Hacker News new | ask | show | jobs
by braderhart 3009 days ago
How do you have secure encryption with proprietary backdoors? Maybe this will wake people up to only using open source operating systems.
3 comments
ajross 3009 days ago
Android, at least the parts that would be required to be modified to implement this misfeature, is already open source. That won't help. The DoJ isn't asking for proprietary code secrecy, fundamentally they're asking for key escrow. Storing data in different places isn't something source visibility can address.
link
ISL 3009 days ago
Any encryption scheme with a backdoor is insecure, by definition.
link
gizmo686 3009 days ago
Not if you change the security definition.

Which they will. All they are asking for is some form of key escrow; which can (and has) been given a reasonable security definition.

The problem is that secure implementations of key escrow are much harder; and (given the amount of use the escrowed key will get), certainly going to be broken in practice.

link
forapurpose 3009 days ago
> Maybe this will wake people up to only using open source operating systems.

OS security has limited impact when other subsystems, not in control of the OS, run on the device.

link