You can do encryption backdoors
cafereview.xylon.me.ukThe author forgets that governments aren't very good at protecting their own secrets.
For example, if even the NSA can't protect its own secret hacking tools from leaking, why should anyone expect they, or any such entity for that matter, can be trusted to always protect all their secret keys? Answer: They can't. Any other answer is a fantasy.
Unless I am missing something here, it seems this problem utterly destroys the author's argument.
I'm not sure if this is actually the case. HSMs exist and it should be well within the governments capabilities to implement sufficient physical controls to defend against attacks.
I mean, they seem to manage pretty well with nuclear weapons.
>I mean, they seem to manage pretty well with nuclear weapons.
"Seem to" but no. They don't. With countries like North Korea, Iran, Pakistan and China all having got ahold of the know-how to make nukes, all evidence is that government has failed spectacularly on this front.
Is there any evidence that those countries got access to US nuclear secrets?
Science and engineering technology has advanced considerably since it took a Manhattan project for the US to build them. Plus, even from the beggining, the US was not the only country reasearching the tech; so if those countries did use another countries classified nuclear info, said info might still have originated outside of the US
>Is there any evidence that those countries got access to US nuclear secrets?
There is no evidence that they didn't. And why qualify your question with United States? The leakage of secrets we need to be concerned about is not just from the US. If they got secrets from non-US countries, that is a concern too.
Turning back to encryption backdoor keys, other countries, besides the US, will also have these keys, if such a thing is instituted. The leakage of these keys will have consequences for everyone, in all countries, even if the keys are different for different countries. International communication and commerce is a commonplace daily activity for most of us now, so a breach of security anywhere can affect people everywhere.
I don't believe so. If one of those states managed to seize a US nuclear weapon, that'd be evidence of such a failure.
The specific case of protecting backdoor keys really comes down to keeping from getting physically stolen, which at least the US government should be perfectly capable of.
Mere assertions that they "should be perfectly capable" are just vacuous statements that don't mean anything.
1) We're not just talking about the US government that will have access to keys.
2) The US government has shown itself to be perfectly capable of losing secrets. I'm not saying, as you did, they "should be." I'm saying they have proved it. So have the governments of other countries.
3) We don't know how those countries got all the information they have. We may know where some of their information came from, but not all of it.
4) NSA is supposed to be our best and brightest at protecting secrets. Look what they did.
5) Some proposals for encryption backdoors allow for access by law enforcement at almost any level, down to local sheriff / police. They would probably stop just above mall cop, if they could.
If you have a retort to just some of these points, unfortunately that doesn't fix the problem. You would have to be able to answer all of them. A leak only takes one weak point.
>We're not just talking about the US government that will have access to keys.
Well I doubt the $insert_country would want to share their keys with others. Why would they? It'd make far more sense to send in encrypted message and get decrypted message back.
>The US government has shown itself to be perfectly capable of losing secrets.
But not even remotely comparable secrets. We're essentially talking about a physical item here, not a secret you can lose without losing possession of that item.
>Some proposals for encryption backdoors allow for access by law enforcement at almost any level, down to local sheriff / police
This may present logistical challenges for handling decryption requests, but I don't see it as a huge issue for keeping the keys from leaking.
Obviously I'm not actually advocating this, I just think that you're making some rather dishonest arguments here.
>We're essentially talking about a physical item here
I don’t even... OK, you have yourself a nice rest of your day.
How do you propose the keys would escape a HSM? You wouldn't keep this stuff connected to the network, so someone would have to get physical access to even attempt to attack it.
lol!
Do you even know what a HSM is? Did you consider their existence before initially commenting?
If you do know what HSMs are, do you believe that they’re all useless?
Idk where the “lol!” came from, we’re talking about extremely standard cryptographic key storage here.
You are seriously not trolling? Google “weakest link” and re-read the thread. An HSM is not magic and does not fix all the problems.
How would a government lose control of keys generated and stored within a offline HSM in a shielded room, without actually losing possession of that HSM? This is very obviously not unfeasible to implement in a secure manner.
So far you've only given examples of secrets which are really easy to lose control of, this simply isn't one.
I'm not trying to argue that this should be done, you claimed this can't be done which is obviously false
I claimed what? Let's see the quote.
Reality is simply more messy than what you are envisioning.
What do you think an HSM is good for?
I think at best this supports my point, despite the sloppy launch control none of these nukes were hijacked.
Extracting keys from a securely stored HSM designed to prevent key extraction should present a far bigger challenge than keying in 00000000 to launch the missiles.
Am a near know-nothing when it comes to encryption.
While asymmetric key encryption like PGP can indeed be used to encrypt for multiple agencies, is something similar possible for symmetric key encryption algorithms? Presumably when people are storing their own data in encrypted format, it's some symmetric key encryption that is used?
Of course one could get around that by using PGP to encrypt a randomly generated password which then is used as the passkey for symmetric key encryption like aes-256? Like the SSL handshake?
But then the original problem stays. If for some reason, the government's private key were to leak, they'd render all data vulnerable.
But perhaps even THAT can be worked around by issuing the govt. a new private key per user?
>If for some reason, the government's private key were to leak, they'd render all data vulnerable.
Yes and keep in mind that if private keys leak, this fact may be kept hidden from the government, so the vulnerability of the data could also be unknown to the government. And master keys can leak too. Of course the government would work very hard to protect these keys. Just like they protected the NSA's hacking toolkit that leaked.
Or, for that matter, the TSA's quite literal master keys.
>Just like they protected the NSA's hacking toolkit that leaked.
There's simply no comparison to be made between keys stored and generated offline in a high-end HSM and warez.rar being passed around by a bunch of analysts.
In both instances they are things meant to be kept secret.
"Can't" was never the problem. It's definitely technically possible.
The problem is, once you give the government this special key (ie your recipient #2 on your GPG file), how do you trust them to not let it fall into bad actors' hands?
Sounds like the author hasn't heard of the clipper chip.