via Slashdot
CowboyRobot writes “Poul-Henning Kamp argues that the ‘recent exposure of the dragnet-style surveillance of Internet traffic has provoked a number of responses that are variations of the general formula: “More encryption is the solution.” This is not the case. In fact, more encryption will probably only make the privacy crisis worse than it already is.’ His argument takes a few turns, but centers on a scenario that is a bit too easy to imagine: a government coercing software developers into disabling their encryption: ‘There are a whole host of things one could buy to weaken encryption. I would contact providers of popular cloud and “whatever-as-service” providers and make them an offer they couldn’t refuse: on all HTTPS connections out of the country, the symmetric key cannot be random; it must come from a dictionary of 100 million random-looking keys that I provide. The key from the other side? Slip that in there somewhere, and I can find it (encrypted in a Set-Cookie header?). In the long run, nobody is going to notice that the symmetric keys are not random — you would have to scrutinize the key material in many thousands of connections before you would even start to suspect something was wrong.'”
Read more of this story at Slashdot.
Leave a Reply