The NSA Wants Tech Companies To Give It "Front Door" Access To Encrypted Data 212
An anonymous reader writes The National Security Agency is embroiled in a battle with tech companies over access to encrypted data that would allow it to spy (more easily) on millions of Americans and international citizens. Last month, companies like Google, Microsoft, and Apple urged the Obama administration to put an end to the NSA's bulk collection of metadata. "National Security Agency officials are considering a range of options to ensure their surveillance efforts aren't stymied by the growing use of encryption, particularly in smartphones. Key among the solutions, according to The Washington Post, might be a requirement that technology companies create a digital key that can open any locked device to obtain text messages or other content, but divide the key into pieces so no one group could use it without the cooperation of other parties."
Right up until... (Score:5, Insightful)
A government body gets the whole key and then has it stolen from them and we're all left with our trousers down in a changing room made of glass.
No. If there is an EASY way to decrypt information, then that data is NOT SAFE and the encryption is useless.
Re:Right up until... (Score:5, Insightful)
A government body gets the whole key and then has it stolen from them and we're all left with our trousers down in a changing room made of glass.
No. If there is an EASY way to decrypt information, then that data is NOT SAFE and the encryption is useless.
Yep. In the meantime, one of the few advantages US companies have - software and web services - will be made completely worthless. If I am a bank, healthcare company, or whatever (it really doesn't matter) , I demand my data be secure. An NSA back door, front door, trap door, barn door means that there is a built-in insecurity.
Right now, I do not think any American made software is secure enough for my business. We have achieved a state where business and government concerns are in direct conflict.
I think a lot of it has to do with this Big Data fad. They seem to think that the more data they have, the more computing power they have, and the less security we have allows them to "get their guy". We have an out of control security bureaucracy.
But as the US slips more and more into a police state (I was just ordered last week to hand over my license at a road block - they were stopping everyone. Papers please! actually it was "hand it over, now!), I just have to wonder with our freedoms and privacy being eroded everyday, just what does the US stand for anymore?
Re:Right up until... (Score:5, Informative)
Apparently the Supreme Court decided that that would be unconstitutional, but it's Just Too Important(TM) so it's fine. [duicheckpoints.net]
Re:Right up until... (Score:5, Informative)
Wow, I just looked into that some more and it's pretty horrifying. The ruling was more than it being "Just Too Important(TM)", it was that it is too important to the State. That line of reasoning allows for just about any unconstitutional law to be upheld. Even the dissenting decisions were more concerned with the effectiveness of the checkpoints and considered the violation of the Fourth Amendment that they represent an accepted and foregone conclusion.
The majority opinion from Rehnquist: "In sum, the balance of the State's interest in preventing drunken driving, the extent to which this system can reasonably be said to advance that interest, and the degree of intrusion upon individual motorists who are briefly stopped, weighs in favor of the state program. We therefore hold that it is consistent with the Fourth Amendment."
Re: (Score:2)
I would argue two points.
1) "Random inspections of vehicle safety and driver sobriety are a reasonable way to ensure that we can use the roadways safely"
Do we have actual evidence of a decline in drunk driving through the use of checkpoints, or is it just accepted because it sounds effective? If they're not effective, then the whole argument is moot.
http://www.thecrimereport.org/... [thecrimereport.org]
https://en.wikipedia.org/wiki/... [wikipedia.org]
2) Balancing tests are only appropriate when there are no other options, such as in the cour
Re: (Score:2)
I don't recall the Fourth Amendment mentioning an exception for unless you really want to.
Re: (Score:2, Insightful)
But they're not protecting the people any more.
They are now protecting the state. They have been for many years, they just tell you they're protecting the people.
That was what the Soviet government was doing, too.
Re: (Score:3, Insightful)
It's an emergency, because we are being overrun by terrorists and child molesters.
That makes it ok.
Re: (Score:2)
Re: (Score:3)
Child Molesters? Nope. NSA does not do civilian issues.
However, there are ppl that want to kill the NSA, and turn over this kind of technology to FBI.
