• DocMcStuffin@lemmy.world
    link
    fedilink
    arrow-up
    6
    ·
    1 year ago

    Not a backdoor. A backdoor is when there’s a secret key or method that’s deliberately builtin to sidestep the encryption.

    Instead, they created an encryption algorithm that only used 32 bits for the cypher key. That was a design choice to comply with the Arms Export Control Act back when encryption was considered a munition. This is roughly equivalent to putting a really crappy lock on your front door. Anyone with the proper skillset can get past it.

    The real problems are:

    1. They used a proprietary encryption algorithm: TEA1. This is highly frowned upon because an algorithm needs to be tested repeatedly by experts in the field to prove its worth. Or as they say, don’t roll your own because you WILL mess up.

    2. The hid the algorithm from scrutiny using a non-disclosure agreement. This was basically security through obscurity. There were people that knew it was broken but let it fly under the radar.

    3. They continued to use a broken algorithm when it should have been deprecated over 20 years ago then left out of future products.

    4. It’s all implemented on a bunch of hardware that can’t easily be upgraded.