No Backdoor in Vista 269
mytrip wrote to mention a C|Net article stating that Vista will not have a security backdoor after all. From the article: "'The suggestion is that we are working with governments to create a back door so that they can always access BitLocker-encrypted data,' Niels Ferguson, a developer and cryptographer at Microsoft, wrote Thursday on a corporate blog. 'Over my dead body,' he wrote in his post titled Back-door nonsense."
Re:is it possible to have no backdoors? (Score:2, Informative)
Wikipedia agrees, apparently. http://en.wikipedia.org/wiki/Backdoor [wikipedia.org]
Re:Credibility (Score:4, Informative)
Here's what he actually wrote:
I love the backdoor in MacOS X - it has its use (Score:5, Informative)
Dw.
Ad *) Or manually
Details (Score:5, Informative)
Re:You're right! (Score:3, Informative)
Or in the case of OSS you can take the word of the hundreds of developers who want to audit the code themselves (and for something this important, there'll be hundreds of them), where it only takes one person to throw a red flag on bugtraq, and suddenly there's thousands if not tens of thousands of them looking over this code.
Also you could, if you had an especially vested interest, hire some developers to look over it. Say, perhaps, several independant parties including overseas operations. This is a lot better option than the closed source model where you're pretty much limited to decompiling the code (illegal here in these U.S, and still very hard for even a seasoned developer to figure out) or simply trusting the word of this one guy who maybe didn't notice the back door already present, or simply wasn't motivated to look very hard, or maybe has a family member being threatened in some way by the NSA, who knows.
Source code is no panacea here (Score:3, Informative)
Gnupg is open source, so you can verify there are no backdoors
Yes, absolutely. If you're going to use encryption semi-seriously or even professionally, you have no choice but to use open source crypto libraries and apps!
But source code alone is no panacea here: you (or anyone skilled enough -- a.k.a. the community) could discover obvious backdoors, but what about backdoors in some crypto algorithms themselves? Having the source code for this won't help you much. Nothing could really prevent the NSA [nsa.gov] from working with a crypto implementer to slightly weaken an algorithm, so they could decrypt stuff with less effort than usual. Unless you were a very talented cryptographer, you won't notice the difference.
Re:What else would he say? (Score:3, Informative)
Do you even know what BitLocker is? It's full drive encryption - basically they encrypt all the data on the hard disk using a key in the TPM.
It's not about DRM, and can't be used for DRM.
DRM's about ensuring that you can't INTENTIONALLY give your data to someone else. BitLocker is about ensuring that you can't ACCIDENTALLY give your data to someone else.
On a BitLocker encrypted system, if you can boot the system, you can access your hard disk without any difficulties whatsoever.
BitLocker is all about making sure that if you accidentally leave your laptop in the back seat of a cab, the bad guys can't get at the data on the hard disk.
Which, in turn can save your company millions of dollars in fines if the data on your laptop happens to contain customer data.
Re:Why would they wait? (Score:2, Informative)
How often do you check that keyboard cable of yours, by the way?
Re:I love the backdoor in MacOS X - it has its use (Score:3, Informative)
http://www.apple.com/macosx/features/filevault/ [apple.com]