THAT IS WHAT YOU SHOULD FEAR. If the FBI, or groups like DEA, WHO HAVE REAL POWER, should get this kind of power, then you should fear.
And what is needed with this, is to not allow congress to ever again remove the oversight, like the GOP did i
Re:Right up until... (Score:5, Insightful)
Well said.
I find it unlikely that the NSA doesn't know how this will affect the US software/tech industry. Which means they are deliberatly trying to undermine an entire sector of the US economy. I call this treason. Many of these traitors took an oath to defend the constitution, yet they publicly announce how their desire to do the exact opposite.
I know some of you are thinking that this is a crazy idea, because the US definition of trason is a difficult standard to meet due to the requirement to show that the traitor is "making war" against the countyr. Well, what else do you call the deliberate undermining of the most profitalbe sector in our economy? Modern weapons of war include a wide variety of tools, not just rifles and tanks. More importantly, this is exactly the kind of type of methods the CIA has used to "destabalize" other countries.
Re:Right up until... (Score:4, Insightful)
Please (Score:2)
You think that America is the ONLY one that has loads of backdoors? You are a REAL idiot, or work for the Chinese gov.
Re: (Score:3)
Re: (Score:2)
Do note that China already said that all businesses must give access to encrypted data. Russia has always insisted on it. And France is saying that they want access to encrypted data (they, like ALL GOVs., access public comm). Shortly, all
Re:Right up until... (Score:5, Informative)
Even if it were somehow perfect, the NSA has proven itself to be untrustworthy. It apparently can't even police its own staff to stop them spying on their girlfriends and wives, let along stop them walking off with huge archives of information. If Snowden could do it then I think it's reasonable to strongly suspect that the Chinese, the French and anyone else interested in that stuff has infiltrated them too.
Re:Right up until... (Score:5, Insightful)
You can bet that if Snowden could get access then there are hundreds of NSA employees and contractors that are trading on this information. No domestic or foreign corporation or state wants the NSA to have unfettered access to their data like this, because such access will be and is being abused.
Put it this way, say you are trying to get a contract where General Electric is a competitor. And someone in the NSA is tapping all of your salesmen's communications and documents and passing them to the GE's sales team....
Re: (Score:2)
Re: Right up until... (Score:3)
Or a hacker finds a way to break in without the "keys."
It doesn't matter how many "pieces" you split the key up into if someone can just busy down the door and take whatever they want. Adding a back door to an encryption product is just asking for someone to break that back door down.
Re: (Score:2)
A government body gets the whole key and then has it stolen from them and we're all left with our trousers down in a changing room made of glass.
No. If there is an EASY way to decrypt information, then that data is NOT SAFE and the encryption is useless.
I think that they should get the encryption algorithm, but the actual key, speak to the individual party, and to a judge that would authorize a search warrant.
Imagine that each subscriber gets to choose his encryption key, and a vigenere string to salt the encrypted result.
The NSA requests you stop sealing envelopes (Score:5, Insightful)
As you all know, our country is subject to terrible terrorist threats. It has come to the attention of your friends at the National Security Agency ("we put the security in the national") that terrorists have, under certain circumstances, used the United States Postal Service, United Parcel Service, and Federal Express in order to facilitate their terrorist doings. Therefore, we would appreciate it if, effective immediately, you stop sealing your parcels and envelopes, to make inspection easier.
This is for your protection. Please don't object, or we'll have to illegally open your items and lie about it. Thank you.
Re: (Score:3)
.[Terrorists].. under certain circumstances, [have] used the United States Postal Service, United Parcel Service, and Federal Express in order to facilitate their terrorist doings.
I don't see where this is true at all. According to numerous, recent news reports, the only thing that domestic terrorists have used to advance their cause has been the FBI.
Let's get rid of them and see how things improve.
Disturbing this is even being openly discussed (Score:5, Insightful)
Re: (Score:3)
What do you expect when people rather spend more time crying foul and protesting expensive internet and entertainment than something that affects their rights. Romans knew to let there be games, to keep the masses busy from free thinking.
