Again it is very unlikely. There are many options to get the keys - like
forcing you to divulge them or wire tapping your keyboard.
If such a backdoor was included than it would likely be spotted. Here
are some comments on a similar accusation a few years ago:
http://www.cnn.com/TECH/computing/9909/13/backdoor.idg/
________________________________
From: owner-or-talk@xxxxxxxxxxxxx [mailto:owner-or-talk@xxxxxxxxxxxxx]
On Behalf Of Ringo Kamens
Sent: 14 May 2006 18:43
To: or-talk@xxxxxxxxxxxxx
Subject: Re: Some legal trouble with TOR in France
I'm not saying the AES is weak. I'm saying that Microsoft might have
implemented a back-door for governments. They could store the private
keys and passwords in videocard memory or in the boot sector or
something like that.
On 5/14/06, Tony <Tony@xxxxxxxxxxxxx> wrote:
2. The restrictions on encryption were removed some years ago. The best
encryption software comes from outside the USA anyway so it was always a
pointless exercise in futility.
Unless a vulnerability is found in 256 bit AES it would take them longer
than the ages of the universe to crack a key by brute force no matter
how many terraflops of power they have to task on your key (not to
mention the many others they might want to crack)
3. Filtering content is not quite the same as signing code and
pretending it comes from Microsoft. Such a piece of code would have a
changed checksum would likely be spotted and then analysed. I can't see
Microsoft doing that unless required by law.
4. TPM is part of the trusted computing concept. It just makes it much
harder. Not impossible.
________________________________
From: owner-or-talk@xxxxxxxxxxxxx [mailto:owner-or-talk@xxxxxxxxxxxxx]
On Behalf Of Ringo Kamens
Sent: 14 May 2006 18:31
To: or-talk@xxxxxxxxxxxxx
Subject: Re: Some legal trouble with TOR in France
There are a few key points that you are overlooking.
1. In support of the photocopying money scandal, most printers have
yellow dots imprinted on them that track date printed, serial number,
etc.
2. By US export law, US companies are not allowed to export encryption
larger than 56 bit (although it might have jumped to 128 a few years
ago), unless it has been certified by the government. That means unless
it has a backdoor. Plus, governments have thousands of teraflops of idle
computer cycles waiting to crack your keys.
3. How can you honestly think Microsoft wouldn't bend over for the US
government. They bent over for China. Look at PGP. They moved to closed
source after version 6.0 with no valid reason. The reason is probably
the government.
4. In terms of using checksums to ensure your system hasn't been
tampered with, the computer hardware could have a defense system against
that such as trusted computing.
Ringo Kamens
On 5/14/06, Mike Zanker < mike@xxxxxxxxxx <mailto:mike@xxxxxxxxxx> >
wrote:
On 14/5/06 15:10, Tony wrote:
> Nb- failure to disclose keys is up to two years in prison. Not 10.
>
> (5) A person guilty of an offence under this section shall be liable-
>
> (a) on conviction on indictment, to imprisonment for a term not
> exceeding two years or to a fine, or to both;
> (b) on summary conviction, to imprisonment for a term not exceeding
> six months or to a fine not exceeding the statutory maximum, or to
both.
Furthermore, that's part III of RIPA which hasn't been enacted yet.
Mike.
This message has been scanned for viruses by MailController -
www.MailController.altohiway.com
<http://www.mailcontroller.altohiway.com/>