Major Tech Companies Send Letter Decrying Encryption Backdoors To President Obama

Status
Not open for further replies.

stevenrix

Distinguished
May 30, 2010
118
0
18,680
How ironic, these companies crying "wolf" are the same companies who helped China make it more secure with the "Great Firewall" ten years ago. They shot themselves in the toes for sure, but in secret their attitude is completely different from what we are being told in reality.


 

t53186

Distinguished
I'm actually glad President Obama and members of the Administration have become "transparent" or opaque, at least we know some of what they are up to and have a chance for the people (business) to stand up to the government.
 

razor512

Distinguished
Jun 16, 2007
2,130
68
19,890
One issue that is not properly explored, is the main flaw of a backdoor. Anything that gets in the way of trust no one security (where only the user of the device has the key), will create an attack vector that will be broken in the future.

For example suppose your communications with a company involves the transmission of some highly sensitive data that you cannot easily change. For example, your social security information and a wide range of financial and historical information that can be used as part of social engineering to perform identify theft.

If that communication system uses encryption with a back door available, then it suddenly becomes highly desirable for criminals to simply work on capturing the encrypted data in bulk for decryption at a later date when the backdoor is discovered by the back doors.

Modern encryption is very simple (simpler than it was in the past). It does not rely on there being some secret algorithm to encrypt, instead it relies on an operation that is quick to do one way, but insanely slow to reverse.

For example, I bet that roughly 99.9% of the readers of this site can teach a toddler how to begin the process of cracking most of the industry standard encryptions within 2 hours.

And this is by design, the encryption is fully open source and it does not rely on hiding any aspect of its self. Instead it encrypts and by understanding how it does it, you also know how to undo it, the downside for the malicious user is that even with 2015's fastest super computer, it will take trillions of years to crack.

When you have a back door, you are creating a way for law enforcement to bypass trillions of years of work to crack a modern industry standard encryption. Due to that, if the back door is discovered, then the criminals will have a field day decrypting all of the encrypted data that they have been capturing while waiting for the backdoor to be discovered.

What the FBI wants is for encryption to essentially go back to the days of the enigma machine. The flaws with the old encryption methods is they relied on all or part of how they functioned to remain secret, and what that secret was discovered, and then all past recorded, and future encrypted content can easily be decrypted.
Another example is a bribe that the NSA did in order to try and have a flawed elliptic curve encryption. It seemed secure even to experts for a while, but then someone found the flaw, and thus was instantly able to decrypt all traffic using that flawed curve. The flaw was the NSA's backdoor, and that is essentially what is trying to be put into law. Encryption that on the surface looks secure, but hidden somewhere, is a flaw that allows the content to be decrypted with no effort. When such a flaw is discovered, you cannot simply retroactively replace the encryption on old data. That flaw is known and all of the old data is now no longer protected for all those who have used it.

Proper encryption using salted hashes to avoid the allocation of resources by criminals because it is only ever good for a single hash. Lets assume that you have multiple accounts with different companies, all of which implemented the industry standard crypto 100% properly. If a criminal decided to do something like devote every CPU on the planet to cracking the encryption to your account with company A, then in order to crack it for company B, they would have to repeat the entire process.

If a backdoor is created then if they break it for 1 system, then it is broken for everyone.

Remember, with current crpyto, there is no confusion on how to crack it, and that is what makes it amazing. It fully details exactly what it does to the data and even with knowing that, the most efficient way for you to crack it will require super computers working for trillions of years.

Even with computers getting faster each year,it is likely that you will be long dead before the current crypto is fully broken to a point where it is trivial to break. It never looks for ways to be unbreakable.

PS, the rock solid crypto is already available in open source. if a law is passed that will force backdoors to be used, then then the criminals will still have access to that crypto.
 

Lordos

Reputable
May 7, 2015
19
0
4,510
How ironic, these companies crying "wolf" are the same companies who helped China make it more secure with the "Great Firewall" ten years ago. They shot themselves in the toes for sure, but in secret their attitude is completely different from what we are being told in reality.

so your point? You want Great USA firewall just because China has one? Well tbh I would not care as long as it wont distort internet for rest of the world.
Its only good that such companies publicly complain against such government bullshit.
 

Christopher1

Distinguished
Aug 29, 2006
666
3
19,015
razor512 got most of the issues but I think he left out one big elephant sized one: That sooner or later, the keys to the 'backdoor' will be leaked and malefactors of ALL stripes will be using the backdoor to hack into people's systems.
That is why NO backdoors is the proper route to go.
 
Status
Not open for further replies.