Does U.S. law or regulation require producers of encryption technology products (hardware or software) to supply the US government with a backdoor key to enable security agencies to read messages using those products?
No.
No, and mathematicians don’t know how to do such a thing anyway. An encryption algorithm with such a backdoor would be equivalent to a public-key encryption algorithm, and new public key encryption algorithms don’t come around every day.
Could either of you provide a cite? Thanks.
No, we can’t. We can’t prove the absence of a law. If you are alleging that such a law exists, then you are the one who needs to provide a citation.
Good point. I asked the question to settle a debate I’m having with someone. Is there a reliable source I could point to that would provide a reasonable amount of closure on the issue? Thanks for your quick replies.
I think this idea came around because of some events during the development of DES.
At the time, people thought the NSA reviewed the design and changed it, so people thought they added backdoors. But in fact they made it stronger against differential cryptanalysis, a crypto technique that was still a secret at the time.
And the Clipper chip. Although it wasn’t mandatory and never caught on it was at least a limited attempt to establish backdoors.
Sure they do. The PGP algorithm goes about 75% of the way there already. The PGP algorithm encrypt the main message with a standard symmetric cypher with a random key. This key is then encrypted using the recipients public key. If you send the message to more than one recipient then the symmetric key is encrypted with each recipients public key and place in the message. Conceivably a government public key could be used with every message.
I don’t see how the situations are at all analogous. The OP is asking whether encryption algorithms have “back-door” keys built into them to allow the government to covertly decrypt all traffic using that algorithm. This nothing to do with secure key exchange.
Yeah, it seems to me that it’s really just a civics question.
No way, it would have been discovered already by differnt white/black hacker groups.
If that someone cannot provide you with a cite himself, then the debate is settled. He loses. What’s so hard about that concept?
It is. The debate isn’t whether it’s possible, but whether it’s required by U.S. law. Thanks for all the answers.
I disagree. I illustrated a method using current encryption technology that would allow encryption of messages between people that allowed for a back door for the government to read the messages. You previously said that there was not a way to make an algorithm that allowed for a back door.
That wasn’t what the OP asked. The OP asked if there’s some Master Key built into encryption algorithms to allow a government to read anything encrypted with it.
Seven year old thread… what’s the latest?
Still no law requiring backdoors, even if they were possible.
Well, there is this:
Summary: it’s a random-number generator, intended to be suitable for cryptographic use, which was adopted as an official NIST standard thanks to the NSA heavily leaning on the standardization committee. Not long after its publication, some cryptographers pointed out that a set of numeric constants which was part of the standard, could very easily hide a back-door which would allow the party which generated those constants (the NSA) to predict all future output of the RNG after seeing just the first 32 bytes.
This would allow them to easily break any system which relied on the unpredictability of that RNG for its security. And because it’s an official government standard, quite a lot of security products contain this RNG, and some notable ones even use it as their default RNG.
In one of the documents released by Snowden, there is a reference to a 2006 NIST standard containing a backdoor. This is almost certainly a reference to dual-ec-drbg.
This is not tin-foil-hat stuff; the evidence is strong enough that Occam’s Razor actually supports the conspiracy theory in this case. Once you know what to look for, the backdoor is actually quite blatant. NIST has issued a recommendation against future use of this standard, and the RSA company had recalled one of their popular crypto libraries because it was using that RNG as the default.