They're back! 'Feds only' encryption backdoors prepped in US by Dems

[Grant H.]

Christopher Glenn used Truecrypt, and the feds still got into it.

There is speculation among those that have followed it that he gave up his password, but the reality of it is that no encryption is "unbreakable".

[TFOGGER]

Encryption is like a cheap padlock: It'll keep honest people honest, until they get curious about what's inside. Mandating a back door is just begging someone to find it and pick the lock.

[Justin]

Certain forms of encryption are not breakable with realistic levels of hardware or in short time frames.

In that case, they will simply use an alternate method to get the data.

[Irving]

You can always opt-out.

[spqrzilla]

The FCC does not regulate encryption algorithms in general. They do regulate the forms used in wireless communication over regulated entities like cellular phone systems.

The NSA has the mandate to help US companies develop encryption algorithms that protect things like financial transactions, and its widely accepted that they have worked hard to cripple such encryption methods to protect their own ability to decrypt communications. The most heavy-handed of the NSA's attempts was the notorious and truly stupid Clipper Chip. The concept was introduced in 1993 and dead within a year or two.

What is the subject of great debate is whether or not the NSA has either found algorithmic methods to crack the large key encryption methods in the public domain or whether they have the computing power to brute force crack such methods. Usually the easiest routes to break into such communications involve human error in exposing keys rather than attacking the encryption algorithm itself. Or a $5 wrench from the Randall Monroe comic that Justin links.

The Dept of State claims the authority to control the export of encryption technology, as its classified as a munition under ITAR regulations but that's pretty much horse and barn door time. Open source Public key crypto systems like PGP are well distributed.

Amusingly, there is a theoretical way to use "backdoored" encryption systems - where the government has the ability to read all plaintext messages - to still have an encryption communication. Discussed here https://www.schneier.com/blog/archiv...ting_back.html

Bruce Schneier's blog has some other encryption related discussions and he has one of the better overview texts on the topic.

Large state military encryption systems are broken using ordinary old-fashioned espionage - see the Walker family espionage ring. Real terrorists use more primitive methods of just hiding their communications such as sharing a web based email or forum and leaving messages in draft folders. Other unsophisticated techniques, one of which actually appears in a Netflix TV series "Occupied" are to use things like multi-player online games to meet and chat in agreed game servers.

[izzy]

Most people who are concerned about their privacy willingly/naively give up access to their "private" conversations and more. Not to sound like a luddite or a hipster but it seems like an "analog" conversation is probably more simple to keep private than any digital one. Maybe being esoteric on top of it is even better. Who can read smoke signals or understand Sanskrit these days anyways? Time to brush up on my cuneiform lol

[Grant H.]

Most people who are concerned about their privacy willingly/naively give up access to their "private" conversations and more. Not to sound like a luddite or a hipster but it seems like an "analog" conversation is probably more simple to keep private than any digital one. Maybe being esoteric on top of it is even better. Who can read smoke signals or understand Sanskrit these days anyways? Time to brush up on my cuneiform lol

Absolutely true.

[Gman]

The reason that social engineering is still used....is because it continues to work. People never learn.

[spqrzilla]

Many decades ago, a bank was hacked for very large sums of money via wire transfers. The vice presidents who had the authority to make such transfers had elaborate methods of bonded couriers carrying the daily authorization codes to each VP, secure methods of holding those codes for the VP to access and elaborate methods of verifying the identity of the VP when they called in the transfer to the bank's operation center.

Then the operators at the operation center wrote the daily authorization code on a giant whiteboard in view of a glass window to the hallway.

[izzy]

I did that as a project in college. Could encrypt anything into the header of an image. At the time it was pretty unbreakable these days I'd guess the average cellphone has the power to crack it.