Encryption and the "Golden Key"

By Paul Rosenzweig
Thursday, August 11, 2016, 10:48 AM

The encryption debate seems to have died down for now. But events have a way of intruding. As the Hill reports: "Researchers who uncovered a security key that protects Windows devices as they boot up say their discovery is proof that encryption backdoors do not work. The pair of researchers, credited by their hacker nicknames MY123 and Slipstream, found the cryptographic key protecting a feature called Secure Boot. They believe the discovery highlights a problem with requests law enforcement officials have made for technology companies to provide police with some form of access to otherwise virtually unbreakable encryption that might be used by criminals." More details are also here and here. As the Ars Technica report puts it: "Microsoft has inadvertently demonstrated the intrinsic security problem of including a universal backdoor in its software after it accidentally leaked its so-called "golden key"—which allows users to unlock any device that's supposedly protected by Secure Boot, such as phones and tablets."

I tend to agree -- the question isn't whether a key is feasible (it is, obviously) but whether or not it can be kept secure in a way that makes it available only for "good" purposes ....