Internet and e-mail policy and practice
including Notes on Internet E-mail


2019
Months
Oct
Nov Dec

Click the comments link on any story to see comments or add your own.


Subscribe to this blog


RSS feed


Home :: Security

24 Oct 2019

Crypto back doors are still a bad idea Security

In the always interesting Lawfare blog, former FBI counsel Jim Baker in a piece called Rethinking Encryption reiterates his take on the encrpytion debates. There's a certain amount that makes me want to bang my head against the wall, e.g.

After working on the going dark problem for years, I'm confident that this problem can be addressed from a technical perspective. In most cases, it's just software, and software can be rewritten.

But it's worth reading to remind us of what the other side is thinking, even with a lot of motivated reasoning that makes him conclude that Congress can pass some laws and the going dark problem will be solved.

A reader who is relatively new to this fight asked me is there's a short and accessible explanation of why crypto back doors can't work.

The usual source is the Keys Under Doormats paper written in 2015. Nothing of importance has changed since then, or for that matter since the Clipper chip arguments in 1994.

The essential point is that either a crypto system is secure or it isn't. No software can tell whether a back door key is being used by the FBI, or by the Russian FSB, or a venal version of Ed Snowden who's selling it to the highest bidder. Beyond that, more complexity means more bugs, and back doors are complex. One of the reasons the Clipper chip failed was that people quickly found ways to circumvent the key escrow feature depite it having been carefully designed by the NSA.

The response by law enforcement has always been that we should nerd harder. Their faith in our skill is touching, but their arrogance that they understand what we can do better than we do is not. Crypto is math, not engineering, and they're telling us that if we just try hard enough we can make 2+2 = 3 ¾.


posted at: 12:05 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/Security/noback.html

Topics


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

CAUCE
Criminal Abuse of Domain Names: Bulk Registration and Contact Information Access
20 days ago

A keen grasp of the obvious
My high security debit card
326 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse



© 2005-2018 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.