[Cryptography] Cost of creating huge theft targets [Was: Cost of remembering a password]
Bear
bear at sonic.net
Fri Aug 22 15:08:42 EDT 2014
On Thu, 2014-08-21 at 13:08 +0100, Dave Howe wrote:
> On 20/08/2014 02:38, Jerry Leichter wrote:
> > In the case of transfers between already-registered devices, it's not
> > hard to see how to do this.
> Surely they could (on demand from a LEO, if nothing else) push an extra
> key/replacement key out to all devices (or patch the code binary so that
> it encrypts to an additional key), so next time a device uploads, they
> have a backdoor? or am I missing something here?
I guess my real issue is that I can't tell whether or not that's
what it's doing. If a compromised device can be made to behave
exactly like an uncompromised device to the best of my ability
to observe, why shouldn't I assume it's compromised?
Bear
More information about the cryptography
mailing list