dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
348

fatpipe
join:2011-10-02
Austin, TX

fatpipe

Member

Please Help me to Understand

OK, if a service claims to be "encrypted", then how does one create a "backdoor" so the demonic government can analyze the data?

Isn't this a contradiction? I thought once data was encrypted (assuming the encryption has not been broken which as I understand it is highly unlikely) then the data would be undecipherable, therefore making a backdoor would not be feasible.

For example, take a workstation that has been encrypted with PGP Whole Disk Encryption. Does the government have a backdoor to decrypt the hard drive and read the contents? Am I mixing apples and oranges here???

Come on encryption gurus, help me to understand this concept.
firedrakes
join:2009-01-29
Arcadia, FL

firedrakes

Member

reminds me of V for Vendetta subject matter

hyphenated
@bellsouth.net

hyphenated to fatpipe

Anon

to fatpipe
No guru here just thinking, you wan't necessarily have to break encryption to have a "backdoor".

fatpipe
join:2011-10-02
Austin, TX

fatpipe

Member

Please explain how you would do this. Because if encryption has a "backdoor", then in my opinion one cannot call it encryption or am I'm completely wrong in my understanding of encryption.

joako
Premium Member
join:2000-09-07
/dev/null

joako

Premium Member

It can be encrypted all you want but the question is do you and only you control the encryption keys? Otherwise it's worthless. Many services do encrypt but also keep the keys for your convenience.

kevinds
Premium Member
join:2003-05-01
Calgary, AB

kevinds to fatpipe

Premium Member

to fatpipe
It is still encypted, but there would be two or more keys,

Your key that you use, and one or more backdoor keys that work too.

ArrayList
DevOps
Premium Member
join:2005-03-19
Mullica Hill, NJ

ArrayList to joako

Premium Member

to joako
If the customer did not create the keys, then it must be assumed that the encryption keys are compromised.

bvdx
@ycnx.net

bvdx to kevinds

Anon

to kevinds
Most encryption for social media sites is transport encryption. It is asymmetric encryption such as TLS aka. SSL/https. The data is fed to the application on the backend in clear text, a backdoor could allow a copy of the clear data sent to the government as well as the real destination, i.e. the application server. It takes alot more computing power and money to wiretap data as a man in the middle.