Over a million developers have joined DZone.

Why We Can't Have Encryption Backdoors – Part 3

For part three of our 'Why We Can't Have Encryption Backdoors' series, we'll look at further ways to try circumventing encryption tools with a fun real world problem.

Download Forrester’s “Vendor Landscape, Application Performance Management” report that examines the evolving role of APM as a key driver of customer satisfaction and business success, brought to you in partnership with BMC.

In the first two parts of this series, we discussed why encryption backdoors can’t work. We specifically reviewed the math behind encryption, and why you can’t just insert backdoors. People have tried for years, and some have been successful, but it’s taken lots of effort and they’ve essentially had to undermine standardization organizations to make it work. Other approaches have involved undermining random number generation, but these attempts have also been outed over the years, and have required a similar level of political pull and organizational resources to pull off. We also went over implementation compromise, but this is clearly a slippery slope that leads directly to backdoors in the operating systems or hardware of every system out there, and it gets there pretty quickly.

So, we can’t circumvent the math behind encryption, and we can’t circumvent the implementations. So what if we just require everybody to register their keys? what if we use a pure, legislatively enforced key escrow scheme?

Well, first, let’s just ignore the fact that I can generate as many keys as I want (ssh-keygen is your friend!). As a good citizen, I would certainly want to register all of my generated keys, which I could do with this script, for example:

while [ 1 ]; do
        ssh-keygen -q -b 4096 -t rsa -N macaroni -f ~/file.key
        mail -s “heres ur key” escrow@somebody.who.wants.my.keys < ~/file.key
        rm ~/file.key

You can see that if everybody’s as conscientious as I am, this could become a real problem. And really, there’s no way for anyone to tell if the keys submitted are currently used, were used at one time, or if they’re just generated like the keys above, so anybody escrowing these keys needs to keep all the keys they’re sent.

So beside the fact that this would be expensive and easily DDoS’d, the other reason escrow won’t work is because if one government escrows keys, all of them will. If the Greek government, for example, decides that they need to have access to any communication in the country and they need proactive access to keys to do this, to enable surveillance, would this make those keys available to all EU affiliated countries? and if the Greek government can ask for and receive our keys, why can’t the Russian or Chinese governments? how would this be enforced anyway? how do you register keys that are periodically generated to protect network communication, or new keys generated for IPSEC or HTTPS VPNs?

The unfortunate truth is that legislating encryption use will not stop criminals and terrorists from using encryption. All it will do is make the honest among us more vulnerable to cybercrime, and we’re already vulnerable enough. Widespread encryption is simply a fact of life today - and it should be. We can’t change that, and we shouldn’t try.

See Forrester’s Report, “Vendor Landscape, Application Performance Management” to identify the right vendor to help IT deliver better service at a lower cost, brought to you in partnership with BMC.


The best of DZone straight to your inbox.

Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}