[backdoorsgalore]

USB stick... I'm sure it'll work out great. What if you have to give it up with a gun to your head?

<< Many of them are talented technical people that will have no problem avoiding government backdoors in commercial software and hardware products >>

Hand wavy as heck.

Then you meander. Not sure what you're responding to.

[michaelmrose]

It's trivial to lock the USB stick in such a fashion as to be impossible to decrypt in a practical time frame.

Furthermore it's practical to communicate in such a fashion that grabbing one party only grants you access to communication intended for this party.

If really paranoid it might only grant you access to communication between compromise and his fellows realizing that he is burned.

Maybe nothing at all if you can't successfully coerce and all devices are locked.

[jonathanstrange]

> It's trivial to lock the USB stick in such a fashion as to be impossible to decrypt in a practical time frame.

That is definitely not true if your adversary has the ability to control the endpoint and might even reflash the firmware of your USB stick.

If you use OTPs in such a threat scenario it's safest to use old school easy-to-burn paper OTPs with manual encoding/decoding.

[backdoorsgalore]

All public encryption algorithms have backdoors in their implementation and sometimes (as with Elliptic Curve standards from NIST adopted in the browser) in their spec.

You might get lucky if you have a cryptographer design you a custom algorithm but that's mostly security thru obscurity and if a state actor really wanted to defeat it they may just kidnap the cryptographer at gun point and have them reveal how to.

Cryptography as a weapon against state actors is NO LESS BRAINLESS than the right to bear arms to protect against the US gov. Just completely useless, if not brain dead.

[AdieuToLogic]

> All public encryption algorithms have backdoors in their implementation ...

Okay, this is the first time I can recall having ever asked the following:

Source?

I mean, if you're going to make that type of absolute claim, I must ask for some referenes to support same.

[jonathanstrange]

Although you're right that anything but OTPs give you guarantees and that cryptography is still a black art (with lots of unrealistic conditional proofs), good cryptography can be completely open and will be no less secure if it is published, so there is really no need to kidnap the cryptographer.

There is also good reason to assume that if e.g. you make your own Feistel cipher out of existing cryptographic primitives without caring too much about performance, then it will be secure enough against state actors.

Nowadays side channel attacks seem to be the rule, and there is no way to secure the endpoints without developing the whole technology in-house - which is essentially impossible even for organized crime. So the whole discussion is essentially moot, the FBI can buy 0-day exploits on the black market or develop their own like everyone else.

[necovek]

If this was the case, there would be no push in government sectors to diminish cryptography and provide backdoors.

Or perhaps they are double-bluffing us? ;-)

[authoritarian]

>All public encryption algorithms have backdoors in their implementation and sometimes (as with Elliptic Curve standards from NIST adopted in the browser) in their spec

Lets see your proofs demonstrating this

[adrianN]

Encryption is not trivial to implement right, but it is also not impossible to defend against reasonable threat models. You make claims without giving any proof.

[Nasrudith]

The whole point of a one time pad is that it is never used again and destroyed after use. Even the sick fucks in the CIA don't think they can get a key sequence from you with torture or threats after it has already been stomped and put in a microwave.