Re: (Score:2)
The Roman Empire fell because they spread themselves too thin and outsourced their military to fill in the spots they couldn't cover.
Re:Disturbing this is even being openly discussed (Score:4, Informative)
They fell for a number of reasons - any one of which they could have shrugged off, but they all came at once. Rebellions from inside, invasions from the east, loyalty to the empire strained by imposed religious reformation to some strange new monotheistic cult and economic struggles as an empire built on constant expansion ran out of new land to invade for tribute - and then all that during a succession crisis which left the empire fragmented and unable to muster up a unified response. There's no one factor that lead to the collapse, and the collapse itsself was a slow process - you can't find a single year and declare the empire ceased to exist here.
Re: (Score:2)
You're right, it did. I named two specific reasons.
Although admittedly, by not mentioning any others I implied they were not relevant.
Re: (Score:2)
They fell for a number of reasons - any one of which they could have shrugged off, but they all came at once.
Well... "at once" over the course of several hundred years.
loyalty to the empire strained by imposed religious reformation to some strange new monotheistic cult
That strained the Senate far more than the general populace, who were quite happy accepting yet one more god.
and then all that during a succession crisis which left the empire fragmented and unable to muster up a unified response.
If you're going to say the succession crisis caused the collapse in the latter years of the empire, you need to explain why the succession crisis didn't cause the same problems during the Crisis of the Third Century.
you can't find a single year and declare the empire ceased to exist here.
September 4, 476 was the official end of the Western Roman Empire. The Eastern Roman Empire lasted 1,000 years after that, when
Re:Disturbing this is even being openly discussed (Score:4, Interesting)
Yep. We have our reality TV, March Madness, the Super Bowl, the World Series (heck, professional sports in general), lotteries, celebrity worship, and so on and so on. There are already plenty of distractions to keep the American public from concentrating on, or even learning about, how their freedom has been taken away from them.
Re: (Score:2)
Only through inaction on the part of the citizenry. The fact that they have to ask for this shows we are achieving technical parity. It is up to the citizens to protect the citizens, and we can do exactly that.
Ignoring the question of whether they should be reading the mail (that's another topic, don't dilute this thread), we have effectively been sending post cards instead of envelopes.
We would not have switched to encryption everywhere without this, so it's a problem of their own making. And now it's a
Re: (Score:2)
Re: (Score:2)
While Rome burns...
close, but wrong city... at least according to St. Vincent [youtube.com]:
All your eggs in one basket. (Score:5, Insightful)
Every weakening of security aids not only law enforcements but criminals as well.
Re: (Score:2)
If a single key can open all the doors
Not that it makes much difference to the substance of your point, but I don't think anyone's proposing literally a single key. It could (hypothetically, naively) be one split key per company, or per product, or batch of a product, or maybe even one split key per "real" key.
I might be missing something which rules out any or all of those possibilities, though.
Re:All your eggs in one basket. (Score:4, Insightful)
...and if you only have part of the key, why should you devote resources to protecting it? Let the other guy worry about that.
Kind of like immunization...
Heh (Score:3)
When the NSA says these kinds of things, it's like they are saying that they are immune to being cracked.
Re: (Score:3)
When the NSA says these kinds of things, it's like they're saying something that they know is completely ridiculous to turn your attention away from something far more insidious that they're up to.
Ok. (Score:3, Insightful)
While we're asking for stuff we want, I want one billion dollars a year of NSA funding redirected to me. I'll spend it all on providing college scholarships.
I believe my idea is better than theirs: educated, autonomous individuals make for a better society than fear and authoritarianism. Who's with me?
Re: (Score:3)
make for a better society
So clearly it will not happen.
one key, eh? (Score:2, Insightful)
One (partitioned) Key to rule them all, One Key to find them,
One Key to bring them all and in the darkness bind them
need anyone say more?
Re: (Score:3)
One (partitioned) Key to rule them all, One Key to find them,
One Key to bring them all and in the darkness bind them
need anyone say more?
At least in the Tolkien fantasies we got orcs, wizards, castles and beautiful elvish women. Here we just get a bunch of overweight, ugly guys, some half assed Star Trek furniture and an ugly old building from the 1960's.
No key until they at they at least update their image to include a smoking volcano.
Dupe. (Score:3)
Re:Dupe. (Score:5, Funny)
Yes, but unless you have all the parts you can't get the whole story.
Re: (Score:2)
Note who gets the parts. Government, Government, Government. NSA, CIA, DEA, ATF, FAA... How long before they share? Can you say smokescreen? Appease the public. What they don't know. Works until another Snowden incident.
Yeah ok (Score:2)
..and these separate entities will be compelled to comply with an NSL, right? Fuck that bullshit. The problem here is statist/authoritarian politics not technology.
Re: (Score:3)
Which is why, if this insane policy is enacted, there needs to be another requirement: if the NSA tries to get the other pieces, the director of the NSA gets executed on live TV for treason. So does every official or agent involved in the operation. Same goes for every other government agency.
Really, though.
Re: (Score:2)
Now is it the NSA that wants this stuff or is it the corporate masters of the politicians who appoint corporate stooges to run those three letter organisations. Don't like you politics, they want to be able to totally fucking destroy you, make you a non person. Deny all you citizen rights, make it impossible for you to travel, ensure you have only the most menial degrading employment, and if necessary silence you and using extremely belligerent and violent law enforcement who will kill during the arrest (n
Great for free software (Score:3)
Such backdoors aren't enforceable in open source projects. If this comes to pass then free software will have a great competitive advantage.
Re: (Score:2)
Re: (Score:2)
Open source projects are very geographically mobile. New forks would rapidly appear, managed outside of the US.
Re: (Score:3)
Re: (Score:2)
This exactly. Even IF somehow open source projects were "forced" to include a back door...then knowledgeable people could easily just remove the back door from their copy. And explain to others how to easily do it on some forum hosted outside the US.
It's quite obvious that if major companies had to give their keys to the NSA, then owning or distributing software that doesn't do this would be in itself made a serious crime.
Re: (Score:2)
Reminds me of warnings on grape juice concentrate sold during prohibition: "After dissolving the brick in a gallon of water, do not place the liquid in a jug away in the cupboard for twenty days, because then it would turn into wine."
Could we get something similar: "After downloading the code, do not remove lines 33-67 of Encrypt.c, as this will disable the legally mandated NSA back doors"
Re: (Score:3)
Could we get something similar: "After downloading the code, do not remove lines 33-67 of Encrypt.c, as this will disable the legally mandated NSA back doors"
Or... do not compile this code without #defining INCLUDE_BACKDOORS as this will disable the legally mandated back doors.
Re: (Score:2)
You may find this [bell-labs.com] interesting reading.
In old versions of UNIX (not open source, but only because there was no such distinction at the time - the source was very much available) the compiler would add code to any program you tried to compile named 'login'. You could look at the source for the login program all you want and never see the backdoor. You also would have a hard time finding the code in the C compiler.
And this was just something Ken Thompson did to prove that he could. Imagine what the NSA woul
Re: (Score:2)
Re: (Score:3)
Why does this keep coming up?
This problem is solved: http://www.dwheeler.com/trusti... [dwheeler.com]
Re: (Score:2)
Until they pass a law demanding that all encryption software must be able to comply with lawful warrants to decrypt the contents and outlaws the rest, making it a crime by iteself. Or just create some procedural rules to keep you in contempt of court until you decrypt it. You really think they're going to clamp down on all proprietary software and totally ignore open source just like that? I admire your optimism but if they can make this happen open source encryption will be on death row.
Re: (Score:2)
I doubt it's actually possible to enforce encryption backdoors beyond a few major vendors. The result would be similar to exiting attempts to prohibit reverse engineering. It's impossible to outlaw debuggers, disassemblers, logic analyzers, and similar tools. It's like outlawing radios that can tune in to any station. It's been done, but it's not all that effective.
