There has been a debate going on for quite a while as to whether or not companies should implement backdoors into their encryption. While there are many valid points from both sides, backdoors would cause more problems than they solve.

关于公司是否应该在其加密中实现后门程序，已经有一段时间的辩论了。 尽管双方都有很多有效的论点，但后门所带来的问题将超出其解决的范围。

什么是加密后门？ (What Are Encryption Backdoors?)

Simply put, encryption backdoors are a way to break encryption without knowing the password. A good analogy is to think of encryption like a lock to your door. Only people with the key, such as you and a trusted neighbor, can unlock the door. Sure, you could just break down the door, but that would require a significant amount of effort. The equivalent of that for encryption is a brute force attack, which just tries all possible keys. A backdoor in encryption would be similar to designing the lock with a method to open the lock without your key. Similar to encryption, the exploit must be built into the lock in order to be exploited later.

简而言之，加密后门是一种不知道密码就可以破坏加密的方法。 一个很好的类比是将加密视为锁住您的门。 只有拥有钥匙的人(例如您和受信任的邻居)才能打开门。 当然，您可以关门，但那需要大量的精力。 等同于加密的攻击是蛮力攻击，它只尝试所有可能的密钥。 加密的后门类似于设计锁而无需钥匙即可打开锁的方法。 与加密类似，漏洞利用程序必须内置在锁中，以便以后被利用。

听起来很糟糕！ (That Sounds Terrible!)

My argument is that it is, but it’s important to know the other side of the debate as well. One of the more influential proponents for backdoors is the US government. Their argument is that encryption as it currently stands prevents the government from accessing crucial data in investigations. Many people use messaging apps that implement something called end-to-end encryption. This encryption basically only allows the sender and recipient to decrypt the message, and no one else can. While it keeps our data secure from hackers, it also keeps the government out from messages between terrorists, for example. In those cases, if there was a backdoor, the government could simply decrypt the messages themselves, or ask the company behind the app to do so. The latter approach can, and is, already used for non-end-to-end encrypted data, such as certain iCloud data:

我的观点是这样，但也必须了解辩论的另一面，这一点很重要。 后门方面更具影响力的支持者之一是美国政府。 他们的论点是，目前的加密阻止了政府在调查中访问关键数据。 许多人使用实现端到端加密的消息传递应用程序。 这种加密基本上只允许发送者和接收者解密消息，而其他任何人都不能。 例如，虽然它可以防止黑客窃取我们的数据，但也可以使政府远离恐怖分子之间的信息。 在这种情况下，如果存在后门，政府可以自己简单地解密消息，或者要求应用程序背后的公司进行解密。 后一种方法可以并且已经用于非端到端的加密数据，例如某些iCloud数据：

In meetings with the agency, FBI officials told Apple that the plan [to implement end-to-end encryption] would harm its investigations. The FBI and other law enforcement bodies regularly ask Apple to decrypt iCloud data, and in the first half of 2019, they requested access to thousands of accounts. Apple says it complies with 90 percent of such requests. — The Verge

在与该机构的会议中，联邦调查局官员告诉苹果公司，[实施端到端加密的计划]将损害其调查。 联邦调查局和其他执法机构定期要求苹果解密iCloud数据，并在2019年上半年要求访问数千个帐户。 苹果表示符合90％的此类要求。 — 边缘

如何实现加密后门 (How Encryption Backdoors Can Be Implemented)

There are many ways out there to implement encryption backdoors, some of which are better than others. For the sake of this post, I’ll just mention two: one which is the easiest to implement, and the other which was actually attempted by the US government.

有很多方法可以实现加密后门，其中一些方法比其他方法更好。 为了这篇文章的缘故，我仅提及两个：一个是最容易实现的，另一个实际上是美国政府尝试的。

万能钥匙 (Skeleton Keys)

One of the easier ways to implement an encryption backdoor is to just encrypt everything twice; once with the user’s key, and the other with a skeleton key. The skeleton key can be built into the app using it, or requested from elsewhere each time something is encrypted. Whenever a need arises to decrypt something, the company simply uses their skeleton key to access the data in question.

实施加密后门的一种更简单的方法是对所有内容进行两次加密。 一次使用用户密钥，另一次使用万能钥匙。 万能密钥可以使用它内置到应用程序中，也可以在每次加密时从其他地方请求。 每当需要解密某些内容时，该公司只需使用其万能钥匙即可访问有问题的数据。

The biggest problem with this implementation is also its strength. Although companies can easily use the skeleton key, anyone else also can. The security of the encryption now relies on how well the company can keep their key secret. As soon as they key is leaked or discovered, it’s game over; the encryption become worthless. This approach has the potential to jeopardize everyone’s data with just a single leak.

此实现的最大问题还在于它的强度。 尽管公司可以轻松使用万能钥匙，但其他任何人也可以。 加密的安全性现在取决于公司对密钥机密的保护程度。 他们的钥匙一旦泄漏或被发现，游戏就结束了； 加密变得一文不值。 这种方法仅一次泄漏就可能危害每个人的数据。

关键托管 (Key Escrow)

A step above a skeleton key is having a different skeleton key for each user. A step above that would be to have a different skeleton key for each piece of data sent. Both of these approaches would solve the issue of a universal skeleton key; the leak of a single key doesn’t compromise everything ever encrypted throughout the life of the key. At worst, the leak of a single key compromises a single user. Or, if a new key was generated for each piece of data, only a single piece of data could be compromised.

