dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
266
share rss forum feed


fatpipe

join:2011-10-02
Austin, TX

Please Help me to Understand

OK, if a service claims to be "encrypted", then how does one create a "backdoor" so the demonic government can analyze the data?

Isn't this a contradiction? I thought once data was encrypted (assuming the encryption has not been broken which as I understand it is highly unlikely) then the data would be undecipherable, therefore making a backdoor would not be feasible.

For example, take a workstation that has been encrypted with PGP Whole Disk Encryption. Does the government have a backdoor to decrypt the hard drive and read the contents? Am I mixing apples and oranges here???

Come on encryption gurus, help me to understand this concept.


firedrakes

join:2009-01-29
Arcadia, FL

reminds me of V for Vendetta subject matter



hyphenated

@bellsouth.net
reply to fatpipe

No guru here just thinking, you wan't necessarily have to break encryption to have a "backdoor".



fatpipe

join:2011-10-02
Austin, TX

Please explain how you would do this. Because if encryption has a "backdoor", then in my opinion one cannot call it encryption or am I'm completely wrong in my understanding of encryption.



joako
Premium
join:2000-09-07
/dev/null
kudos:6

It can be encrypted all you want but the question is do you and only you control the encryption keys? Otherwise it's worthless. Many services do encrypt but also keep the keys for your convenience.


kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
reply to fatpipe

It is still encypted, but there would be two or more keys,

Your key that you use, and one or more backdoor keys that work too.
--
Yes, I am not employed and looking for IT work. Have passport, will travel.



ArrayList
netbus developer
Premium
join:2005-03-19
Evanston, IL
reply to joako

If the customer did not create the keys, then it must be assumed that the encryption keys are compromised.



bvdx

@ycnx.net
reply to kevinds

Most encryption for social media sites is transport encryption. It is asymmetric encryption such as TLS aka. SSL/https. The data is fed to the application on the backend in clear text, a backdoor could allow a copy of the clear data sent to the government as well as the real destination, i.e. the application server. It takes alot more computing power and money to wiretap data as a man in the middle.