Even if all software from major vendors like Microsoft, Apple, and Google implemented protocols with backdoors, correct implementations of the u
Re: (Score:2)
I doubt it's actually possible to enforce encryption backdoors beyond a few major vendors. The result would be similar to exiting attempts to prohibit reverse engineering. It's impossible to outlaw debuggers, disassemblers, logic analyzers, and similar tools. It's like outlawing radios that can tune in to any station. It's been done, but it's not all that effective.
It's not a backdoor that they want, it's a key to the front door :-(
Here's what they can do: Download an open source package. Send an encrypted email to themselves. Check that they can decrypt it with keys supplied by the software. If not, use all the force that the US police can muster to stamp the supplier out of existence.
Re: (Score:2)
Also, great for the economy of everywhere but USA. It's an incentive to not have a presence in the country to avoid such laws.
Re: (Score:2)
Until free software gets outlawed for not having them or they make criminals out of people who disable the back doors.
I have no faith the something like that would be impossible to happen.
Re: (Score:2)
"free software will have a great competitive advantage."
There's not even motivation to get enough labor to look for security bugs in free software, let alone for deliberate misfeatures. To get it done you'll have to pay someone to do it, and then you'll have a competitive advantage if you have done it with non-free software.
Fwiw, last time it didn't work. (Score:5, Informative)
The designers of the Clipper chip (http://en.wikipedia.org/wiki/Clipper_chip) had just about the same method in mind: encryption for the users, with an independent organization knowing the master keys and being able to hand over session keys to decode communications to government institutions. It was actually the reason why PGP etc were invented.
We have a similar situation here: the gov wants to have the keys to encrypted machines. Theoretically, the same arguments can be brought up again: it's bad because the keys may leak, it weakens the encryption because there's another set of keys that can be bruteforced or found in a smarter way, but it's also pretty ineffective: the phones that allow people messing around in their systems (Jolla, Ubuntu phones, rooted Androids) will just have third-party, non-gov-approved encryption in them and criminals (and people not really comfortable with NSA snooping) will subsequently use these.
Re: (Score:2)
the phones that allow people messing around in their systems (Jolla, Ubuntu phones, rooted Androids) will just have third-party, non-gov-approved encryption in them and criminals (and people not really comfortable with NSA snooping) will subsequently use these.
They'll prohibit and penalize that by restricting such tools, the same way they did with "circumvention tools" in the DMCA. Banks and those with "legitimate" needs excepted, of course.
No problem (Score:3)
If one the parties is the user and he gets to keep HIS part of the key, so that nobody can decrypt his data without him giving up his key, fine.
Would miss the point though...
The key has been scattered across this land... (Score:2)
Well, this scheme would effectively make it impossible for any party to complete the key. As each organization embarks on the quest to collect the shattered fragments of the key they will all invariably get stuck at the Water Temple and just give up.
Well, that's a load of horseshit (Score:5, Insightful)
There's no "centuries-old social compact" or whatthefuck ever, let alone one around warrants.
What a sack of shit.
And, yeah, the idea that you're going to have this magic key that only good guys can use is also technically and operationally impossible... as every single person in the NSA or anywhere else in the federal intelligence or law enforcement agencies knows damned well. I assume they want to create it so that they can steal it and use it for mass attacks. If they don't want me to believe that, well, they need to overcome their decades-long pattern of established behavior.
Re: (Score:2)
There's no point in my replying to such total clueless incomprehension of my three paragraphs of explanation.
But I do want to correct this misapprehension, because I can see where it might come from:
The "sack of shit" I meant was Mike Rogers, personally. I wouldn't want anybody to think I hadn't meant to insult that sack of shit.
Re: (Score:2)
There are two parts to this: "wiretap-like" ephemeral communication, and "personal-papers-like" data stored in devices (and, more importantly in this debate, in associated cloud services).
