Re: [Fed-Talk] Filevault, Disk Encrypted Images, cracked with a utility
Re: [Fed-Talk] Filevault, Disk Encrypted Images, cracked with a utility
- Subject: Re: [Fed-Talk] Filevault, Disk Encrypted Images, cracked with a utility
- From: Dave Schroeder <email@hidden>
- Date: Fri, 27 Apr 2007 12:37:01 -0500
The ONLY instance you can be absolutely certain anything doesn't have
a backdoor is if it's completely open source, and you inspect and
understand the code yourself (or as part of a community, etc.)
This has nothing to do with whether an encryption solution originates
from inside or outside of US borders. The NSA and other entities have
long talked about master key escrow and all sorts of things. That
doesn't mean that US companies build backdoors into their products,
or that you can assume they do if a vendor doesn't explicitly say
they don't. And, even if they said they didn't, why would you believe
them? How would Apple saying "there are no backdoors in FileVault"
change anything? Can you inspect the code? Can you prove it? How do
you know the closed source solution you got from an eastern European
security outfit hasn't put in backdoors or passing information off to
the Russian FSB?
This has nothing to do with US versus non-US. If anything, it's an
open- vs closed-source argument. What Apple says or doesn't say about
FileVault is irrelevant, because ultimately, it can't be verified
(unless, of course, someone finds or confirms a working backdoor).
- Dave
On Apr 27, 2007, at 12:01 PM, Michael Pike wrote:
This particular instance may not be fed-pressure related... but you
cannot tell me that fed doesn't pressure encryption companies...
remember when PGP came out?
About a month ago I posed a question on Fedtalk to Apple:
"Are there any backdoors in Apple's encryption mechanism?"
People from Apple responded... yes they did, but nobody said "There is
no backdoor."
On 4/27/07, Dave Schroeder <email@hidden> wrote:
On Apr 27, 2007, at 11:26 AM, Michael Pike wrote:
> That is exactly why I buy all of my encryption stuff from NON-US
> companies that are not under the same pressures that some of these
> obvious ones are.
>
> Un-f'in-believable.
This isn't possible because of any US governmental influence. This is
possible because of the way Mac OS X is architected (also itself not
because of US governmental influence).
Prudence (and even paranoia, if you're so included) is fine. But I'm
sorry to say that it's not because of the US government that this is
possible.
- Dave
--
Michael Pike
iChat/AIM: email@hidden
Jabber / GoogleTalk: email@hidden
Windows Live Messenger: email@hidden
Yahoo Messenger: email@hidden
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden