backdoor Do you guys prefer backdoor(s) on encryption feature?

[Sooneung]

On a game cummunity, someone said 'encryption with ability to recover your data in case you forget your password!'

I was like 'no that's insane! Having backdoor(s) on encryption is one of the most dummest thing in the world!' And we fought back for quite some time.

 

I really think backdoors shouldn't exist at all. Thats the main goal of security, isn't it? (Also that's what the whole security industry is trying to achive) Well, sure it would be nice to normal users to give an option to recover the data in case you forget your password. But the point is recovery process is not done with not something like bitlocker recovery key. There's an software which unlocks the password automatically for you! That's insane! I wouldn't call it a 'security feature'. Rather, I'd call it 'the illusion of being secure feature'.

 

Long story short, do you guys prefer an external drive which has an backdoor to recover your data? (Remember no recovery keys. Software does it for you without authentication.) Plz share your thoughts. I am really pissed off for being despised by random guy on internet.

[Sooneung]

Btw, I don't know whether the drive he mensioned has the backdoors or not.

[Dash Lambda]

I think of it like this:

Let's say you have a house. Your house has a key that allows you to lock it. Now let's say you lost or damaged that key.

Some people keep a spare key under the welcome mat, in a potted plant, in a lawn light, something like that -Often in a place that most people wouldn't look. That allows them to access their house even when they lost their key, as they have a backup. It introduces a security flaw, but it lets you use your house.

If you don't have a hidden key, then you can call a locksmith. The locksmith will come out and break through your security for you, usually in a few minutes to a couple hours with the aid of special tools. This eliminates the glaring security flaws from having keys laying around, but it does mean someone must be able to get through your security pretty easily anyway.

Now imagine it would take the locksmith several million years to get you into your house, and your only other option was to burn it to the ground and start over.

 

Back doors aren't always flaws, it just depends on the intention. A back door that requires intimate hardware access and is made for the user or a technician to recover data in the event of a failure is generally fine (outside of very exceptional situations), but a back door that's exposed to the network whose purpose is to circumvent the user's authority (didn't Google randomly change a setting on most Android phones a little while ago?) is counterproductive and dangerous.

 

Those are just my thoughts, though.

[mr moose]

5 minutes ago, Dash Lambda said:

I think of it like this:

Let's say you have a house. Your house has a key that allows you to lock it. Now let's say you lost or damaged that key.

Some people keep a spare key under the welcome mat, in a potted plant, in a lawn light, something like that -Often in a place that most people wouldn't look. That allows them to access their house even when they lost their key, as they have a backup. It introduces a security flaw, but it lets you use your house.

If you don't have a hidden key, then you can call a locksmith. The locksmith will come out and break through your security for you, usually in a few minutes to a couple hours with the aid of special tools. This eliminates the glaring security flaws from having keys laying around, but it does mean someone must be able to get through your security pretty easily anyway.

Now imagine it would take the locksmith several million years to get you into your house, and your only other option was to burn it to the ground and start over.

 

Back doors aren't always flaws, it just depends on the intention. A back door that requires intimate hardware access and is made for the user or a technician to recover data in the event of a failure is generally fine (outside of very exceptional situations), but a back door that's exposed to the network whose purpose is to circumvent the user's authority (didn't Google randomly change a setting on most Android phones a little while ago?) is counterproductive and dangerous.

 

Those are just my thoughts, though.

pretty much this, it just depends how important that information is to you and how secret you need to keep it as to what level of security you apply.

[captain_to_fire]

Backdoors with the intention to bring a criminal to justice is a good thing. However, nothing exists to prevent its abuse especially when the person in power has an authoritarian agenda. So until then, I’d say no to all forms of deliberate encryption backdoors and I wish all tech companies sayto government officials demanding to spy on a person or even a country. 

 

Law abiding citizens and criminals breathe the same air, so is encryption. 

 

[Mira Yurizaki]

The main problem with backdoors is the moment an attacker finds out about it, you're no longer safe.

[themctipers]

a backdoor that I create inside what would be a completely secure encryption scheme? Sure. as long as only I can create them and it is 100% perfect at evading potential attacks

 

else, no. I would rather my encryption all be done right and if I forget the password to them, it's gone forever and there is no chance in recovering my data except for taking years to brute force the encryption 

For me, encryption is only done right if you forget it, it's gone forever. 

[Guest]

Backdoors are handy to have when you do need them.

 

Let's take the hard drive example, if I want to store and archive sensitive information for a company I work for, of course I am going to enable encryption and so forth. I have to physically remove the drive from the machine/server it came from and store it securely.

 

However, what if I, or someone else has to access the data on that drive again in a few years, who knows if I'd be working for the same company, or remember the encryption password. It might be imperative that this data is accessed. How am I able to access it without a backdoor?

 

There are pros and cons to everything, and each individual has their own argument, I just think of this as an agree to disagree scenario and topic.

 

 

[Sooneung]

2 hours ago, Dash Lambda said:

I think of it like this:

Let's say you have a house. Your house has a key that allows you to lock it. Now let's say you lost or damaged that key.

Some people keep a spare key under the welcome mat, in a potted plant, in a lawn light, something like that -Often in a place that most people wouldn't look. That allows them to access their house even when they lost their key, as they have a backup. It introduces a security flaw, but it lets you use your house.

If you don't have a hidden key, then you can call a locksmith. The locksmith will come out and break through your security for you, usually in a few minutes to a couple hours with the aid of special tools. This eliminates the glaring security flaws from having keys laying around, but it does mean someone must be able to get through your security pretty easily anyway.

Now imagine it would take the locksmith several million years to get you into your house, and your only other option was to burn it to the ground and start over.

 

Back doors aren't always flaws, it just depends on the intention. A back door that requires intimate hardware access and is made for the user or a technician to recover data in the event of a failure is generally fine (outside of very exceptional situations), but a back door that's exposed to the network whose purpose is to circumvent the user's authority (didn't Google randomly change a setting on most Android phones a little while ago?) is counterproductive and dangerous.

 

Those are just my thoughts, though.

Yes, the spare keys are the recovery keys. This is something like a recovery key you get when you setup bitlocker or 2factor auth on google. This key HAS to exist. But the thing is that black smith's tools are some software from company, which can leak to public or be abused by one of the employees. Think of an samsung's odin, which is intended to be used in service centers.

 

Many of us uses iPhone because we believe iPhone has one of the most secure phones in the world, where as android phone's data can be leaked. We use truecrypt(or fork of truecrypt) because we believe even the nsa can't crack them. Sure, there might be an hidden backdoors we never knew, but we use those because we feel safe.

 

Sure, we have to have some sort of recovery options because we humans are not perfect. But the thing is process of recoverying keys shouldn't be easy. You gave a example of a blacksmith breaking into security. The problem is that ordinary keys are easy to break into. We change our lockers to digital ones because of this. The process should involve more tight verification of user that's trying to use backdoor. We can't just unlock the thing with a tool without verification. That is no longer secure. For example, when you forget your google password, they ask you to enter your prev passwords, birthdate, what you have done wuth the account etc to ensure you are you before they reset your password. Same for the facebook account. The process of recoverying sould be very tight.

 

When we use bitlocker(one of the most common software we use), they provide a recovery key and they force you to save or print the key. They warn you if you loose it, your data are basically .... gone for good. But we don't have any other options other than recovery key if you loose your password. I believe there's a reason for that. More spare keys, more vulnerable your data are. When you add a backdoor(s), your giving the genius hackers around the world more headrooms to crack the password. But what he said(on the chat session I mensioned on original article) is that you could easily recovery your password fron service center with special tool. I don't know what the mechanisms are, but that frightens me. If it is something like some recovery key or matching up hints you gave to encryption software earlier, pew what a relief. If thats not the case, than the encryption is basically useless because almost anyone on the company can access the tools and can even leak the software or informations of the tools.

 

This is my thoughts. Maybe I'm being too sensitive. Maybe it's because I'm into security things. Maybe ordinary endusers really need an easy recovery options. Maybe they don't need a cutring edge security. But this is what I think. (Sorry for bad English if it disturbed you.)

[Sooneung]

Whoa thats long. Perhaps I really am being too serious about this thing. Maybe I really overlooked the advantages of backdoors.

[Sooneung]

2 hours ago, captain_to_fire said:

Backdoors with the intention to bring a criminal to justice is a good thing. However, nothing exists to prevent its abuse especially when the person in power has an authoritarian agenda. So until then, I’d say no to all forms of deliberate encryption backdoors and I wish all tech companies sayto government officials demanding to spy on a person or even a country. 

 

Law abiding citizens and criminals breathe the same air, so is encryption. 

 

Hm... thought trucrypt is safe. Maybe forks aren't safe anymore....

[Dash Lambda]

30 minutes ago, Sooneung said:

-snip-

Let me ask you this: What are you storing?

No matter who you are, no matter how careful you are, accidents happen. I made the house analogy for a reason: Would you rather make it a bit less secure or lose it and everything in it if you screw up with one little key?

 

Some stuff it's better to have vulnerable than inaccessible, some stuff it's better to have inaccessible than vulnerable. Most people aren't banks, governments, medical centers, or the likes, so it's a bit excessive to say they shouldn't have a last-ditch recovery option for their data.

 

Another important point was hardware access. It's generally understood in cybersecurty that, once they have hardware access, all bets are off. So I don't generally see a problem with data recovery ports on motherboards and stuff like that.

[bowrilla]

Every backdoor is a potential leak. If the government can make use of it so can attackers. There's no universal key that only the government can have and no one else. That's not possible. The moment you build in a backdoor your security is gone and your encryption is obsolete. The more people you have to trust the worse. That's why end to end encryption is the only secure way of communication. Only having encryption between you and the server isn't worth a dime. The company can get hacked assuming they're not already selling your information. 

[bowrilla]

4 minutes ago, Dash Lambda said:

Let me ask you this: What are you storing?

No matter who you are, no matter how careful you are, accidents happen. I made the house analogy for a reason: Would you rather make it a bit less secure or lose it and everything in it if you screw up with one little key?

 

Some stuff it's better to have vulnerable than inaccessible, some stuff it's better to have inaccessible than vulnerable. Most people aren't banks, governments, medical centers, or the likes, so it's a bit excessive to say they shouldn't have a last-ditch recovery option for their data.

 

Another important point was hardware access. It's generally understood in cybersecurty that, once they have hardware access, all bets are off. So I don't generally see a problem with data recovery ports on motherboards and stuff like that.

Just get a password manager or print out your keys and store them in a safe. It's your responsibility. If you don't care about compromised security, why encrypt your data in the first place?

[Dash Lambda]

2 minutes ago, bowrilla said:

If you don't care about compromised security, why encrypt your data in the first place?

Because, while I would rather not have my data just up for grabs, I also honestly don't expect anyone else to value my data so much that they find me, steal my machine, tear it apart, and go through a tedious recovery process to get it. If they do, then... Well, I'd honestly be more concerned for their sanity than intentions.

 

You're making an all-or-nothing argument. Not everyone can live with a bead curtain in place of a front door and not everyone needs a 10-ton bank vault door between them and their neighbors.

And, really, nothing is perfect: No form of security makes it impossible to be compromised, just harder. An encrypted drive with a hardware failsafe recovery port is more secure than an unencrypted drive, an encrypted drive without a recovery port is even more secure, and one that burns itself when it detects intrusions is yet more secure.

 

So I ask you as well: What are you storing?

[Sooneung]

1 hour ago, Dash Lambda said:

Because, while I would rather not have my data just up for grabs, I also honestly don't expect anyone else to value my data so much that they find me, steal my machine, tear it apart, and go through a tedious recovery process to get it. If they do, then... Well, I'd honestly be more concerned for their sanity than intentions.

 

You're making an all-or-nothing argument. Not everyone can live with a bead curtain in place of a front door and not everyone needs a 10-ton bank vault door between them and their neighbors.

And, really, nothing is perfect: No form of security makes it impossible to be compromised, just harder. An encrypted drive with a hardware failsafe recovery port is more secure than an unencrypted drive, an encrypted drive without a recovery port is even more secure, and one that burns itself when it detects intrusions is yet more secure.

 

So I ask you as well: What are you storing?

For normal people, standard encryption WOULD be enough. Personal photos, videos etc. Afterall, who cares about my family photos anyway? But you don't use your external drives for only that purpose. You could be carrying some company's  top secret documents. (In this case, most of companies provide their own encryption method to secure their properties, though) You could be carrying some exgirlfriend pictures. Even some nasty videos you don't want to be known in public. Whatever it is, I think you should use decent encryption. Store your recovery keys somewhere safe. The flexiblility is up to your key management. That's what sould be controlled, not the backdoors.

The moment you enable backdoors, that ata are no longer protected. You mentioned server security. Google and facebook has THE MOST SECURE INFRASTRUCTURE in the world. But it is the BACKDOOR or SECURITY HOLES that's leaking the personal informations and make up the headlines.

The possibilities of cracking in should be removed as much as possible. If you want flexible security, than store your keys and backupkeys in multiple locations. Store it on your phone, cloud, stucky notes, whiteboard, you name it. It is up to them. Purpose of recovery keys is to make your life bit more easier when you loose password. You shouldn't compromise the security and make it easier to break into your data. No matter what you are storing, this should be clear.

Hardwhere compromise. Sure. This is big thing. Than shut it down. No one except for goverment won't be able to extract password from your ram. Encrypt your hard drive. Enforce selinux. Disable recovery pins. There's so much things you could do to make your data more secure.

[kirashi]

10 hours ago, Sooneung said:

Long story short, do you guys prefer an external drive which has an backdoor to recover your data?

(Remember no recovery keys. Software does it for you without authentication.)

Plz share your thoughts. I am really pissed off for being despised by random guy on internet.

Any form of encryption or security with a backdoor is not actually encrypted or Secure by Design™ at all. Or in other words, I do not want to use a service or product with a backdoor option, period. Properly setup recovery methods consisting of multiple pieces of information that only I know or have access to is fine, since it still requires the user (or attacker) to fork over information to recover their account.

 

Recovery methods are no different than choosing a hiding spot for a spare key to your house - the only difference is that a user can choose to enable or disable the use and complexity of a recovery method, where as they cannot choose to remove the backdoor from a system they don't control.

[Sooneung]

11 minutes ago, kirashi said:

Any form of encryption or security with a backdoor is not actually encrypted or Secure by Design™ at all. Or in other words, I do not want to use a service or product with a backdoor option, period. Properly setup recovery methods consisting of multiple pieces of information that only I know or have access to is fine, since it still requires the user (or attacker) to fork over information to recover their account.

 

Recovery methods are no different than choosing a hiding spot for a spare key to your house - the only difference is that a user can choose to enable or disable the use and complexity of a recovery method, where as they cannot choose to remove the backdoor from a system they don't control.

This is what I think. Key management should be the only way to controll complexness of security or recovery process. No backdoors should be enabled. We can't really do much about unintended backdoors (or securoty holes). Instead, we should take a deep look of codes and improve security as fast as possible.

[EPENEX]

It really depends what you're securing and who you're securing it from.

[bowrilla]

10 hours ago, Dash Lambda said:

Because, while I would rather not have my data just up for grabs, I also honestly don't expect anyone else to value my data so much that they find me, steal my machine, tear it apart, and go through a tedious recovery process to get it. If they do, then... Well, I'd honestly be more concerned for their sanity than intentions.

 

You're making an all-or-nothing argument. Not everyone can live with a bead curtain in place of a front door and not everyone needs a 10-ton bank vault door between them and their neighbors.

And, really, nothing is perfect: No form of security makes it impossible to be compromised, just harder. An encrypted drive with a hardware failsafe recovery port is more secure than an unencrypted drive, an encrypted drive without a recovery port is even more secure, and one that burns itself when it detects intrusions is yet more secure.

 

So I ask you as well: What are you storing?

But it is potentially up for grabs if you build in a backdoor. Do you actually believe that this backdoor can be secured in a way that leaks aren't possible? If the government or a company can have access to your data bypassing encryption then this backdoor won't stay a secret for long and then everyone can have access. A fitting analogy would be to hide a spare key in case you forget or loose yours outside around your house in a secret location. Do you really think people trying to get in won't know where to look? People aren't that creative. That's why like 9/10 passwords people come up with are bad.

 

Just save your recovery keys in a place you can have access to in case you need them. Print the stuff out and put it in a deposit box or a safe in your house. This is a fair tradeoff since it requires attackers to physically have access to that stuff. 

 

You may think your data isn't important but then you're missing the point: 

a) if you know enough details about a person you can steal their identity. You might think of yourself as a low priority target but you're mistaken: the average joe is pretty interesting for identity theft.

b) your attitude is pointing attackers exactly where to look. If everything is heavily encrypted it's hard to tell what's relevant and what's not. If you're only securing the out most important stuff your basically putting up a big red sign saying "attention, look right here, sensitive information available". This is potentially dangerous for your own data and it undermines the political position that tries to keep strong encryption available for everyone. Following your point of view you're making it easy for governments to pinpoint suspicious people since they're using heavy encryption. This might ultimately lead to laws prohibiting the use of strong encryption altogether. 

 

Your data is more valuable to companies than what you have in your bank account. 

[Sauron]

15 hours ago, Dash Lambda said:

I think of it like this:

Let's say you have a house. Your house has a key that allows you to lock it. Now let's say you lost or damaged that key.

Some people keep a spare key under the welcome mat, in a potted plant, in a lawn light, something like that -Often in a place that most people wouldn't look. That allows them to access their house even when they lost their key, as they have a backup. It introduces a security flaw, but it lets you use your house.

If you don't have a hidden key, then you can call a locksmith. The locksmith will come out and break through your security for you, usually in a few minutes to a couple hours with the aid of special tools. This eliminates the glaring security flaws from having keys laying around, but it does mean someone must be able to get through your security pretty easily anyway.

Now imagine it would take the locksmith several million years to get you into your house, and your only other option was to burn it to the ground and start over.

 

Back doors aren't always flaws, it just depends on the intention. A back door that requires intimate hardware access and is made for the user or a technician to recover data in the event of a failure is generally fine (outside of very exceptional situations), but a back door that's exposed to the network whose purpose is to circumvent the user's authority (didn't Google randomly change a setting on most Android phones a little while ago?) is counterproductive and dangerous.

 

Those are just my thoughts, though.

The only problem is that you can't have a backdoor on demand with encryption. The algorithm either has a backdoor, or it doesn't, and if it does everyone using it has that backdoor whether they like it or not. The equivalent to having a key under your doormat is to have your password written down somewhere, and if you have sensitive data you should always have a backup, preferably with a different key so you have a better change of recalling at least one.

 

So yeah, the solution to the problem you mention isn't a backdoor in encryption.

[wasab]

It's called password duh. 

[LAwLz]

23 hours ago, Dash Lambda said:

I think of it like this:

Let's say you have a house. Your house has a key that allows you to lock it. Now let's say you lost or damaged that key.

Some people keep a spare key under the welcome mat, in a potted plant, in a lawn light, something like that -Often in a place that most people wouldn't look. That allows them to access their house even when they lost their key, as they have a backup. It introduces a security flaw, but it lets you use your house. 

If you don't have a hidden key, then you can call a locksmith. The locksmith will come out and break through your security for you, usually in a few minutes to a couple hours with the aid of special tools. This eliminates the glaring security flaws from having keys laying around, but it does mean someone must be able to get through your security pretty easily anyway. 

Now imagine it would take the locksmith several million years to get you into your house, and your only other option was to burn it to the ground and start over. 

 

Back doors aren't always flaws, it just depends on the intention. A back door that requires intimate hardware access and is made for the user or a technician to recover data in the event of a failure is generally fine (outside of very exceptional situations), but a back door that's exposed to the network whose purpose is to circumvent the user's authority (didn't Google randomly change a setting on most Android phones a little while ago?) is counterproductive and dangerous. 

 

Those are just my thoughts, though.

You can't really compare software backdoors to leaving a key under your doormat.

 

A software backdoor would be more like the lock maker secretly wiring the lock to the doorbell. Press the doorbell 5 times quickly and the lock unlocks itself, and it was the same for all locks from that maker. As soon as someone discovers that "trick", your lock essentially becomes useless because any thief can just walk up, press the doorbell 5 times and then walk in as if the lock didn't exist to begin with.

 

Would you willingly buy a lock with that "feature"? I am pretty sure that if news broke that for example ASSA Abloys' locks could be unlocked by just pressing the doorbell then they would lose a lot of business.

[Speed Weed]

Nope, not me. 

[Mira Yurizaki]

21 hours ago, Dash Lambda said:

Another important point was hardware access. It's generally understood in cybersecurty that, once they have hardware access, all bets are off. So I don't generally see a problem with data recovery ports on motherboards and stuff like that.

Preventing direct or physical access to the hardware is the first or second line of defense, not the last line of defense.

 

You may as well say "don't bother encrypting your portable drive, just make sure it's physically secure."