On the far more important personal papers side, there has simply never, ever been a time in the past when you could expect as a matter of course to get somebody's personal papers surreptitiously, from a third party. Yes, you might have gotten lucky and been able to do that, but in the vast majority of cases you were going
bow tie and nice NIST endorsement (Score:2)
Key fragments? Can we have that with a bow tie and a nice NIST endorsement?
Even if you wear the regal black cloak of the Central Malfeasance Agency, when you're found out, it can and will be held against you.
Ho hum. This is clipper chip [wikipedia.org] redux.
i really don't get it (Score:2)
their profiled "terrorists" are usually from societies that are accustomed to communicating covertly without any electronic means.
i'm not an expert in terrorism or communication, but i was a punk kid once that did bad things. even i was smart enough to know that if you were planning something big and illegal, you didn't go calling people about it, or writing it down.
do they really think that someone is going to send an email or text message saying "hit the big red button 12:30 next tuesday"? or that someo
Re: (Score:2)
someone will save a map to a warehouse of deadly weapons in "the cloud" and name it "weaponsmap.jpg"?
of course they don't.
Of course they will.
That's what the decoy map is for.
Trust is a two-way street (Score:2)
We'll give the NSA expedient access to our encrypted data...
When they'll confess to all possible breaches of our Constitution, and submit to the death penalty for any actual breaches.
Have we got a deal, NSA? Oh, why not? You fucking traitors.
Life for crypto experts at NSA (Score:2)
Re: (Score:2)
Or maybe they already have ways into just about everything, and this doomed request is just to create the false impression they need it?
Dear NSA (Score:2)
Dear NSA,
I would love to design the phone that you are asking for. please pay the sum of $USD 30 million into my bank account and i will organise it straight away. also, please sign a contract that you will subsidise the cost of every single phone sold because in order to add the extra encryption that you are expecting it will push up the price, and in a competitive business world nobody would buy it without subsidies.
I look forward to hearing from you shortly.
Signed, Luke Leighton
(Libre and FSF-Endorseab
Re: (Score:2)
Old German proverb (Score:5, Interesting)
Ist der Ruf erst mal ruiniert, lebt sich's völlig ungeniert.
It loses a bit in translation, but essentially the meaning is "once your reputation is ruined, you can as well stop having any shame".
Or they could do their actual job (Score:2)
If we do it for you, then don't expect us to pay you as much as we do anymore.
Do your own damn homework same as everyone else.
Giant data centers (Score:2)
So they are building insanely large data centers.... to collect metadata.
I swear that doesn't add up.
This is why in the 18th century... (Score:2)
...the founding fathers of this country outlawed the burning of slips of paper so the citizenry couldn't hide information from the government. This is just the 21st century equivalent so what's the big deal?
Okay (Score:2)
one of those parties is the customer, though
The government wants you to think.. (Score:2)
..that they are totally honest and competent, and that weakening security will only hurt the bad guys
In the real world, government security is done by people who actually want to work for the government..if you're at the bottom of the technological barrel..hey, a job is a job..and government jobs have job security. Yeah, I have to take a drug test..but that's OK..I don't use illegal drugs (within the testing window)
If you are on the other side of the fence..all that matters is technical competence
You might
A matter of priorities (Score:4, Insightful)
The US government has lost sight of the larger issue here. The tail (NSA and law enforcement) is wagging the dog.
The NSA and law enforcement agencies want to be able to intercept anything, since it makes their jobs easier. However, this runs counter to the larger national interest of the United States.
Which country has the highest level of connectedness and dependence on the Internet? Which country would be worst hurt if a sophisticated attacker was able to penetrate and conduct malicious actions using the systems connected to the Internet? The US, that's who. It is by far in the US's overall national interest to properly secure the Internet and communications infrastructure. Eavesdropping on everyone else is a secondary benefit, in comparison.
