Attacks on encrypted communicxatiopn rising in Europe

martin martini5468 at gmail.com
Wed Aug 24 17:24:49 CEST 2016


On 24/08/16 15:37, Robert J. Hansen wrote:
> I find the current state of detente to be pretty good, actually.  We're
> allowed to design the best systems we can, and governments are allowed
> to discover where we're not as clever as we think we are.  If there's a
> flaw in Tor and the FBI uses it to pierce anonymity and go after a bad
> guy, I can get behind that.  Way to go, FBI, you did it right, now
> please hold on while we figure out how you did this and write a patch to
> keep you from doing it again.
> 
> I guess you could say my preferred solution to the crypto wars is to
> encourage an ongoing escalating crypto arms race.  It's crazy, but it
> seems to work.

For my €0.02 I think the above is mostly valid bar 2 small details:

1. Seldom we do find the FBI breaking security of anonymity tools. Only
if a high profile case shows up or someone leaks it. I think it is even
more rare for the FBI to outright disclose the vulnerability they used
so it can be patched. I don't even know if the other 3 letter agencies
do it.

2. Crypto arms race also implies stock piling vulnerabilities -
something Bruce Schneier is very vocal about [1][2]. I think the answer
here is to find a balance of some sort - i.e. keep vulnerabilities in
rare cases for short periods of time and then disclose and patch them.
However for that to work we need to trust the govt. to do the right
thing. Which I think is pretty much the core issue that started this
discussion.

Regards,
Martin

[1] Hacking Team, Computer Vulnerabilities, and the NSA -
https://www.schneier.com/blog/archives/2015/09/hacking_team_co.html
[2] Disclosing vs. Hoarding Vulnerabilities -
https://www.schneier.com/blog/archives/2014/05/disclosing_vs_h.html

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160824/654f03cd/attachment-0001.sig>


More information about the Gnupg-users mailing list