Please Help me to Understand
OK, if a service claims to be "encrypted", then how does one create a "backdoor" so the demonic government can analyze the data?
Isn't this a contradiction? I thought once data was encrypted (assuming the encryption has not been broken which as I understand it is highly unlikely) then the data would be undecipherable, therefore making a backdoor would not be feasible.
For example, take a workstation that has been encrypted with PGP Whole Disk Encryption. Does the government have a backdoor to decrypt the hard drive and read the contents? Am I mixing apples and oranges here???
Come on encryption gurus, help me to understand this concept.
reminds me of V for Vendetta subject matter
|reply to fatpipe |
No guru here just thinking, you wan't necessarily have to break encryption to have a "backdoor".
Please explain how you would do this. Because if encryption has a "backdoor", then in my opinion one cannot call it encryption or am I'm completely wrong in my understanding of encryption.
It can be encrypted all you want but the question is do you and only you control the encryption keys? Otherwise it's worthless. Many services do encrypt but also keep the keys for your convenience.
|reply to fatpipe |
It is still encypted, but there would be two or more keys,
Your key that you use, and one or more backdoor keys that work too.
Yes, I am not employed and looking for IT work. Have passport, will travel.
|reply to joako |
If the customer did not create the keys, then it must be assumed that the encryption keys are compromised.
|reply to kevinds |
Most encryption for social media sites is transport encryption. It is asymmetric encryption such as TLS aka. SSL/https. The data is fed to the application on the backend in clear text, a backdoor could allow a copy of the clear data sent to the government as well as the real destination, i.e. the application server. It takes alot more computing power and money to wiretap data as a man in the middle.