G+_Neil Sedlak Posted January 23, 2015 Share Posted January 23, 2015 At the risk of hearing Leo read this in his “nerd voice”… I am disappointed that Steve spent an entire podcast trying to narrowly enough define “backdoor” such that “inclusion of a method that allows individuals not intended by the creator to view encrypted data” didn't fall into it. Making the argument that it’s not a backdoor because it’s cryptographically strong only serves to confuse the conversation. It is still a secret, outside the control of the creator of the data, which could compromise the data. An alternate/additional/master key is and should be considered an asymmetric backdoor when it is included against the will of the creator. We would certainly claim that a master key secretly coded into an algorithm is a backdoor, and the fact that it is known, intentional and blatant shouldn't remove that designation regardless of the mathematical strength of the system. That's my two cents on the issue. http://twit.tv/show/security-now/491 Link to comment Share on other sites More sharing options...
G+_Christopher Hopper (CHo Posted January 23, 2015 Share Posted January 23, 2015 At least it was on topic. I'd rather listen to a debate over what is a backdoor, than a description of what Steve's latest favourite TV show is, or his latest diet. ;-) Link to comment Share on other sites More sharing options...
G+_Vernon White Posted January 23, 2015 Share Posted January 23, 2015 It was nice to have the technical discussion about possibilities and security rather than have knee-jerk "it's bad" discussions. As Steve pointed out, Apple iMessage is basically able to do this now, so commercially it is a viable and tested second front door technology usable now. So implementation is doable now. The issue is whether a TNO solution doing point-to-point encryption would be legal with the suggested legislation. True TNO not going through a server like iMessage (where keys are stored on the server and a two-step encryption chain is in the header of the messages detailing the 2nd blob used for encrypting the messages) would not allow anyone to decrypt the message outside of the sender and receiver. That is the technical hurdle the theoretical legislation (and political and law-enforcement backlash) are addressing poorly. That part is political. Steve and Leo did a good job trying to avoid it. I'm happy with the errata and side-conversations. That helps counter the over-whelming security news and deep, propeller-head episodes. Great show Leo and Steve. Thanks for doing it for the last 10 years! Link to comment Share on other sites More sharing options...
Recommended Posts