[7174] in cryptography@c2.net mail archive
Re: NSA back doors in encryption products
daemon@ATHENA.MIT.EDU (Eugene Leitl)
Wed May 24 20:32:50 2000
From: Eugene Leitl <eugene.leitl@lrz.uni-muenchen.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <14636.26778.874487.859092@lrz.uni-muenchen.de>
Date: Wed, 24 May 2000 16:41:14 -0700 (PDT)
To: Rick Smith <rick_smith@securecomputing.com>
Cc: "Arnold G. Reinhold" <reinhold@world.std.com>, John Gilmore <gnu@toad.com>,
cryptography@c2.net, gnu@cygnus.com
In-Reply-To: <3.0.3.32.20000524160945.00929740@mailhost.sctc.com>
Rick Smith writes:
> 3) A more sophisticated backdoor in Windows would involve a lot of people
> who can't be covered by government secrecy agreements. It would be
> extremely difficult to keep such a thing both functioning and secret for
> more than a few years.
The canonical way to install an essentially undetectable trapdoor is
to use multiple remotely exploitable buffer overruns. In absence of
source code, this is essentially impossible to detect, unless
triggered by chance (which can be made arbitrarily improbable by
design, e.g. by cooperation of a mailer with an OS) and deliberate
introduction of such can always claim plausible
deniability. Cryptography on a box running keyboard capture is pretty
useless, of course.
If NSA/MS are not doing it, they must be pretty stupid, because I'd do
it in their place. The prudent assumption is hence: your online system
can't be completely trusted, whether OpenSource, or not. Encryption
should be done in hardware.
