[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] TrueCrypt?

To: Mike Cramer <mike.cramer@xxxxxxxxxxx>
Subject: Re: [FD] TrueCrypt?
From: Jeffrey Walton <noloader@xxxxxxxxx>
Date: Fri, 30 May 2014 02:59:36 -0400

> Based on my Alice and Bob comment above, it’s reasonable
> to assume that the encryption itself is 100% fine, so as long
> as you believe that Bob will never divulge the information
> you’ve disclosed.

Ask Bradley Manning how well that worked. Lamo could not keep his
mouth shut as a priest or a journalist (I'm fairly certain Lamo
claimed the conversations were safe because he was both). OTR provided
no deniability. http://www.wired.com/2011/07/manning-lamo-logs/.

> If it were ever revealed that Microsoft purposefully weakened
> its encryption systems to allow the NSA access to any Windows
> device, then it would be the end of the organization.

Skype FTW!  See the thread "Skype backdoor confirmation",
http://lists.randombit.net/pipermail/cryptography/2013-May/004238.html.

> There are a million and one ways to get access to the information ...

+1. Attack the server first with jurisprudence, not the end point. The
ROI is usually higher.

Jeff

On Thu, May 29, 2014 at 6:13 PM, Mike Cramer <mike.cramer@xxxxxxxxxxx> wrote:
> I think it’s more important to have rational discussions. This isn’t the 
> first time Microsoft has been ‘rumored’ to have backdoors in Windows for the 
> US Government. These rumors have been perpetuated for years. While I don’t 
> know how long you’ve been in the industry, it’s something I recall even being 
> 14 years old and sitting on IRC and having people discuss.
>
>
>
> The reality now, just as then, is that these are unsubstantiated.
>
>
>
> A more apt description about the cooperation between the US Government and 
> Microsoft I think falls back onto our old pals “Alice and Bob”. I’m sure you 
> may recall these names from any sort of discussion about PKI.
>
>
>
> What people seem to forget in all of these discussions is that Microsoft is 
> Bob. (Microsoft Bob? :P)
>
>
>
> No amount of encryption, protection, secret keying is going to protect you 
> when one party is going to hand over the information to 3rd parties to review.
>
>
>
> Based on my Alice and Bob comment above, it’s reasonable to assume that the 
> encryption itself is 100% fine, so as long as you believe that Bob will never 
> divulge the information you’ve disclosed.
>
>
>
> Through all of these discussions surrounding Bitlocker across multiple forums 
> nobody has brought up the fact that Bitlocker in Windows 8 allows you to 
> store recovery key information in OneDrive/”The Cloud”. Why bother writing in 
> backdoors to the software when the keys are readily available with a warrant?
>
>
>
> There are a million and one ways to get access to the information and the 
> absolutely most difficult, most costly, and most potentially damaging is the 
> one people are jumping to first.
>
>
>
> If it were ever revealed that Microsoft purposefully weakened its encryption 
> systems to allow the NSA access to any Windows device, then it would be the 
> end of the organization. They’re just not that dumb.
>

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

References:
- [FD] TrueCrypt?
  - From: Anthony Fontanez
- Re: [FD] TrueCrypt?
  - From: uname -a
- Re: [FD] TrueCrypt?
  - From: secuip
- Re: [FD] TrueCrypt?
  - From: Justin Bull
- Re: [FD] TrueCrypt?
  - From: Justin Bull
- Re: [FD] TrueCrypt?
  - From: Mike Cramer

Prev by Date: Re: [FD] Full disk encryption for OS X alternative to TrueCrypt
Next by Date: Re: [FD] Full disk encryption for OS X alternative to TrueCrypt
Previous by thread: Re: [FD] TrueCrypt?
Next by thread: Re: [FD] TrueCrypt?
Index(es):
- Date
- Thread