Encryption Backdoors Will Always Turn Around And Bite You In The Ass

from the golden-keys dept

As you may have heard, the law enforcement and intelligence communities have been pushing strongly for backdoors in encryption. They talk about ridiculous things like “golden keys,” pretending that it’s somehow possible to create something that only the good guys can use. Many in the security community have been pointing out that this is flat-out impossible. The second you introduce a backdoor, there is no way to say that only “the good guys” can use it.

As if to prove that, an old “golden key” from the 90s came back to bite a whole bunch of the internet this week… including the NSA. Some researchers discovered a problem which is being called FREAK for “Factoring RSA Export Keys.” The background story is fairly involved and complex, but here’s a short version (that leaves out a lot of details): back during the first “cryptowars” when Netscape was creating SSL (mainly to protect the early e-commerce market), the US still considered exporting strong crypto to be a crime. To deal with this, RSA offered “export grade encryption” that was deliberately weak (very, very weak) that could be used abroad. As security researcher Matthew Green explains, in order to deal with the fact that SSL-enabled websites had to deal with both strong crypto and weak “export grade” crypto, — the “golden key” — there was a system that would try to determine which type of encryption to use on each connection. If you were in the US, it should go to strong encryption. Outside the US? Downgrade to “export grade.”

In theory, this became obsolete at the end of the first cryptowars when the US government backed down for the most part, and stronger crypto spread around the world. But, as Green notes, the system that did that old “negotiation” as to which crypto to use, known as “EXPORT ciphersuites” stuck around. Like zombies. We’ll skip over a bunch of details to get to the point: the newly discovered hack involves abusing this fact to force many, many clients to accept “export grade” encryption, even if they didn’t ask for it. And it appears that more than a third of websites out there (many coming from Akamai’s content delivery network — which many large organizations use) are vulnerable.

And that includes the NSA’s own website. Seriously. Now, hacking the NSA’s website isn’t the same as hacking the NSA itself, but it still seems notable just for the irony of it all (obligatory xkcd):

But the lesson of the story: backdoors, golden keys, magic surveillance leprechauns, whatever you want to call it create vulnerabilities that will be exploited and not just by the good guys. As Green summarizes:

There?s a much more important moral to this story.

The export-grade RSA ciphers are the remains of a 1980s-vintage effort to weaken cryptography so that intelligence agencies would be able to monitor. This was done badly. So badly, that while the policies were ultimately scrapped, they?re still hurting us today.

This might be academic if it was just a history lesson ? but for the past several months, U.S. and European politicians have been publicly mooting the notion of a new set of cryptographic backdoors in systems we use today. This would involve deliberately weakening technology so that governments can intercept and read our conversations. While officials are carefully avoiding the term ?back door? ? or any suggestion of weakening our encryption systems ? this is wishful thinking. Our systems are already so complex that even normal issues stress them to the breaking point. There’s no room for new backdoors.

To be blunt about it, the moral of this story is pretty simple:

Encryption backdoors will always turn around and bite you in the ass. They are never worth it.

Let’s repeat that last line, because it still seems that the powers that be don’t get it:

Encryption backdoors will always turn around and bite you in the ass. They are never worth it.

Whether it’s creating vulnerabilities that come back to undermine security on the internet decades later, or merely giving cover to foreign nations to undermine strong encryption, backdoors are a terrible idea which should be relegated to the dustbin of history.

Filed Under: , , , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Encryption Backdoors Will Always Turn Around And Bite You In The Ass”

Subscribe: RSS Leave a comment
Just Another Anonymous Troll says:

Give the coders a break

It’s hard enough to create a secure cryptographic standard and keep it that way.
It’s even harder* to create a secure cryptographic standard, keep it that way, and maintain a backdoor for intelligence agencies. In fact, having a backdoor in your crypto is the very antithesis of a secure system.
*read: impossible

Mike Acker (profile) says:

re: "the don't get it"

=”Let’s repeat that last line, because it still seems that the powers that be don’t get it: “

IMHO the understand it perfectly. and, as the song says “as soon as one door closes another door will open”

and so the game of whack a mole continues ad nauseum. another “sophisticated” (my ass) attack . another CVE. and then another patch, and another door is opened.

the business model of the internet is surveillance. i think this was noted by Bruce Schneier recently, if memory serves. and this is exploited by commercial interests, government, and crooks alike. Truly “a fool’s paradise”.

Open source should help. I hope. I use it, anyway.

Anonymous Coward says:

"Golden key"

It’s interesting to note that this SSL “export crypto” was really an attempt at a “golden key”, that is, something only “good guys” could break.

It worked by deliberately weakening the encryption. It did the equivalent of taking a long key (for instance, a 128-bit symmetric key) and revealing most of it, so only a small part of the key was kept secret (usually 40 bits for symmetric keys).

“Good guys” like the government would have access to large amounts of computer power, and therefore be able to try all the 1099511627776 possible combinations until finding one that matched. “Bad guys” like a neighborhood hacker would have access only to a small amount of computer power, and so would need years to find the matching combination. With advances on computer power, the size of the secret part was increased, so one would would have to check 72057594037927936 possible combinations.

