FREAK, Logjam, DROWN All a Result of Weaknesses Demanded By US Gov't

itwbennett writes: You need look no further than the FREAK and Logjam attacks in 2015 and the DROWN attack announced just this week to get a sense of 'the dangers of deliberately weakening security protocols by introducing backdoors or other access mechanisms like those that law enforcement agencies and the intelligence community are calling for today,' writes Lucian Constantin. But this isn't a new problem. 'One approach [the government] used throughout the 1990s [to keep encryption under its control] was to enforce export controls on products that used encryption by limiting the key lengths, allowing the National Security Agency to easily decrypt foreign communications,' says Constantin. 'This gave birth to so-called 'export-grade' encryption algorithms that have been integrated into cryptographic libraries and have survived to this day.'

What about "Import Grade"

[Archangel+Michael]

The way around the stupid laws that do not protect anyone from anything, is to import crypto from outside the US that is better and more robust than the stupid crippled versions mandated by US Law.

Re:What about "Import Grade"

[Bert64]

No, but would you necessarily trust the US government either...
The difference is that the US government has more reason to spy on a random US citizen then a foreign government does, and are more likely to do something with the information.
If you're going to use something thats backdoored, better to have it backdoored by someone who has no interest in you.

Re:Warrant canary

[Bugler412]

that works until the next precedent setting court case that determines that failing to update the warrant canary is a form of communication prohibited by the gag order due to the intent of the operator. Coming soon to a federal court near you I'm sure.