In the field of cryptography, a secretly planted “backdoor” that allows eavesdropping on communications is usually a subject of paranoia and dread. But that doesn’t mean cryptographers don’t appreciate the art of skilled cyphersabotage. Now one group of crypto experts has published an appraisal of different methods of weakening crypto systems, and the lesson is that some backdoors are clearly better than others—in stealth, deniability, and even in protecting the victims’ privacy from spies other than the backdoor’s creator.
In a paper titled “Surreptitiously Weakening Cryptographic Systems,” well-known cryptographer and author Bruce Schneier and researchers from the Universities of Wisconsin and Washington take the spy’s view to the problem of crypto design: What kind of built-in backdoor surveillance works best ?
http://www.wired.com/2015/02/sabotage-encryption-software-get-caught/
[Paper]: http://www.scribd.com/doc/257059894/Surreptitiously-Weakening-Cryptographic-Systems
(Score: 5, Informative) by melikamp on Saturday February 28 2015, @10:03PM
(Score: 1, Interesting) by Anonymous Coward on Saturday February 28 2015, @10:04PM
It's probably simpler than that. You just have to be assertive. Be loud. Always claim that you're right, and if anyone questions you, insist that they're wrong.
Keep insisting that you're the only one who understands the math behind cryptography. If somebody challenges you, claim that their proofs are flawed, even if they aren't.
Anyone who follows the computer security or cryptography fields even for a short time will quickly understand that it's more about personalities and strong-headedness than it is about whose theories are proven correct, and whose math is right.
(Score: 4, Funny) by Justin Case on Saturday February 28 2015, @10:24PM
Your words anger me. You don't know what you're talking about. I'm a security expert, and I'm good enough to crack your lousy "Anonymous" Coward defense. Prepare to be hacked. In fact, you already have been. Never mind that you can't see any evidence of it. I'm that good.
(Score: 2) by aristarchus on Saturday February 28 2015, @10:32PM
Wow, Justin Case is really good! Even I can find no evidence of his hack!
(Score: 0) by Anonymous Coward on Saturday February 28 2015, @10:35PM
My bumhole just spontaneously started to hurt. I think he may have hacked it. :(
(Score: 0) by Anonymous Coward on Sunday March 01 2015, @12:43AM
Come on, mods. "Flamebait"? Really? This is yet more evidence that the "Flamebait" mod needs to go. Every single time I see it used, it has been used incorrectly. Please, SN admins, get rid of the "Flamebait" mod! It's doing more harm than good.
Or better yet, leave "Flamebait" around as an option. If anyone actually tries to use it, take away all of their mod points and prevent them from ever modding again.
(Score: 4, Insightful) by RobotMonster on Sunday March 01 2015, @04:34AM
Come on ACs. Complaining about modding? Really? This is more evidence that you need to log in!
Instead of complaining about moderation, you could, you know, moderate.
You could spend your mod points solely on incorrect Flamebait mods if you liked; I imagine you'll prefer to keep whining about it anonymously...
I knew there was a good reason I normally read at +1..
(Score: 2) by fleg on Sunday March 01 2015, @09:56AM
+5 insightful.
(Score: 3, Insightful) by c0lo on Saturday February 28 2015, @10:39PM
Maybe you'd like to think so but no: no matter the personalities involved, maths simply doesn't work on assertiveness.
Simply because is just a pure intellectual construct (as such, not a science, as it lacks the experimental validation requirements), it does not allow any room for casting doubts - either you demonstrate or you are nowhere no matter how big is your mouth [wikipedia.org].
(no better area where "You can't fool everyone all the time" applies)
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Sunday March 01 2015, @12:28AM
The interpretation of mathematics by humans is in fact highly affected by the personalities involved. It's this interpretation that matters the most in practice.
(Score: 0) by Anonymous Coward on Sunday March 01 2015, @12:39AM
(Score: 0) by Anonymous Coward on Sunday March 01 2015, @11:01AM
The scientific method makes no requirements about the physical representation of the subject being studied.
(Score: 4, Interesting) by Beryllium Sphere (r) on Sunday March 01 2015, @04:40AM
I could come up with a pretentious name like "Layer 8 Rollback Attack" and obscure my writing by peppering it with "L8RA", but that would just be an entertainingly meta example of the problem.
If you want to keep people from using crypto, make it hard to use, and most of them will give up and send plaintext.
Some conspiracy-minded people argue that this has already happened due to intentional sabotage. I'm not convinced, but it's alarming that there have been regular spectacular usability problems in mainstream products. It's also disturbing that nothing improves even after usability studies are published.
(Score: 0) by Anonymous Coward on Sunday March 01 2015, @06:46PM
It is not just cryptography that this method works. I have seen it used to good effect in many other fields.
I usually *let* the other person think they 'won' by backing down. Then just dumping defect after defect after defect on them. Until they relent that they FUCKED THE HELL UP.
"oh ok your right that code is good and working correctly I was mistaken" two days later "here are 50 defects where your code is not working correctly when will you correct it?"
I always give you a chance to fix it up front. Always. But if you are going to play passive aggressive "I am right and you are wrong" in meetings; I will just bury you in process and make you irrelevant because you will be spending all your time fixing something.
(Score: 1, Informative) by Anonymous Coward on Saturday February 28 2015, @11:52PM
They say the best method is to not have a backdoor at all.
That's like putting TOP SECRET on a public door and trusting no one will ever attempt to get in.
There is going to be more subversion then ever before.
And for people using encryption, they just may need to put out more fake messages with keys that trigger silent alarms.
Look what happened with Haskell and their Debian releases.
They don't have a way to tell if the key is in the wrong hands.
(Score: 1, Interesting) by Anonymous Coward on Sunday March 01 2015, @12:35AM
This entire Haskell Debian build server disaster is extremely disconcerting. I'm bothered by the fact that it happened in the first place. I'm bothered by the fact that they went 10 days without giving a status update. I'm bothered by the fact that we still haven't gotten any real answers from them. Everything about it is disturbing.
(Score: 0) by Anonymous Coward on Sunday March 01 2015, @04:28AM
for every hole there's a mole.
(Score: 3, Interesting) by RamiK on Sunday March 01 2015, @11:10AM
Just make a preprocessor exception for your arch of choice and bury it there in assembly. Comment it as "/* 200msec worth of bit swapping magic*/" and no one will ever bother looking at it twice unless something fails to compile.
compiling...
(Score: 3, Informative) by Non Sequor on Sunday March 01 2015, @02:14PM
Ken Thompson did something like that to create a backdoor in Unix. See http://cm.bell-labs.com/who/ken/trust.html [bell-labs.com]
I think the backdoor was present in various lineages of Unix through the late 80s.
Write your congressman. Tell him he sucks.