undefined | Better HN

0 pointsKarunamon12y ago0 comments

Sad but true - Given Microsoft's all-too-eager cooperation with the TLA's, any encryption product they pack with the OS is immediately suspect.

That doesn't just apply to Microsoft. I wouldn't trust FileVault on Apple or Red Hat's implementation of LUKS either.

0 comments

7 comments · 1 top-level

tptacek12y ago· 6 in thread

What's the closest thing to a fact you can supply about Red Hat, Apple, or Microsoft subverting FDE software on behalf of any world government?

KarunamonOP12y ago

It's not that they subvert FDE in a provable manner (indeed, the manner of such a subversion would make it almost impossible to prove anyways..), it's that they eagerly cooperate with certain agencies. Microsoft is documented to have given zero-days to government agencies before patching them.

They may or may not be subverted, but why take the risk when you can use something that has a greatly reduced chance of that risk and works cross-platform?

tobylane12y ago

>[Apple & Red Hat] eagerly cooperate with certain agencies

Last I heard on Apple was that their system is perfect, as long as they don't add another key to your iMessages which you'd never know of. So not perfect, but only if you are chosen to be inspected. It can't be part of a dragnet collection unlike say https if the NSA have the private key.

For Red Hat the best I can find in your favour is that some of them have NDAs on their conversations with the NSA.

mpyne12y ago

My SSBN used at least two separate subsystems running Red Hat-based servers as a part of their functionality. Yet another separate system used X11. Thanks, FOSS devs! :)

pessimizer12y ago

We won't be given any of those until 2035. Isn't it always 20 or so years later unless you get a Snowden?

belorn12y ago

When ever there have been a dispute regarding export control of crypto and microsoft, they have opted to exclude encryption or use something like DES with low keysize. Microsoft has also sold exploit tools for windows, which is serious regardless if FDE software was one of the exploits targets.

So, given their history, has they done anything to actually earn our trust?

tptacek12y ago

What are you talking about? Microsoft doesn't source even an appreciable fraction of the exploits for exploitable bugs in Microsoft products. There is a 9-figure business in reversing WinAPI software, discovering vulnerabilities in it, and weaponizing them with exploit code. Microsoft is a bystander to that industry.

2 more replies

j / k navigate · click thread line to collapse