The Reality of Key Escrow

Back in 2000 PGP, a mature and capable company with significant experience in encryption and security, decided that it would be a good idea to provide key escrow for its corporate users.

It did not, of course, end well.

The feature ended up making all PGP keys vulnerable. Here's a thread describing the bug. If you read through the posts, you'll see that the problem was that a programmer essentially neglected to check a return value. Also notice how easy the vulnerability is for anyone to exploit. Once again we have confirmation that security is hideously hard to get right.

This was supposed to be a benign feature that Network Associates—owner of PGP—added to assist with key recovery. The result was a devastating, unfixable bug that could only be eliminated by retiring two versions of PGP. What possible reason is there to believe that a government mandated key escrow would do any better?

This entry was posted in General and tagged , . Bookmark the permalink.
  • Nagora

    Yeah, but the government would only employ *experts*. What they might be experts in, of course, may not be immediately apparent.

    • jcs

      Would that be the same experts who had never heard of NAND copying? Oh, wait: that was just a "fib." Yeah, you're right, no reason to worry.