undefined | Better HN

0 pointsfungi7y ago0 comments

If it was a genuine "backdoor" why would you want use a publicly available key?

0 comments

4 comments · 2 top-level

MaulingMonkey7y ago· 2 in thread

Being the only keyholder reduces plausable deniability, so maybe.

RL_Quine7y ago

The private key is on the shipped devices, from my reading.

MaulingMonkey7y ago

Agreed.

I'm hypothesizing that you might do this, even with keys intended to be used as a back door, by shipping it on devices, you vastly increase the number of potential suspects for any backdoor abuse.

Continuing this train of thought - a hardcoded password is classic example of a backdoor, and just as "public" as including a private key.

anxman7y ago

This isn't a backdoor but it is a major vulnerability.

j / k navigate · click thread line to collapse