undefined | Better HN

0 pointscesarb2y ago0 comments

> but a perfectly plausible scenario would be the NSA putting the backdoor in with an ostensibly Chinese login and then activating on machines hosted and controlled by people outside of the US.

There's a term for that: NOBUS (https://en.wikipedia.org/wiki/NOBUS). It won't surprise me at all if this backdoor can only be exploited if the attacker has the private key corresponding to a public key contained in the injected code. It also won't surprise me if this private key ends up being stolen by someone else, and used against its original owner.

0 comments

jonathankoren2y ago

>It also won't surprise me if this private key ends up being stolen by someone else, and used against its original owner.

And that is exactly why backdoored encryption is bad.

j / k navigate · click thread line to collapse

0 comments

jonathankoren2y ago

>It also won't surprise me if this private key ends up being stolen by someone else, and used against its original owner.

And that is exactly why backdoored encryption is bad.

j / k navigate · click thread line to collapse