Hacker News new | past | comments | ask | show | jobs | submit login

> I can't think of a great solution to this problem.

The mentioned government agencies have the "NOBUS" belief: that the concept of "NObody But US" (having access to the "keys to the secrets") works.

This article is just one of a many good examples that it doesn't.

What could work are just the systems which are secure without any exceptions. Which is hard to achieve when enough powerful influences (most often directly or indirectly tax funded, even if not explicitly government organizations) do all they can to make that not happening. It's then easier than it appears to be to achieve the goals of nobody having an access to a really secure system.

An example:

https://en.wikipedia.org/wiki/Dual_EC_DRBG

"In September 2013, The New York Times reported that internal NSA memos leaked by Edward Snowden indicated that the NSA had worked during the standardization process to eventually become the sole editor of the Dual_EC_DRBG standard,[7] and concluded that the Dual_EC_DRBG standard did indeed contain a backdoor for the NSA.[8] As response, NIST stated that "NIST would not deliberately weaken a cryptographic standard."[9] According to the New York Times story, the NSA spends $250 million per year to insert backdoors in software and hardware as part of the Bullrun program.[10]"




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: