[slg]

I can't be the only one who thinks it is pessimistic to say "if you put a back door in, that back doors for everybody, for good guys and bad guys." Very few people even seem to recognize this as a problem let alone are working to solve it. Maybe we should stop laughing at Clinton and her "Manhattan Project" comment; that might be the only way to get enough tech people on the problem to actually solve it.

[nemothekid]

What you think is a problem - is broken cryptography to experts.

There is no shortage of minds working on to create backdoors, or develop cryptographic methods that have backdoors, just look at Dual_EC_DRBG. It was a backdoor for the "good guys", but now its backdoor for everyone - eventually people will study the code and see the backdoor exists.

The crux of the issue is mathematics has no concept of good guys or bad guys, so as far as mathematics is concerned a back door for anyone is a backdoor for everyone.

[slg]

If we can make encryption that is nearly foolproof, why can't we make a backdoor that is nearly foolproof? Why is a Manhattan Project of backdoors not a possible solution?

Also can't the role of the good guy be split up among a group? Similar to the two man rule to prevent rogue agents from launching missiles, can't we have some sort of process that requires agreement among a majority of a few parties including the end user, the company who owns the software, law enforcement, and the (public) judicial system. If all it takes to break down the door to my home are a judge and law enforcement to agree, why can't we accept similar when it comes to data?

[zaphar]

You seem to be under the impression that if you just work hard enough you can violate the fundamental constraints of reality.

I can't comment on the mathematics involved but let us assume it's mathematically possible. You engineer this mythical nearly foolproof backdoor. You can decrypt this text with any of two keys. (It's my understanding that such algorithms actually exist already.) Congratulations you have achieved your goal. You have a working algorithm.

Now let's examine the results of actually using this algorithm:

You now have twice the opsec problem you had before. You have transmit this second key to a Government agency securely. You have to trust that Government agency to securely store, use, and dispose? of this key when they obtain it.

And what is the number one threat to secure systems? Operational Security. In fact many security professionals will tell you that the hardest part of security isn't the math behind the encryption. It's the opsec. In one fell swoop you double the threat in the most fragile part of your security.

[slg]

You are correct in that the more keys that exist, the harder it will be to secure all of them. However, the more keys that are required the less valuable any one key becomes. Multiple keys means there is no longer a single point a failure. If you need 3 keys to get data, you can have an entire database of keys leak and the information is still safe.

I would also love a more detailed description of just "it is impossible because math" that everyone seems to be giving.

[mwfunk]

If you want a more detailed description, go to Wikipedia and read up on the difference between public and private key cryptography. What politicians are arguing for isn't just adding another private key to private key cryptosystems; a backdoor eliminates the biggest advantage of public key systems by adding a private key that could crack any of them. Once you add that, it's just a matter of time before someone cracks it.

Really, it's inevitable. Someone doesn't even need to crack it, you just need a single careless or corrupt government employee to compromise the whole system for everyone for all time. People are proposing adding a single point of failure to systems whose usefulness is currently defined by their lack of such a single point of failure. Put that in there and we may as well all go back to using DES for everything.

[slg]

But you are simply pointing out problems with our current techniques and not why we can't come up with new and better approaches. That is the problem we should be working on. Politicians don't understand it, but that is why we need people from our community to work with them. Our response shouldn't be "no, you are an idiot, that is impossible, you are a fascist for even suggesting it". It should be "I know what you are looking to do, here is why it is not currently possible, lets see if we can work together on a solution."

Nothing anyone posted here has said why there can't be a multikey solution that allows access to data in a reliable way that would not be susceptible to a single point of failure or abuse. That sounds like a very hard problem, but I'm not convinced it is an impossible problem.

[zaphar]

We aren't talking about a system that requires 3 keys to get the data though. In order to be useful to the government they need a system whereby they can decrypt without my key. That means conceptually they need a second key that works all by itself.

You could split the second key so no single party has the whole key which would mitigate but you still have the same problem where you have effectively doubled your opsec problem.

Additionally if half the key is compromised that still greatly reduces the work required to decrypt the text.

[belorn]

The answer is in the complexity in creating secret technology that is also foolproof.

To make a car analogy, we can make a submarines that are waterproof, and we can make cars which looks like a car and you can drive on the road. However, to make a car that is also a submarine is quite hard, and close to impossible if you also had to make it look like a normal car. It would even be harder if it need perfect obscurity so that you couldn't even tell if you opened up the hood or started to disassemble the car.

[slg]

So the answer is "we should give up because it is hard"?

[oldmanjay]

You seem to be of the belief that engineering is constrained not by reality, but by imagination. Are you a product manager, by chance?

[jasonmp85]

No, we should give up because the goal is bad.

[s73v3r]

Well, more that we should give up because it's hard, and the benefits are almost non-existent.

[mindslight]

It's not impossible, just as how requiring registration of all typewriters is not impossible. It's just that the mechanics of doing either are so invasive that we characterize governments attempting them as totalitarian, and they tend to end poorly.

[asimpletune]

I don't think people are any more pessimistic about back doors as they are about perpetual motion machines.

Let's pause to consider this. Math works, that's why even the NSA can't break encryption. I wouldn't want to tell you wrong and say that it's impossible, it's not, but it would take something like ten billion years to crack. Needless to say, there's a reason why they need a backdoor, and that's because math works.

However, if a backdoor were put into all electronic products, the strength of the encryption is now meaningless as any would-be attacker (government or otherwise) would just target the backdoor instead of trying to break the encryption. Why wait ten billion years for a computer to brute force the message when you could just find a flaw in something designed by the government?

[simonw]

I suggest reading this piece on the recent Jupiter vulnerability: http://blog.cryptographyengineering.com/2015/12/on-juniper-b...

"The problem with cryptographic backdoors isn't that they're the only way that an attacker can break into our cryptographic systems. It's merely that they're one of the best. They take care of the hard work, the laying of plumbing and electrical wiring, so attackers can simply walk in and change the drapes."

[devit]

That's not correct.

It's perfectly possible and trivial to put in a backdoor that only works for people who have access to a specific private key.

Obviously if that private key gets stolen anyone can then access the backdoor, but that's true for anything, and you can mitigate it by storing the key in self-destructing immovable hardware with access limitations, as well as periodically changing the keypair (with signed updates).

The real problem is that there is no single "good guy" to entrust with that private key: in particular humans are inherently not fully trustable or good and both individual consumers and other governments have no interest in using or allowing backdoored products.