万能钥匙上方的一个步骤是为每个用户提供不同的万能钥匙。 上面的步骤是为每个发送的数据使用不同的框架密钥。 这两种方法都可以解决通用万能钥匙的问题。 单个密钥的泄漏不会影响密钥生命​​周期中加密过的所有内容。 最糟糕的是，单个密钥的泄漏会损害单个用户。 或者，如果为每个数据生成一个新密钥，则仅一个数据可能会受到威胁。

Securely sending keys to a third party is already possible with current technologies. All that needs to be done is establish a TLS session (similar to HTTPS), then send the keys over that session. Ideally, the server storing the keys would itself be encrypted as well. Of course, this also means that if a vulnerability is found in TLS, all of the keys can be recovered.

使用当前技术已经可以安全地将密钥发送给第三方。 所有需要做的就是建立一个TLS会话(类似于HTTPS)，然后通过该会话发送密钥。 理想情况下，存储密钥的服务器本身也会被加密。 当然，这也意味着，如果在TLS中发现漏洞，则可以恢复所有密钥。

Key escrow was already attempted by the US government in the form of the short-lived Clipper chip back in 1993. Basically, the chip allowed for calls to be encrypted with a key also held by the government. Should the government want to listen in to a call, they simply need to obtain the encryption key from themselves. Fortunately, there was a major backlash that stopped widespread use of the chip. Multiple vulnerabilities were also discovered with the chip, and it was discontinued three years later.

早在1993年，美国政府就已经尝试过使用短时Clipper芯片的形式来进行密钥托管。基本上，该芯片允许用政府也持有的密钥对呼叫进行加密。 如果政府想监听电话，他们只需要从自己那里获取加密密钥即可。 幸运的是，出现了重大反弹，阻止了该芯片的广泛使用。 该芯片还发现了多个漏洞，并在三年后终止。

后门影响每个人 (Backdoors Affect Everyone)

The most important thing to understand about encryption backdoor is that they effect everyone. Even through backdoors are usually only targeted at catching those who have done something wrong, it still applies to everyone. Therefore, the big question is whether or not the benefit of catching and prosecuting some people is worth the decrease in security to everyone else. And, to me, the answer is a big no.

关于加密后门，最重要的了解是它们会影响每个人。 即使通过后门通常仅是为了抓住那些做错了事的人，它仍然适用于每个人。 因此，最大的问题是，抓捕和起诉某些人的利益是否值得降低所有人的安全性。 而且，对我来说，答案是否定的。

Imagine that in your house, there were two doors: one for you, and one for the government. You have the key to your door, and the government has the key to theirs. If they obtain a search warrant, the government can search your house without you immediately knowing. And so could anyone who figures out the key to the government’s door. Or someone who breaks down the government’s door. Regardless of if you follow the law to the letter or not, you now have two doors to watch 24/7. Is the increased attack vector worth it?

想象一下，在您家中有两扇门：一扇为您，一扇为政府。 您拥有开门的钥匙，而政府则拥有他们的钥匙。 如果他们获得了搜查令，政府可以在您不知情的情况下搜查您的房屋。 弄清楚政府大门钥匙的人也可以。 或破坏政府大门的人。 无论您是否遵守法律，您现在都有两个门可以观看24/7。 增加的攻击向量值得吗？

您不知道何时有人使用另一扇门 (You Don’t Know When Someone Uses The Other Door)

With the two doors analogy, you’ll probably know if someone used the government’s door. But, things are different with encryption. For example, when you use a messaging app that uses end-to-end encryption, your messages may still be stored on their servers in encrypted form. As things currently on, that doesn’t matter because only you and the recipient of the message have the keys to decrypt it. However, if there was a backdoor, and the someone uses that backdoor, you’d have no way of knowing. Accountability is extremely important in these cases; without it, what’s stopping the government from extending warrants to those who speak out against it, and not just criminals? I’m not saying the government is inherently evil, but if no one knows who they’re keeping track of, things could get pretty bad very fast.

用两个门的类比，您可能会知道是否有人使用了政府的门。 但是，加密的情况有所不同。 例如，当您使用使用端到端加密的消息传递应用程序时，您的消息仍可能以加密形式存储在其服务器上。 就目前而言，这无关紧要，因为只有您和邮件的收件人才具有解密它的密钥。 但是，如果有后门，而有人使用该后门，则您将无从得知。 在这些情况下，责任制非常重要； 没有它，是什么阻止了政府向那些反对它的人而不是罪犯提供认股权证？ 我并不是说政府本质上是邪恶的，但是如果没人知道他们在跟踪谁，事情可能会很快变得非常糟糕。

Yes, the government can already request data from companies and tell them not to let you know, but you can limit the information companies know about you. If encryption backdoors become a requirement according to the law, there’s nothing you can do. Besides, people who don’t want the government to know what they’re doing can just build their own services that don’t comply with the law. In which case, it only affects those who follow the law in the first place, negating the main benefit of backdoors.

是的，政府已经可以要求公司提供数据，并告诉他们不要让您知道，但是您可以限制公司知道您的信息。 如果依法需要加密后门，则您无能为力。 此外，不希望政府知道自己在做什么的人只能建立自己的不符合法律的服务。 在这种情况下，它只会影响那些首先遵守法律的人，而否定了后门程序的主要好处。

Originally published at https://www.extrascrew.com on February 5, 2020.

最初于 2020年2月5日 在 https://www.extrascrew.com 上 发布 。