The proper role of the President and the Attorney General is to separate the desire of the NSA and law enforcement to make their jobs easier from the greater benefit to the country as a whole. They need to tell the ambitious underlings "NO" in unequivocal terms, then bitch slap them if they keep whining about it.
--Paul
NSA wants to put American out of business (Score:3)
Could you imagine if the NSA actually was permitted to do this? The moment something like this came to be true, every tech company cooperating would simply go out of business. Who would buy anything with a backdoor built into it? I wouldn't.
Shut down the NSA, to even suggest this is economic armageddon. I don't even need to go anywhere near the freedom and privacy aspects of this, I can appeal the capitalists, this is just bad for business.
Sounds good... (Score:2)
Nothing new (Score:2)
Did we all forget Clinton and their Clipper initiative? Or has it just become easier to understand for Joe Sixpack?
Good luck with that (Score:2)
The only trustworthy solution is one based on end to end encryption. The tech companies have nothing but encrypted content to move around. They have nothing to give the NSA that they could use.
What does the NSA really want? (Score:2)
Much as we dislike the NSA I don't think anyone would argue that they are stupid. Morally bankrupt, ethically challenged, constitutionally wrong - yes, but stupid - no. Therefore the NSA clearly knows that this is a stupid idea and will never work and will never be implemented. I have to believe this is a negotiating ploy (ask for something totally outrageous so that you can be bargained down to something merely obnoxious - which is what you wanted all along).
That being the case then this must be their tota
Re: (Score:2)
The death of american software (Score:3)
Re: (Score:2)
May as well shoot Microsoft in the foot.
You shouldn't argue against a thing by pointing out a positive result of it.
Hmm, hard problem. (Score:2)
Hmm,....
Re: (Score:2, Insightful)
That's the wrong attitude to take. The attitude you SHOULD take is to become one of the data controllers holding part of the key...which you simply delete.
Problem fucking solved.
Re: (Score:3, Interesting)
Hell, I gave up unencrypted evidence that was left on my pc for 10 years by my ex wife about a person that works in "Blood Money" before the pricks killed my father, and they did fuckall about it. They want access only to justify a budget, period, they don't really give a fuck about anything else.
Re: (Score:2)
assuming encryption is stacked
What does "stacked" mean in this context?
one of the escrow holders manages to create a fake key
Not quite sure what you mean. Do you mean one of the escrow holders providing a fake "part" of the key, to be joined with the other real parts, thus producing a full, but false, key? Or producing an entire fake key by themselves?
when used to decrypt some given message, produces an entirely different result than the key holder's genuine key should generate
Isn't that what all incorrect keys do? Generate a result different from what the genuine key would produce?
Re: (Score:2)
I meant to say 'generate a result that could be misinterpreted as a valid message', thus maintaining the so-thought integrity of the fake message.
Ah, I think I see where my confusion arose. When you said "one of the escrow holders manages to create a fake key" you didn't mean that the key itself was fake - it would still be right key, according to the key escrow process - but that the original encryption could have been done in such a way as to cause the correct key to return a misleading result?
produces an entirely different result than the key holder's genuine key should generate.
Not if by "genuine key" you mean the key used by the proprietary device, and for which step it also generates the secret split key to allow decryption by age
Re: (Score:2)
It wouldn't be stacked, ffs. Stacking encryption wastes compute time at best, or compromises the encryption at worst. Basically, the single encryption key would literally be split into pieces; each of k members would get N/k of the bits according to some protocol (perhaps interleaved). Shamir's Secret Sharing is an elaborate example of doing a lot better than that, so using it as an example of an attack against stacked encryption is rather ironic.
I defy you to take any currently-good cryptosystem and craft
Re: (Score:2)
Really? Republicans? That's what you're going with? Get me if I'm wrong, but didn't a major Democrat (who's running for US President) stop using her State Department provided email account so she could send her mail through a mailserver she controlled, which would not be archived, audited or available to FOIA requests? And then when asked for the mailserver contents, said "hey, we went through it all and there's nothing of interest there. Hey, is that a squirrel over there?" God thing you're posting as AC.