Of course, the premise that only “good guys” would have access to large amounts of computer power didn’t hold for long (the EFF DES cracker was an early demonstration of its failure). And that’s before going into the definition of “good guys”.

Anonymous Coward says:

Re: "Golden key"


One could make a monetary argument: even for the weakened keys, the cost of trying all the combinations would be more than the value of the obtained information, so your credit card numbers were safe. That ignores three important considerations.

First, that not all value is monetary. A hacker could be willing to spend more than the monetary value of the information, if he had other reasons to be interested in breaking the encryption.

Second, that marginal cost matters. Once the hacker has already spent the hundreds of thousands of dollars to buy the fast computers he would need, the incremental key of breaking another key is small (mostly power and wear on the fans). The more keys the hacker breaks with his initial investment, the cheaper it becomes in the end.

Third, that hackers hack (it’s what they do). What prevents a hacker from using other people’s money to break the keys? A hacker could for instance invade a company and “borrow” their computers for a while.

Anonymous Coward says:

Re: Re: "Golden key"


However, SSL export crypto was “fair for its day”. Back then, everything was plaintext. Nothing was encrypted. Even with its bizarre limitations, export crypto was a “foot in the door”: people got used to it, and wanted more.

The world has also changed. Gone are the days where nation-states had the privilege of being the only ones with the capability to develop strong cryptography. The notion that export restrictions would prevent strong cryptography from becoming available to everyone became more and more of an anachronism. With the knowledge of cryptography becoming more common, the knowledge of its weaknesses also became more public. Weak algorithms became less acceptable. And with that, “deliberately reducing the key length” is no longer a valid attempt at a “golden key”.

Anonymous Coward says:

Re: Re: "Golden key"

the cost of trying all the combinations would be more than the value of the obtained information,

Botnets do not cost the cracker, and can provide more computing power that most data-centers. In may ways the bad guys have the advantage over the good guys when it comes to access to computing power, embarrassingly parallel problems , as they steal computer cycles, rather than paying for them.

DannyB (profile) says:

Oxymoron time

Whenever you hear someone say that they want systems to be Secure and have Golden Keys, they are contradicting themselves.

The “Golden Keys” is a euphemism for Back Door, to make it sound nicer.

A Back Door is a security vulnerability that makes a system insecure.

Therefore the person is saying they want a system to be Secure and Insecure. That is a government worthy oxymoron if I have ever heard one.

See here for example:

New Rules in China Upset Western Tech Companies

Oh, look! The Chinese are doing it too! But they don’t call it “golden keys”, they say they want systems to be “Secure and Controllable”.

Controllable means Back Door.
Back Door means vulnerability making system insecure.

Therefore, the Chinese want systems to be “Secure and Insecure”. Another oxymoron brought to you by a government.

Guardian says:


a design implimentation of a virus that can use 5% of the bandwidth of a pc could also easily do same for its cpu powr say 1%, then range out and use a bot net for use of 1 million pcs
that would be like having 100,000 full computers and using process hiders ( they exist right now ) you will never know in fact , with the knolwedge of all the major anti virii providers out there , its easy to “simulate them while eradicating them …keeping the machine largely safer then it was previously lol….

you all fookin idiots to think this 15 year old tech has not advanced

Uriel-238 (profile) says:

Since they want a golden key, lets make it a golden key.

That is, rather than a backdoor key we provide interested agencies with a golden cryptanalytic algorithm based on the classic brute force attack

In fact, it’s identical. Given a targeted data packet, the routine attempts to decode it with a hypothetical key 00000…00001, then 00000…00010, then 00000…00011 and so on until one test produces readable code.

Such an algorithm will, inevitably, crack any crypto (not just SSL) and allow an agency to access the unencrypted text. It’s also intrinsically costly, so that only governments with immense computational resources will be able to break SSL. In fact, costly enough to protect end users against dragnet use of the key, so that warrants for specific decryption jobs will serve as a time and labor saving stopgap against Golden Key overuse.

(By costly, I mean it takes a very fast and powerful computer a very long time to derive an SSL key. Indirectly, it may cost a lot of actual money for renting and maintaining the computer and supplying it with power. Also considering the time requirements, upgrades, hiring and training new technicians, museum rights and so on.)

Jack says:

Re: Since they want a golden key, lets make it a golden key.

You did read the story didn’t you? That is exactly what the exported version of RSA was – it was a short enough key to be brute forced only by governmetns with massive computing power (at the time). Unfortunately for the NSA (but fortunately for us), computational power of computers increased exponentially and instead of a normal PC taking hundreds or thousands of years to brute force the algorithm, it only took hours or minutes…

Uriel-238 (profile) says:

Re: And this is why we need encryption with plausible deniability.

Heck, an extra-careful enterprise could add the process of writing unused space on all hard drives with random numbers. That way drives that are unencrypted are indistinguishable from drives that are.

I’m pretty sure the military seven-pass data purge ends with random numbers anyway.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...