The Ask Leo! Podcast

By: Leo A. Notenboom
  • Summary

  • Audio versions of new articles as they’re posted on http://askleo.com
    Copyright Ask Leo!
    Show more Show less
activate_Holiday_promo_in_buybox_DT_T2
Episodes
  • Let’s Talk About Macrium Reflect X
    Nov 22 2024
    Macrium Reflect X is the successor to version 8. It includes a few new features and a controversial change to the licensing model.
    Show more Show less
    7 mins
  • Why Encryption Backdoors Are a Horrific Idea
    Nov 21 2024
    [glossary_exclude]They assume perfection, and we all know how that goes.[/glossary_exclude] by Leo A. Notenboom (Image: DALL-E 3) A phrase we've heard more and more often in recent years is encryption backdoor. The concept is simple: government agencies want to be able to monitor otherwise encrypted communications. The concept is flawed. [glossary_exclude]Encryption backdoors[/glossary_exclude][glossary_exclude]Encryption backdoors allow governments or other entities to access private communications, undermining privacy. These backdoors create vulnerabilities; they rely on the trustworthiness of those entities to use backdoor keys responsibly and prevent leaks. Criminals can still bypass such measures using traditional, non-backdoored encryption. Encryption backdoors risk your privacy without effectively improving anyone's security.[/glossary_exclude] Securing communications with encryption The fundamental concept of encrypted communications is that only the sender and the recipient can read a message exchanged between them. The sender encrypts it before sending, and only the recipient has the ability to decrypt it.1 One example I run into regularly is sending someone a password -- you don't want someone "in the middle" to be able to see it. An end-to-end encrypted messaging service is one solution. Governments don't like this at all. At its most basic, encryption prevents law enforcement from monitoring potentially illegal activities. At its most extreme, it prevents oppressive governments from monitoring what their citizens might be up to. As a result, from time to time we hear of proposed legislation to force service providers to provide a back door that would allow authorized entities such as governments and perhaps others to access otherwise inaccessible communications. How a backdoor might work Traditional encryption works in one of two ways. One method uses a common secret, like a password, which is used to both encrypt and decrypt data. The other method uses a key-pair: one key can decrypt data encrypted by the other, and vice versa. Without the appropriate password or key, encrypted data cannot be decrypted.2 What both these approaches have in common is math -- lots and lots of advanced, complex math. A backdoor adds more math. In addition to the password or key, some kind of "master key" would also be needed to decrypt the data. That master key would be shared only with trusted entities (like governments) with (hopefully) legitimate reasons to decrypt the data. A real-world physical example Consider the TSA-approved padlock. TSA's "back door" on a combination lock. (Image: askleo.com) This padlock might have a key or combination. If you have the key or know the combination, you can unlock it. In the United States, the TSA (Transportation Security Administration) has mandated that approved padlocks also have an additional key slot -- a key slot for which their agents have a master key. This master key is a back door allowing them to bypass your padlock’s mechanism completely and open it. This allows them to examine the contents of your luggage. You can use a non-compliant padlock, but the TSA has the right to break the lock. There's a reasonable argument that this contributes to public safety. However, even though it's likely illegal to possess, the master key has long been available to anyone who cares to get it. Travelers have been forced to sacrifice personal privacy for public security. Physical versus digital The major difference between our physical example and encryption is the bolt cutter. Luggage locks are easily broken. Even the most secure locking mechanisms can typically be thwarted with enough skill or force. That's not quite the same as digital encryption. An appropriately strong encryption algorithm can be practically impossible to break. Again, governments don't like this. They would very much like a way to break the lock,
    Show more Show less
    8 mins
  • In Search of Perfect Security
    Nov 20 2024
    Perfect security is a myth. What's important is to pay attention to the trade-offs you make.
    Show more Show less
    6 mins

What listeners say about The Ask Leo! Podcast

Average customer ratings

Reviews - Please select the tabs below to change the source of reviews.