lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 30 May 2014 02:59:36 -0400 From: Jeffrey Walton <noloader@...il.com> To: Mike Cramer <mike.cramer@...look.com> Cc: Full Disclosure List <fulldisclosure@...lists.org> Subject: Re: [FD] TrueCrypt? > Based on my Alice and Bob comment above, it’s reasonable > to assume that the encryption itself is 100% fine, so as long > as you believe that Bob will never divulge the information > you’ve disclosed. Ask Bradley Manning how well that worked. Lamo could not keep his mouth shut as a priest or a journalist (I'm fairly certain Lamo claimed the conversations were safe because he was both). OTR provided no deniability. http://www.wired.com/2011/07/manning-lamo-logs/. > If it were ever revealed that Microsoft purposefully weakened > its encryption systems to allow the NSA access to any Windows > device, then it would be the end of the organization. Skype FTW! See the thread "Skype backdoor confirmation", http://lists.randombit.net/pipermail/cryptography/2013-May/004238.html. > There are a million and one ways to get access to the information ... +1. Attack the server first with jurisprudence, not the end point. The ROI is usually higher. Jeff On Thu, May 29, 2014 at 6:13 PM, Mike Cramer <mike.cramer@...look.com> wrote: > I think it’s more important to have rational discussions. This isn’t the first time Microsoft has been ‘rumored’ to have backdoors in Windows for the US Government. These rumors have been perpetuated for years. While I don’t know how long you’ve been in the industry, it’s something I recall even being 14 years old and sitting on IRC and having people discuss. > > > > The reality now, just as then, is that these are unsubstantiated. > > > > A more apt description about the cooperation between the US Government and Microsoft I think falls back onto our old pals “Alice and Bob”. I’m sure you may recall these names from any sort of discussion about PKI. > > > > What people seem to forget in all of these discussions is that Microsoft is Bob. (Microsoft Bob? :P) > > > > No amount of encryption, protection, secret keying is going to protect you when one party is going to hand over the information to 3rd parties to review. > > > > Based on my Alice and Bob comment above, it’s reasonable to assume that the encryption itself is 100% fine, so as long as you believe that Bob will never divulge the information you’ve disclosed. > > > > Through all of these discussions surrounding Bitlocker across multiple forums nobody has brought up the fact that Bitlocker in Windows 8 allows you to store recovery key information in OneDrive/”The Cloud”. Why bother writing in backdoors to the software when the keys are readily available with a warrant? > > > > There are a million and one ways to get access to the information and the absolutely most difficult, most costly, and most potentially damaging is the one people are jumping to first. > > > > If it were ever revealed that Microsoft purposefully weakened its encryption systems to allow the NSA access to any Windows device, then it would be the end of the organization. They’re just not that dumb. > _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists