[cryptography] Design Strategies for Defending against Backdoors
thierry.moreau at connotech.com
Tue Nov 19 08:52:59 EST 2013
> On 18/11/13 20:58 PM, Thierry Moreau wrote:
>> ianG wrote:
>>> On 18/11/13 10:27 AM, ianG wrote:
>>>> In the cryptogram sent over the weekend, Bruce Schneier talks about how
>>>> to design protocols to stop backdoors. Comments?
>>> To respond...
>>>> Design Strategies for Defending against Backdoors
>>>> Encryption protocols should be designed so as not to leak any
>>>> random information. Nonces should be considered part of the key or
>>>> public predictable counters if possible. Again, the goal is to make it
>>>> harder to subtly leak key bits in this information.
>>> Right, that I agree with. Packets should be deterministically created
>>> by the sender, and they should be verifiable by the recipient.
>> Then you lose the better theoretical foundations of probabilistic
>> signature schemes ...
> If you're talking here about an authenticated request, that should be
> layered within an encryption packet IMHO, it should be the business
To clarify the original recommendation, is it correct to assume that the
goal is to avoid subliminal channels through which key bits may be leaked?
If so, I don't see how a "business content" subliminal channel is a
lesser concern than a signature salt field subliminal channel.
Defending against backdoors without inspection of an implementation
details appears (euphemistically) challenging.
- Thierry Moreau
More information about the cryptography