ianG wrote:
On 18/11/13 20:58 PM, Thierry Moreau wrote:
ianG wrote:
On 18/11/13 10:27 AM, ianG wrote:
In the cryptogram sent over the weekend, Bruce Schneier talks about how
to design protocols to stop backdoors. Comments?
To respond...
https://www.schneier.com/blog/archives/2013/10/defending_again_1.html
Design Strategies for Defending against Backdoors
...
Encryption protocols should be designed so as not to leak any
random information. Nonces should be considered part of the key or
public predictable counters if possible. Again, the goal is to make it
harder to subtly leak key bits in this information.
Right, that I agree with. Packets should be deterministically created
by the sender, and they should be verifiable by the recipient.
Then you lose the better theoretical foundations of probabilistic
signature schemes ...
If you're talking here about an authenticated request, that should be
layered within an encryption packet IMHO, it should be the business
content.
To clarify the original recommendation, is it correct to assume that the
goal is to avoid subliminal channels through which key bits may be leaked?
If so, I don't see how a business content subliminal channel is a
lesser concern than a signature salt field subliminal channel.
Defending against backdoors without inspection of an implementation
details appears (euphemistically) challenging.
iang
--
- Thierry Moreau
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography