Not happening. Any moderately skilled programmer can write software to perform data encryption. This sounds like a repeat of the Crypto Wars.
I hope the backdoors (if implemented) get so rapidly and thoroughly exploited it discredits the whole concept.
i hope they abuse the backdoors to fuck with the governments here, rather than random people. that'd be where it'd hurt most
Requiring backdoors for encryption is absolutely daft because it serves no one except law enforcement and criminals who want to break in where they shouldn't be. Having strong, un-backdoored encryption protects the privacy of the public and maintains trust in the software-maker, at the expense of protecting criminals who use the service to communicate.
All in all, the net effect is that the lazy, easy criminals (and a whole lot of innocent consumers) will use the backdoored service, and both the smart criminals and security-conscious innocent users will move to methods of secure communication without deliberate flaws.
Will fail, as always.
Terrorists or similar wrong-doers can just use software that is opensource and not gonna care about any of such laws.
Only serves to make the average Joe more transparent and hurt major software companies trust in the long run.
Governments can try and try again and should get shat on in this regard every time.
Proper encryption has no backdoor, period.
I'm fairly sure this is GDPR-incompatible
That aside, if they try to introduce some backdoored TLS algorithm, browser vendors could detect that and show a "backdoored" warning (or just outright block the connection).
The alternative would be every server sending all connection keys to the NSA in real-time. It's an interesting technical challenge due to sheer scale (but they're sifting through way more traffic than that already, so I don't see it being impossible for them).
No matter how many backdoors you put in standard distributions of encryption libraries, people can just reimplement the bloody thing themselves lmao. We have the papers containing the mathematical proofs of these things, anyone with access to those has access to everything they need to implement and verify the functionality of an algorithm.
Terrorism is a problem yes. But it is not an excuse to go totally fucking insane and undermine your countrys' own security like this. If you have the backdoor, then that means terrorists likely also have ways to use it, along with some 11 year old who spends their time on 4Chan.
thats not really how encryption backdoors work. for the record, a lot of modern crypto is made or organized by NIST, an american federal organization. encryption backdoors would have intentional weak points in the algorithm itself that are very hard to determine from a third party perspective. thus, implementation wouldn't matter if they're following the spec. in addition, side channel attacks can make any crypto vulnerable if not implemented right; it's why you're extremely discouraged from making your own implementation of say AES
so it just makes them weak to someone disgruntled leaking the weak point to whoever, and it's all ruined from then on
I can't believe the fact that people actually think that governments do shit like this to prevent terrorists and other criminals from communicating online.
Imagine analyzing all the traffic on the entire internet to try and find encrypted data.
You think they care about the GDPR?
This is another blatant attempt at a power grab to more easily keep a track of their own (and others) citizens. The more you know about your citizens and their habits, the more easily you can
sway and encourage/discourage them for whatever it is you're after.
Yes? Pretty sure it was discovered they conduct large scale data mining of internet traffic in one of the big Wikileaks leaks.
I guess this doesn't effect senile government officials who wouldn't even know how important encryption is.. the amount of fraud and criminal damage that would be possible with backdoors is worrying. Like someone said, true encryption has no back door otherwise what's the point, it's about as effective as swimming around the great wall of China.
They should do a trial run by adding back doors into their own encryption and see how that works out.
Data mining of plaintext is one thing, but actually catching people that are trying to avoid getting caught communicating online is essentially impossible at the moment.
Any efforts to actually legislate ineffectual encryption will fail because there are too many businesses with a vested interest in... Y'know, not getting their money stolen through transactions carried out via telecommunication systems. Most attempts to do so will (and should) fail, as they typically do every time this damn argument gets brought up.
IMO government entities are more likely to make headway with covert backdoors and the like, but thankfully crypto nerds are some of the most hilariously vigilant people on the planet and tend to keep a close eye on open source solutions.
That just means that anyone can break the encryption using the backdoor (terrorists included).
I have two arguments on this matter.
1st The government doesn't give a shit what you message your gay friends.
Therefore the net benefit of spying outweighs cost.
2nd I message actually important stuff which could compromise my safety or other things if exposed.
So I would prefer security.
I mean - this is mostly true, but not globally.
There are absolutely negative trends in some countries, the US is a good example, where things like sexuality, ethnicity, religion are things that plausibly you might not want the government to know if things continue worsening.
Maybe you trust your current government to not care about your personal life but can you say the same for every future government that you will live under? Or do you trust other governments, present and future, to not care about your personal life?
Well there are of course different strands of such an arrangement,
For example if we were to only spy on criminals or those under watch by government authorities like counter terrorism cells.
correct! it's called kleptography, and if anyone other than the creators figure it out then its bad news bears
Sorry but this is bollocks. You're not discouraged from making your own implementation of AES (and by implementation I guess you mean modifying the standard, since there are loads of open-source implementations). The reason it's a bad idea is because your modifications will probably make it more vulnerable to analytical attacks.
Not only this but
The construction method of AES's (or Rijndael, the cipher it's based on) S-boxes is publicly documented, unlike previous standards like DES
One of the key features of Rijndael is that it can be modified. Here, have some wiki text:
The Rijndael S-Box can be edited, which defeats the suspicion of a backdoor built into the cipher that exploits a static S-box. The authors claim that the Rijndael cipher structure should provide enough resistance against differential and linear cryptanalysis if an S-Box with "average" correlation / difference propagation properties is used.
Also let's not ignore the fact that AES was developed by a pair of Belgian researchers and went through a public, international auditing process.
Sorry, you need to Log In to post a reply to this thread.
