Cryptography experts repudiate FBI director's call for backdoor encryption access

[TitanTiger 20,511]

I've said it several times before and will say it until people finally get it:  There is no "golden key" or backdoor into encrypted communications that can only be made available to the good guys. 

 

Quote

 

Science doesn’t care what you believe—one of my favorite memes—and the same is true for math. And cryptography, and that’s important because current FBI Director Christopher Wray recently took up his predecessor’s call for backdoors into encryption. According to Mr. Wray, such backdoors can be built into secure communications without compromising security.

He’s wrong.

The Struggle Eternal

But this is essentially an eternal battle, as we’ve extensively written and podcasted about. While the U.S.’s intelligence community has largely accepted that America is stronger, on balance, with strong encryption, U.S. law enforcement remains frustrated when they can’t get at what could be evidence in criminal cases.

That appears to have driven Christopher Wray and James Comey on the subject, and their arguments resonate with both hard right law and order types, as well as left-leaning victims’ rights groups. But neither science nor cryptography care about their feelings, and four cryptography experts have publicly reminded us of this.

Enter Cryptography Experts

Triggered by efforts by Senator Ron Wyden (D-OR) to find out if the cryptography community supports Mr. Wray’s calls, Martin E. Hellman, Steven M. Bellovin, Paul C. Kocher, and Bruce Schneier signed a letter repudiating Mr. Wray’s recent calls for a backdoor. And they did so in a very poignant way.

These brainiac cryptography experts called on Mr. Wray to present his ideas on to do this so that the cryptography community could bang on them and make sure they work.

“Just because a non-technical person believes that such a system can be developed does not make it so,” they wrote in a response to Senator Wyden. “In fact […], many experts have warned that security would be weakened by exceptional access mechanisms.”

They added, “Instead of vague proposals, that sound reasonable yet lack details, the FBI needs to present the cryptographic research community with a detailed description of the technology that it would like implemented. That would allow the technology to be analyzed in an open and transparent manner so that its advantages and disadvantages can be weighed.”

That’s just…beautiful, poetic, even.

Mind you, there is a snowball’s chance in hell that such descriptions exist because it’s not possible, as the world of cryptography (and U.S. intelligence services) have understood for many years.

A big thanks to Senator Wyden for challenging this assault on reality and publishing this letter.

The Letter in Full

Here’s Senator Wyden’s tweet on the issue, including the letter:

 

https://www.macobserver.com/columns-opinions/the-back-page/cryptography-experts-repudiate-fbi-director-chris-wray/

 

 

[Strychnine 1,804]

On 2/16/2018 at 7:01 PM, TitanTiger said:

I've said it several times before and will say it until people finally get it:  There is no "golden key" or backdoor into encrypted communications that can only be made available to the good guys. 

 

 

Any backdoor is a zero-day vulnerability awaiting discovery and exploit.

[TitanTiger 20,511]

2 hours ago, Strychnine said:

Any backdoor is a zero-day vulnerability awaiting discovery and exploit.

FBI directors and spokespeople need to stop publicly spouting off fantasies about it when it's obvious they don't have the requisite knowledge to even speak on the subject.

[Strychnine 1,804]

2 hours ago, TitanTiger said:

FBI directors and spokespeople need to stop publicly spouting off fantasies about it when it's obvious they don't have the requisite knowledge to even speak on the subject.

 

Well, they saw it in some random NCIS or CSI episode, so it must be both possible and simple...

In reality, it is literally a request for the supported integration of a zero-day vulnerability to be used at the leisure of government agencies, for supposedly legitimate law enforcement purposes.  It sounds reasonable until considered in the context of two very important facts:

1.  It can then be found and exploited by anyone, and continually exploited until reported and a patch is both created and deployed.  That is an eternity when supposedly secure encrypted information is being compromised.  More importantly, WannaCry was an effective demonstration that the deployment part of vulnerability patching is sorely lacking, globally.

2.  Government agencies can and have lost control of information, including discovered zero-day vulnerabilities.  Unlimited cyberwarfare and espionage resources from several nations would be devoted to discovering the vulnerability, or stealing it.