[Cryptography] Cost of creating huge theft targets [Was: Cost of remembering a password]
Benjamin Kreuter
brk7bx at virginia.edu
Fri Aug 22 16:52:26 EDT 2014
On Thu, 2014-08-21 at 13:08 +0100, Dave Howe wrote:
> Surely they could (on demand from a LEO, if nothing else) push an extra
> key/replacement key out to all devices (or patch the code binary so that
> it encrypts to an additional key), so next time a device uploads, they
> have a backdoor? or am I missing something here?
That is not really a problem you can engineer around. If you install
software updates -- and for good reasons we overwhelmingly advise
everyone to do so -- you run the risk that whoever provides those
updates will be compelled by their government to insert a backdoor.
-- Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140822/93c9639f/attachment.sig>
More information about the cryptography
mailing list