Why Governments Lie About Encryption Backdoors

Lauren Weinstein says there are smart people in government, "who fully understand the technical realities of modern strong encryption systems and how backdoors would catastrophically weaken them," but asks So why do they continue to argue for these backdoor mechanisms, now more loudly than ever? The answer appears to be that they're lying to us. Or if lying seems like too strong a word, we could alternatively say they're being 'incredibly disingenuous' in their arguments. You don't need to be a computer scientist to follow the logic of how we reach this unfortunate and frankly disheartening determination regarding governments' invocation of terrorism as an excuse for demanding crypto backdoors for authorities' use.

Re:How does it work

Because encryption is usually a bit more complex then just that. A common system is to encrypt the data with a a strong symmetric cipher, using a single-use key key generated on the fly, then encrypt a copy of that key with the method of the user's choice, such as a password or asymmetric cipher. This way, you lessen the impact of using a slower or weaker method, as it is encrypting what is hopefully a relatively small and utterly random packet of data. Diffie-Hellman key exchange, NTFS file encryption, and others use this principle.

The 'master key' exploit should be fairly obvious, at this point: Every time the system creates a key package, it creates another copy of the single-use key, encrypted with a hidden 'master key' supplied by whoever ordered the backdoor. This doesn't compromise the integrity of the cipher used on the data, or on the other key packages. The danger lies in the security of the Master Key itself, which must be included in some form in every single instance of the encryption system. Unless the Master Key is made truly unique for every instance - a records-keeping nightmare - then an attacker only needs to break one key to break them all.