[Cryptography] Kindle as crypto hardware

[Nico Williams]

On Wed, Dec 11, 2013 at 12:59 PM, Bill Frantz <frantz at pwpconsult.com> wrote:
> The evidence from the pieces of backdoored technology that NSA has
> been involved in is that they prefer backdoors which they can use and
> no one else can. [...]
>
> Note that many business organizations might be quite happy knowing
> that NSA could read their traffic as long as NSA maintains its "Never
> Say Anything" reputation. NSA's mistake was passing information about
> criminal activities to law enforcement rather than sticking to
> national security. That change of policy scared many businesses, since
> a clever prosecutor can find something illegal in almost any activity.

A keyed backdoor is tolerable if the key(s) (but, in the case of
Dual_EC, singular) are extremely well protected.  The more you use the
backdoors, the harder it is to protect their keys.  Routine cooperation
with LEA that involves use of these backdoors is therefore risky, and
considering the scope of these keys, I'd say "extremely risky".  For if
these keys are accessed routinely then a Snowden will eventually have a
chance to copy them.

(I'd like to picture a trusted key module like device built like a tank,
in vault in a bunker in Fort Knox, with two-man activated physical keys,
protected by Marines, requiring written order from several bigwigs, high
security clearance of the user, and verbal confirmation of the order via
land-line telephone.  That'd be OK and manageable if the keys were
rarely used, but otherwise, I picture a number of operators accessing
these "airgapped" devices very frequently.  Auditing procedures have to
be airtight, IGs have to be able to audit, ...  More likely security is
much too lax.)

(It's very likely (IMO) that Dual_EC was just originally a sort of key
escrow system for U.S. government-internal (e.g., military) purposes,
not a backdoor to be foisted on the public.  Not a terrible idea, as
long as the key is closely held and so on.)

Nico
--