Is it possible to have an encryption algorithm/implementation that has a \"backd

Question

Is it possible to have an encryption algorithm/implementation that has a "backdoor", that also wouldn't introduce flaws into the encryption?

For instance, if you have a master password, once that gets leaked that person now has access to anyone's account.

Would it be possible to have TWO passwords work to decrypt: One for the authorities, and one for the user? That doesn't sound very secure, as now maybe collision are far more likely.

Then, there's also the issue of if that password given to the authorities will be secured (e.g. maybe they keep it in a excel spreadsheet in their gmail account)

Explanation / Answer

To your first question, no, the backdoor is a flaw in the encryption. Think about Kerchkoff's Principle: a system must remain secure, even if everything about the system is known except the key. A backdoor would be revealed by examination of the system.

However your second clarification is talking about the concept of key escrow. I may have my secret key, but the company also has a secret key. Either one can decrypt the message. Those are common, and supported in various security packages.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.