> Based on my Alice and Bob comment above, it’s reasonable > to assume that the encryption itself is 100% fine, so as long > as you believe that Bob will never divulge the information > you’ve disclosed.
Ask Bradley Manning how well that worked. Lamo could not keep his mouth shut as a priest or a journalist (I'm fairly certain Lamo claimed the conversations were safe because he was both). OTR provided no deniability. http://www.wired.com/2011/07/manning-lamo-logs/. > If it were ever revealed that Microsoft purposefully weakened > its encryption systems to allow the NSA access to any Windows > device, then it would be the end of the organization. Skype FTW! See the thread "Skype backdoor confirmation", http://lists.randombit.net/pipermail/cryptography/2013-May/004238.html. > There are a million and one ways to get access to the information ... +1. Attack the server first with jurisprudence, not the end point. The ROI is usually higher. Jeff On Thu, May 29, 2014 at 6:13 PM, Mike Cramer <[email protected]> wrote: > I think it’s more important to have rational discussions. This isn’t the > first time Microsoft has been ‘rumored’ to have backdoors in Windows for the > US Government. These rumors have been perpetuated for years. While I don’t > know how long you’ve been in the industry, it’s something I recall even being > 14 years old and sitting on IRC and having people discuss. > > > > The reality now, just as then, is that these are unsubstantiated. > > > > A more apt description about the cooperation between the US Government and > Microsoft I think falls back onto our old pals “Alice and Bob”. I’m sure you > may recall these names from any sort of discussion about PKI. > > > > What people seem to forget in all of these discussions is that Microsoft is > Bob. (Microsoft Bob? :P) > > > > No amount of encryption, protection, secret keying is going to protect you > when one party is going to hand over the information to 3rd parties to review. > > > > Based on my Alice and Bob comment above, it’s reasonable to assume that the > encryption itself is 100% fine, so as long as you believe that Bob will never > divulge the information you’ve disclosed. > > > > Through all of these discussions surrounding Bitlocker across multiple forums > nobody has brought up the fact that Bitlocker in Windows 8 allows you to > store recovery key information in OneDrive/”The Cloud”. Why bother writing in > backdoors to the software when the keys are readily available with a warrant? > > > > There are a million and one ways to get access to the information and the > absolutely most difficult, most costly, and most potentially damaging is the > one people are jumping to first. > > > > If it were ever revealed that Microsoft purposefully weakened its encryption > systems to allow the NSA access to any Windows device, then it would be the > end of the organization. They’re just not that dumb. > _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
