To people who think EC is secure, then show them this. To people who believe any encryption recently reviewed by NSA/NIST/GCHQ are OK then read this again.
In essence when people say, you have gone too far, the XOR stage is irrelevant AES will never be broken and all of those arguments, just know we do go very far and it is a very good thing we do. I am happy the data is a tiny fraction of a % slower as long as it is secure and private, after all that is why we are here and why believing any of these authorities has proven to be inadequate to protect the worlds people from manipulation and intrusion.
The problem is they aren’t breaking the encryption as it stands, they are deliberately putting holes in it “before production” so they can read stuff later. But, so can anyone else that finds those holes.
@Wes: As far as I understood, for the dual EC one, if the NSA did backdoor it, they chose specific constants so that they would be the only ones who would be able to break it. Still not good though…
That’s like saying “we know there are security holes in Internet Explorer, but they’ve only been reported to us by security experts and they’re good guys, so we’re safe.”
There are very large, very well financed governments and organizations that put a lot of time and effort into this same thing. (China, Russia, cartels) I want them reading all my stuff even less than the nsa. Just because it’s black box doesn’t mean other people won’t find the issues. See IE example above again.
I can’t imagine this is the case. If you put backdoors in encryption, you’re ruining the encryption. The government wants encryption that works for themselves. So if they taint it, they’ll be wondering the whole time if another government broke it, or a group of hackers, or a corporation.
It’s not in their best interest to put backdoors in encryption because it makes them vulnerable. They’re not stupid.
It IS in their best interest to tell companies to include backdoors in their hardware.
@Russell we know the NSA weakened the encryption standards and are pretty sure which, because they then paid lots of money to RSA, who made one particular standard into a common default. It’s not supposition.
I’d say that didn’t work out for them, though. It weakened security! And it’s now common knowledge in the community. Plus hyper-awareness surround Snowden leaks. It seems like a stupid idea to do it again, and they’re not stupid.
It’s a pointless argument. No, they’re not stupid, but that doesn’t mean they won’t do something we consider stupid. Anyway, i didn’t realise you were talking about future!
EDIT: The head of the FBI has been demonstrating this, on this very issue, the last few weeks.
The head of the FBI is being a big goof, and basically no one in the US agrees with him. He was being hot-headed and running his mouth and sounded like a fool.
From what I understood, it’s like this: if the NSA did backdoor it, they made it so that only someone who knows a special, unguessable number (that they chose beforehand) can break the scheme. It actually is an example of a backdoor that scheme that only the NSA could break. Of course, this is assuming the NSA did in fact backdoor it, which I believe to be the case.
Yes, it’s counterintuitive that such a fine-grained backdoor could be put in, but its possible.
Even if only one person in the NSA has that key, I don’t believe it is possible for him to keep such a powerful entity safe. It’s a time bomb, and a very big bomb at that.
It’s almost a law of nature, not just human nature.
But even if the key were safe, what about all the information gathered using it, and stored all in one place. Again, far too much energy looking to get out. It’s just a dumb thing to do, and these very smart people did it.
@Wes, if the number is, for example, 128 or more bits, then it’s computationally infeasible. If it were feasible to enumerate such a large space, then every major encryption scheme in use today would be broken.
@happybeing, yeah, the human side is a good point and its a major single point of failure. Regarding “dumb thing to do”, it’s pretty smart (assuming that the actually did backdoor it). It’s about as fine-grained a backdoor as you can get and it gives plausible deniability when the news broke (i.e., we can’t prove they did backdoor it). Smart, but not necessarily ethical…