6.2 Merge window, part 1 [LWN.net]

6.2 Merge window, part 1

Posted Dec 18, 2022 2:10 UTC (Sun) by anselm (subscriber, #2796)
In reply to: 6.2 Merge window, part 1 by wsy
Parent article: 6.2 Merge window, part 1

So the gov can easily decrypt your communication while you have no plausible deniability. This is crazy. I doubt any sane person will trust those ciphers seeing this dual-cert system.

Yes, but that approach would work with any asymmetric cryptosystem (such as RSA). It doesn't indicate a weakness in the actual ciphers used in China. On the contrary, if the ciphers themselves were in fact backdoored, the Chinese government wouldn't even need to go through this elaborate “dual-certificate” song-and-dance routine in the first place.

to post comments

6.2 Merge window, part 1

Posted Dec 19, 2022 11:48 UTC (Mon) by k3ninho (subscriber, #50375) [Link] (1 responses)

I have no way to assess the likelihood of the following, but there is an avenue where both flaws exist and the song-and-dance over certificates and public keys is a distraction from an exploitable flaw in the algorithm used.

K3n.

6.2 Merge window, part 1

Posted Dec 23, 2022 7:25 UTC (Fri) by anton (subscriber, #25547) [Link]

That is certainly a possibility. The British planted stories of spies to cover up the existence of Ultra (their successful cryptanalysis).

OTOH, the PRC government may just want their own cypher for fear of an NSA backdoor in cyphers coming from elsewhere.