(Images: How to bypass FileVault, BitLocker security)

TalkBack 3 of 17:

Next »

« Previous

• Thread View
• Flat View

re: back doors

"In fact, I think the government would take steps to do exactly the opposite, and force designers to build in more "back doors" that would allow them easy access to PC data. After all, that's what they did with telecom and network hardware and service providers."

Well, the thing about software encryption is that the algorithms can be easily developed in foreign countries. With companies already off shoring so they can get cheap labor, why not do the same for software?

Also, another twist on having a "back door" is that the government uses the same encryption for their own stuff as everybody else does. If there's a back door, they risk that somebody outside the government could steal it and make it public. So if they place a back door on their own encryption, they're putting their own documents at risk if the back door key gets stolen.

In addition, the encryption we have looks like it's going to last a long time. It'll likely be 100+ years before we have computers powerful enough to break current standards, assuming computing power doubles every two years. So there's not really a need for new types of encryption.

It's doubtful the government would require a certain type of encryption by law - and even if they did, it's entirely possible to encrypt the information using a different algorithm before it reaches any type of government mandated encryption, so it would still be encrypted even after they use their back door key.

So the government would not just have to mandate their own encryption: They'd have to mandate that it be the only type of encryption people could use. Otherwise, people can just wrap it in their own encryption before passing it to the mandated encryption, negating the effectiveness of a back door.

Frankly, though, I don't see such a scenario happening. I haven't seen our congress or our president express much interest in encryption; they've got bigger things on their minds. Technology in general tends to be a footnote rather than a big issue with our government.

They're actually more lenient than they used to be with encryption. Encryption used to be considered a form of ammunition and was controlled as such. Now that's no longer the case. Of course, that was all before 9/11, so I don't know which way they lean now.

I wouldn't worry about it - you can always wrap it in your own encryption before you pass it to theirs . . .

"As you say, it would be a simple matter to modify the firmware to overwrite memory during shutdowns and startups, but there is no incentive for companies to do this."

Actually, they don't even need to do that: They simply need to leverage TPM, which never gives away its keys. With TPM, the keys are never stored in physical memory and are therefore not vulnerable to this type of attack.

Posted by: CobraA1   Posted on: 02/21/08 You are currently: a Guest | Members login | Terms of Use

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

SponsoredWhite Papers, Webcasts, and Downloads

• Five Steps to Determine When to Virtualize YourServers VMware Server virtualization isn't just for big companies. Entry-level ... Download Now
• Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
• Virtualization: Architectural Considerations And Other Evaluation Criteria VMware Of the many approaches to x86 systems virtualization available in the ... Download Now