Reply to post: Re: Making Non-compliant Encryption Illegal

Ozzie Ozzie Ozzie, oi oi oi! Tech zillionaire Ray's backdoor crypto for the Feds is Clipper chip v2

tom dial Silver badge

Re: Making Non-compliant Encryption Illegal

What is to keep committed privacy advocates, whether or not criminals, from implementing their own cryptography? A few, in order of increasing importance, are:

1. Phones and other devices on which the manufacturer has made non-"store" difficult to install "for the customers' safety" of course.

2. Designing a secure encryption algorithm (especially one that is provably secure) is hard; many, including skilled cryptographers, have tried and fallen short.

3. Implementing a secure encryption scheme is hard and rarely done; many, including highly skilled and experienced programmers, have tried and fallen short.

4. Guaranteeing that a vulnerability free implementation of a provably secure encryption algorithm in an environment so that it is not vulnerable to operating system defects, both when installed and after all future OS modifications is hard, and since the nature of future changes is unpredictable, unlikely to be attainable.

5. Guaranteeing the entire system of (4) against all application software almost certainly will, over time, present opportunities to those intent on breaking in.

I doubt that managers at NSA or any other major SigInt organization worry much about this problem.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020