SoylentNews is people
SoylentNews
In response to the news of what's going on in Australia, Derek Zimmer over at Private Internet Access' blog covers split key cryptography and why government back doors don't/won't/can't work. Attempts to regulate cryptography have been going on for a long while and each try has failed. He starts with recent history, the cold war, and follows through to the latest attempts to stifle encryption. These past failures give a foundation which can be applied to the current situation in hopes of understanding why cryptographers around the world are universally against these kinds of schemes.
The new proposal touted by the NSA, GCHQ, The Australian government and others is a simple evolution of Key Escrow. The proposal is key escrow with split-key cryptography, which is just key escrow with extra steps. There is still a "Golden Key" that can decrypt all messages from a particular service, but this time, two or more entities have pieces of that key. The concept, popularized by a Microsoft researcher, is said to solve the problem of abuse, because all parties have to agree to decrypt the messages.
Earlier on SN:
Australia Set to Pass Controversial Encryption Law
Apple Speaks Out Against Australian Anti-Encryption Law; Police Advised Not to Trigger Face ID
When's A Backdoor Not A Backdoor? When The Oz Government Says It Isn't
Australian Government Pursues "Golden Key" for Encryption
and more
(Score: 3, Interesting) by exaeta on Sunday December 09 2018, @03:42PM (5 children)
Speaking as a crypto nerd, our computer systems today aren't secure enough to handle data of that level of senstivity. Though it could work in principle if each message was encrypted with a transient key and that key is encrypted twice, once to the corp and once to the government, thsi could in theory allow decryption of messages with joint consent. Now the issue would simply become "what if both keys are stolen" instead of just one key. Much more secure than before, but the fundamental issue is the same.
The Government is a Bird
(Score: 2) by JoeMerchant on Sunday December 09 2018, @06:33PM (3 children)
I'd say that the fundamental issue is that it is far easier to manufacture your own secure crypto than it is to build a flint-lock rifle, anybody who cares can hire it done for a trivial cost. Thus: when secure crypto is outlawed, only outlaws will have secure crypto.
🌻🌻 [google.com]
(Score: 2) by opinionated_science on Sunday December 09 2018, @06:55PM (2 children)
it's maths. It cannot be erased or hidden, unless there is "Pol Pot" type of human fuckery that goes on and kill everyone that can multiply...
This is a complete grab for power, no matter how "desirable" the fantasy LEO access is - it's impossible to have a secure third party.
At least , it is in this universe*
*your universe may have different physics, but the mathematics is *the same*
(Score: 2) by JoeMerchant on Monday December 10 2018, @12:22AM (1 child)
You can put the crypto-genie back in the bottle: by taking computers away from the masses.
Kinda like putting the music piracy genie back in the bottle: by taking tape recorders away from the masses.
I do like the fact that Mickey Mouse will FINALLY be going off copyright, because the political climate has turned enough that Disney knows better than to attempt another extension now. Education of the masses is all it took.
As for crypto, maybe in another 30 years the masses will "get it" solidly enough that the spooks know better than to try anything like this in the open anymore.
🌻🌻 [google.com]
(Score: 2) by opinionated_science on Monday December 10 2018, @11:54AM
pencil and paper is all that's needed for crypto.
With what we know now, many pre-industrial age mathematicians would be able to make workable systems.
Remember, our ancestors were every bit as inventive as we are.
They just didn't have TV....;-)
(Score: 0) by Anonymous Coward on Monday December 10 2018, @03:04PM
Not secure enough? Really? It was done with Lotus Notes: https://www.cryptologie.net/article/207/one-example-of-a-crypto-backdoor-nsas-backdoor-in-lotus-notes/ [cryptologie.net]
You can do the similar thing - encrypt X bits (not all) of the session/message key using the Gov's public key. Or a variation with secret sharing: https://en.wikipedia.org/wiki/Secret_sharing#Efficient_secret_sharing [wikipedia.org]
So even if it leaks, some random hacker isn't going to spend that much resources brute forcing the rest of the bits. Whereas if the Gov runs a huge supercomputer to crack your porn stash you might actually have a good laugh out of it (assuming you don't have any illegal porn).
In reality the dangers of unbreakable crypto are overstated AND the dangers of breakable crypto are overstated too[1]. People have been using plaintext credit cards or similarly zero-level crypto stuff for financial transactions and the world didn't end. And my bet is that in most cases even if terrorists are stupid enough to use breakable crypto all that'll result in is the Gov will be able to decrypt their stuff AFTER they've committed the crimes. Many of those terrorists in Europe didn't use unbreakable crypto and they still didn't get stopped - they used burner phones ( https://arstechnica.com/tech-policy/2016/03/paris-terrorist-attacks-burner-phones-not-encryption/ [arstechnica.com] )
[1] Since if you really cared you'd secretly use unbreakable crypto too and/or have your secrets in a different country.