[cryptography] Question About Best Practices for Personal File Encryption

ianG iang at iang.org
Sun Aug 17 08:01:25 EDT 2014


On 17/08/2014 05:09 am, Jeffrey Goldberg wrote:
> On 2014-08-16, at 4:51 PM, David I. Emery <die at dieconsulting.com> wrote:

> I do think, however, that if there are such backdoors, it would have
> to be known to only a very small number of people. Too many of the people
> who work on Apple security would blow the whistle. So it would have to
> be introduced in such a way that most of the people who actually develop
> these tools are unaware of the backdoors. It’s certainly possible, but
> it does shift balance of plausibility.

Right.  As I understand it, the standard way that this is done is to
create a special features group in another closely-allied country.  That
group secures permission from HQ to do some rework for their "special
national needs."

That group then inserts in the backdoor, then ships the entire patch off
to HQ.  Unless the center is reviewing for obfuscated tricks from a
trusted partner, the backdoor slides in, and nobody knows it is there.



iang



More information about the cryptography mailing list