are much more serious problems with OTP, which is why nobody uses it so this is an interesting but academic discussion. :-)
[ link to this | view in thread ]
Re: Re: Re: Re: In addition
Which is where the specialists in private industry come in. Both the oil and financial industries have lots of resources they love to place at the command of lucrative gov't. contracts. The gov't buys secret space planes with the black budget.
[ link to this | view in thread ]
Re:
Er, they were outright warned with clear text about the Boston bombers, by the USA's frenemy Russia. If they're blowing it using clear text, crypto's not really going to hurt them anymore.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: In addition
It does imply that, given some clear text of the correct length to match the cypher text, it is trivially easy to generate a key that maps one to the other. Each element of the the key encrypts/decrypts one element of the message, and can be chosen independently of any other element of the key.Formally, the property of a one time pad system is that for any string of symbols of a given length a key exists that transforms it to any other string of symbols of the same length.
With all other cyphers the key is short, and encryption algorithms has the property that is is extremely unlikely that more than one key will produce a meaningful message, where the message is written in a human language. The chance of that happening are so astronomical that it can be ignored.
These days with micro SD card, and an occasional meeting in person, the key management problem largely disappears. Further a very secure off-line encryption/decryption system for text messages can be built using an 8 bit micro-controller, like an Arduino. Collecting random noise for the keys can be carried out using the same processor. The actual encryption/decryption is simply modulo arithmetic on a character by character basis.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
I'm worried about all those botnets "taken down" from criminals. I'd not put it past them (NSA, Interpol, ...) to just re-purpose that botnet to running their own version of Distributed.net's dnetc on any crypto fed to it. It's what I'd do with them. Allocate a few hundred million for a gov't contract, and Microsoft will do it for them.
[ link to this | view in thread ]
Re: Re: None of that other stuff
That's because the FBI finally got a clue in the '90s. James Comey is the opposite of what they had then.
[ link to this | view in thread ]
Re: Re:
I think he was referring to the recent shooting in Texas.
[ link to this | view in thread ]
Re: Re: Re: Re: Importance of F-Droid
[ link to this | view in thread ]
Re: Re: Re:
My brain often appears to veer off into tangents. I'll admit this can be one.
[ link to this | view in thread ]
Corrupt law enforcement
They use the old mob trick of getting their fellow mugs to testify on their behalf.
When six cops are all saying they saw you commit a crime, the jury is inclined to convict. And this is even with video evidence that contradicts their testimony.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: In addition
I'm not seeing the weakness here. The only way to retrieve the key would be to have both the original cleartext and the ciphertext that it came from. If you are missing either of those, obtaining the key is impossible.And if you have both, obtaining the key is pointless.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: In addition
The FBI intercepts the ciphertext. They then invent an incriminating cleartext and use it to generate a key. They make up a story about how they got hold of the key. By itself would this be enough for a conviction? I doubt it, but it could certainly get a warrant for something more intrusive, or be used with other evidence to build a case.
As I said, it doesn't really matter since OTP is too hard to use anyway.
[ link to this | view in thread ]
It's worse than that Jim...
How many different formats are there to store still images ?
1,000, 2000 ?
"different" here means if my code tries to render it do I get the image, junk or a crash ?
Ditto text, every game saves in a different format, there are 15 different incompatible versions of Excel files, not encrypted but harsh to figure out.
This can be figured out, but it's a chunk of work per application and there are a *lot* of apps these days.
Also, what is a .XLS file ?
Yeah I think it's Excel too, but you can't rely on that, I can choose to save my data with any filename extension I like.
How do you search Excel files for "interesting" content ?
Or my own .xls format that I use for sharing IMs ?
By hand, really ?
This can only be done by hiring a *lot* of programmers and they will never fully catch up.
[ link to this | view in thread ]
Re: It's worse than that Jim...
Or, as an earlier generation of geek has allowed you to say:
Filters! Gotta love 'em.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: In addition
I Suggest an Arduino or the Like so that the Encryption system and key generation as it is almost impossible to compromise, and the key is never on a machine that is easy to compromise, like a PC.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: In addition
I could see it working one-to-one, but I would guess the chance of mistakes goes up quickly with numbers.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: In addition
Key generation is not a problem, as true random sources, radio noise, noise diodes etc can be used to generate the keys.
Interestingly, the main line of external attack, PC security, can be avoided by using simple micro-controllers, they have plenty of power to implement what can be done with pencil and paper, and all the software on them can be validated, indeed the really paranoid could use a pencil and paper assembler, and create the code file using a simple hex editor, and avoid negligible risk of a compromised cross compiler. (There are no standard routine names and interfaces to be used by a compromised compiler.)
[ link to this | view in thread ]
Encryption does not like FBI.
[ link to this | view in thread ]
Re: In addition
[ link to this | view in thread ]
Re: Re: Re: Re: Re: In addition
It's sort of like having an "uncrackable" lock. Maybe nobody can crack the lock, but if they blow a hole in the safe, the lock was meaningless. That's what I meant by "no encryption is unbreakable"; it's not the encryption that's the problem, it's that the keys to the encryption, whether passwords or even physical keys, are always less secure than the resulting encrypted data. Ultimately, if someone is determined to get into your encryption, they're going to find a way to do it, and it's probably going to be by targeting a vulnerability other than the encryption algorithm itself.
So yes, if you have some super-secret data that's relatively short, made of 100% random characters, and you can successfully protect the key from anything and then completely destroy it after use, then you have unbreakable encryption.
But after all that you might as well just keep the original information in your head and tell someone in a soundproof faraday cage =).
[ link to this | view in thread ]
Re: Re: Re: Re: In addition
Also, it can help prevent your friendly neighborhood police from sending your personal photos to other officers. After all, encryption can only lead to abuse, not prevent it, right?
[ link to this | view in thread ]
Re: Re: Still misses the point..but just barely this time.
[ link to this | view in thread ]