[9309] in cryptography@c2.net mail archive
Re: crypto backdoors = terrorisms free reign
daemon@ATHENA.MIT.EDU (Matt Blaze)
Sat Sep 15 17:29:21 2001
Message-Id: <200109151742.f8FHg3A17665@fbi.crypto.com>
To: Jim McCoy <mccoy@io.com>
Cc: nathan@fains.com, cryptography@wasabisystems.com
In-Reply-To: Message from Jim McCoy <mccoy@io.com>
of "Fri, 14 Sep 2001 20:34:09 PDT." <B7C81A41.AAD4%mccoy@io.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sat, 15 Sep 2001 13:42:03 -0400
From: Matt Blaze <mab@research.att.com>
mccoy@io.com writes:
...
>
> Incorrect. While it is possible that such a backdoor can be found it is by
> no means as simple as you imply, particularly for non-state entities. While
> such secrets can eventually leak out this task is not easy for even trained
> professionals, to claim that it is going to be a simple task for radicals
> and hostile countries is not consistent with the facts. While some secrets
> are hard to protect (especially over time) it is possible to build a system
> for key scrow that makes abuse difficult, albeit not impossible, and still
> provides the law enforcement assistance that the public may demand.
...
Although the subtleties of the problem may not be completely obvious, the
security risks introduced by key escrow mechanisms are quite significant.
See, e.g., our 1998 report:
http://www.crypto.com/papers/escrowrisks98.pdf
If anything, the risks we studied three years ago would be amplified
considerably today, given that encryption is now increasingly used as a
central component of the security of many critical services and systems.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
