Stories
Slash Boxes
Comments

SoylentNews is people

How to Sabotage Encryption Software (And Not Get Caught).

posted by janrinok on Saturday February 28 2015, @09:55PM   Printer-friendly
from the ssshh-'they'-will-hear-you dept.

AnonTechie writes:

In the field of cryptography, a secretly planted “backdoor” that allows eavesdropping on communications is usually a subject of paranoia and dread. But that doesn’t mean cryptographers don’t appreciate the art of skilled cyphersabotage. Now one group of crypto experts has published an appraisal of different methods of weakening crypto systems, and the lesson is that some backdoors are clearly better than others—in stealth, deniability, and even in protecting the victims’ privacy from spies other than the backdoor’s creator.

In a paper titled “Surreptitiously Weakening Cryptographic Systems,” well-known cryptographer and author Bruce Schneier and researchers from the Universities of Wisconsin and Washington take the spy’s view to the problem of crypto design: What kind of built-in backdoor surveillance works best ?

http://www.wired.com/2015/02/sabotage-encryption-software-get-caught/

[Paper]: http://www.scribd.com/doc/257059894/Surreptitiously-Weakening-Cryptographic-Systems

 
This discussion has been archived. No new comments can be posted.
How to Sabotage Encryption Software (And Not Get Caught). | Log In/Create an Account | Top | 19 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Informative) by Anonymous Coward on Saturday February 28 2015, @11:52PM

    by Anonymous Coward on Saturday February 28 2015, @11:52PM (#151288)

    They say the best method is to not have a backdoor at all.
    That's like putting TOP SECRET on a public door and trusting no one will ever attempt to get in.

    There is going to be more subversion then ever before.
    And for people using encryption, they just may need to put out more fake messages with keys that trigger silent alarms.

    Look what happened with Haskell and their Debian releases.
    They don't have a way to tell if the key is in the wrong hands.

    Starting Score:    0  points
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Total Score:   1  

  • (Score: 1, Interesting) by Anonymous Coward on Sunday March 01 2015, @12:35AM

    by Anonymous Coward on Sunday March 01 2015, @12:35AM (#151319)

    This entire Haskell Debian build server disaster is extremely disconcerting. I'm bothered by the fact that it happened in the first place. I'm bothered by the fact that they went 10 days without giving a status update. I'm bothered by the fact that we still haven't gotten any real answers from them. Everything about it is disturbing.

    • (Score: 0) by Anonymous Coward on Sunday March 01 2015, @04:28AM

      by Anonymous Coward on Sunday March 01 2015, @04:28AM (#151413)

      for every hole there's a mole.