> There's absolutely no way to give police a back door into encryption without giving criminals the same back door.
This feels disingenuous to me. It would be fairly trivial, for example, to store a copy of all keys, encrypted with the government’s public key. Of course, there’s a million eats to go wrong, but that’s different from “mathematically impossible.”
But the million ways to go wrong IS the problem. I may be appealing to authority here, but is it disingenuous when an overwhelming majority of encryption and security experts agree?
Note that he was replying to a comment that was saying that a back door that is not wide open to criminals is comparable to thinking pi = 3.
As is pointed out in the Schneier article, the problems with a key escrow scheme are on the law enforcement side of things. They could lose access to their keys, especially if a lot of different agencies have keys.
Those are difficulties that can in theory be overcome, although it may not be practical to do so. That's a far cry from a pi = 3 issue.
The original argument was “The legislation in no way compromises the security of any Australians’ digital communications.”
This is approaching a pi = 3 level falsehood because of the “in no way compromises” clause. There are many schemes that are outright illegal (in my not a lawyer interpretation of this law), and it nakedly makes the other schemes harder with state actors as additional points of failure.
Well, that does actually make some schemes impossible (in a pi = 3 kind of impossible) because it means the private key has to leave someone’s device and be sent over the wire- and many schemes don’t do that.
https://en.m.wikipedia.org/wiki/Three-pass_protocol
I’m not a cryptographer but I assume there are other schemes that are at least weakened by the requirement of a third party holding a key, much like the TSA master lock program was broken by statistical analysis of locks that were mastered this way.
But the mathematical impossibility if this aside, there is a very real practical impossibility if trusting an organization as large as the US government to keep such a database secure. There are better ways to help law enforcement than blowing such a large gaping hole in the web.
This feels disingenuous to me. It would be fairly trivial, for example, to store a copy of all keys, encrypted with the government’s public key. Of course, there’s a million eats to go wrong, but that’s different from “mathematically impossible.”