[cryptography] Design Strategies for Defending against Backdoors

Thierry Moreau thierry.moreau at connotech.com
Tue Nov 19 08:52:59 EST 2013


ianG wrote:
> On 18/11/13 20:58 PM, Thierry Moreau wrote:
>> ianG wrote:
>>> On 18/11/13 10:27 AM, ianG wrote:
>>>> In the cryptogram sent over the weekend, Bruce Schneier talks about how
>>>> to design protocols to stop backdoors.  Comments?
>>>
>>>
>>> To respond...
>>>
>>>> https://www.schneier.com/blog/archives/2013/10/defending_again_1.html
>>>>
>>>> Design Strategies for Defending against Backdoors
>>>>
>>
>> ...
>>
>>>>      Encryption protocols should be designed so as not to leak any
>>>> random information. Nonces should be considered part of the key or
>>>> public predictable counters if possible. Again, the goal is to make it
>>>> harder to subtly leak key bits in this information.
>>>
>>>
>>> Right, that I agree with.  Packets should be deterministically created
>>> by the sender, and they should be verifiable by the recipient.
>>>
>>
>> Then you lose the better theoretical foundations of probabilistic
>> signature schemes ...
> 
> 
> If you're talking here about an authenticated request, that should be 
> layered within an encryption packet IMHO, it should be the business 
> content.
> 

To clarify the original recommendation, is it correct to assume that the 
goal is to avoid subliminal channels through which key bits may be leaked?

If so, I don't see how a "business content" subliminal channel is a 
lesser concern than a signature salt field subliminal channel.

Defending against backdoors without inspection of an implementation 
details appears (euphemistically) challenging.

> iang
> 
> 


-- 
- Thierry Moreau



More information about the cryptography mailing list