|
|
Log in / Subscribe / Register

6.2 Merge window, part 1

6.2 Merge window, part 1

Posted Dec 16, 2022 4:37 UTC (Fri) by wsy (subscriber, #121706)
In reply to: 6.2 Merge window, part 1 by willy
Parent article: 6.2 Merge window, part 1

I say this because as a Chinese I know how our gov works. They are control freaks.

The PKI standards built upon these cipher suites are called 双证书体系 or Dual-Certificate System. A user has to use saparate key pairs for encryption and signature. The encryption cert private key is issued by the key authority. The signature cert private key is generated by yourself and signed by the CA like a normal certificate.

So the gov can easily decrypt your communication while you have no plausible deniability. This is crazy. I doubt any sane person will trust those ciphers seeing this dual-cert system.

to post comments

6.2 Merge window, part 1

Posted Dec 16, 2022 6:33 UTC (Fri) by uudiin (guest, #131856) [Link]

Dual-certificate design, or TLCP can sniff traffic content, but this can only be done on the premise of having a key, which does not mean that the SM2/3/4 algorithm itself is flawed, and there is currently no evidence that the algorithm itself it is not safe. of course, a dual-certificate system like TLCP will never be introduced into community software.

6.2 Merge window, part 1

Posted Dec 18, 2022 2:10 UTC (Sun) by anselm (subscriber, #2796) [Link] (2 responses)

So the gov can easily decrypt your communication while you have no plausible deniability. This is crazy. I doubt any sane person will trust those ciphers seeing this dual-cert system.

Yes, but that approach would work with any asymmetric cryptosystem (such as RSA). It doesn't indicate a weakness in the actual ciphers used in China. On the contrary, if the ciphers themselves were in fact backdoored, the Chinese government wouldn't even need to go through this elaborate “dual-certificate” song-and-dance routine in the first place.

6.2 Merge window, part 1

Posted Dec 19, 2022 11:48 UTC (Mon) by k3ninho (subscriber, #50375) [Link] (1 responses)

I have no way to assess the likelihood of the following, but there is an avenue where both flaws exist and the song-and-dance over certificates and public keys is a distraction from an exploitable flaw in the algorithm used.

K3n.

6.2 Merge window, part 1

Posted Dec 23, 2022 7:25 UTC (Fri) by anton (subscriber, #25547) [Link]

That is certainly a possibility. The British planted stories of spies to cover up the existence of Ultra (their successful cryptanalysis).

OTOH, the PRC government may just want their own cypher for fear of an NSA backdoor in cyphers coming from elsewhere.

6.2 Merge window, part 1

Posted Dec 22, 2022 18:05 UTC (Thu) by flussence (guest, #85566) [Link]

That sounds familiar. I don't remember where I saw it (LibreSSL dev blog?) but there was a version of AES that took four keys and did... *something* with them.

Don't overestimate people's sanity. After all, OpenSSL is still in use a decade later for some reason.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds