[Cryptography] What if Responsible Encryption Back-Doors Were Possible?

Jerry Leichter leichter at lrw.com
Sun Dec 9 19:35:59 EST 2018


> As for responsible encryption policies, I believe:
> 
> 1) It is possible, but _hard_ and _expensive_ to build it securely.
> 2) No one wants to be in a position where a mass murderer has encrypted data that cannot be revealed to law enforcement.
> 3) Governments will always over-reach and go for mass-surveylence that violates everyone's privacy....
At one time, I thought that the solution was limiting key lengths.  The idea would be to make small numbers of targeted attacks on encrypted messages possible, but make mass attacks impossibly expensive to fund; or, if funded, to hide.

I gave up on that idea long ago.  First of all, technology has just advanced way too fast.  Any number you pick for a reasonable cost for one decryption will, in a few years, buy you many thousands - and not long after that, millions.

But more to the point, the encryption genie is long out of the bottle.  Perhaps you can force the major vendors to include back doors.  But it's easy to add another layer of uncontrolled encryption inside whatever envelope the majors give you.  So LE goes to the vendor, orders the stuff decrypted - and finds stuff encrypted with an algorithm they can't break.  Granted, most people won't bother with the second level - but it's exactly the ones you're most concerned with who will.

The whole thing is security theater - and the worst kind of security theater, in that not only doesn't it buy you any additional security, it destroys what was there.

Australia, for better or worse, is about to demonstrate to the whole world the futility of trying to make unbreakable encryption magically go away.

                                                        -- Jerry



More information about the cryptography mailing list