Comments on: India threatening to shutdown RIM’s BlackBerry service http://www.intomobile.com/2008/03/12/india-threatening-to-shutdown-rims-blackberry-service.html Cell Phone News, Information, and Analysis Tue, 24 Nov 2009 08:11:30 -0600 http://wordpress.org/?v=abc hourly 1 By: Allen http://www.intomobile.com/2008/03/12/india-threatening-to-shutdown-rims-blackberry-service.html/comment-page-1/#comment-172995 Allen Thu, 13 Mar 2008 07:43:33 +0000 http://www.intomobile.com/2008/03/12/india-threatening-to-shutdown-rims-blackberry-service.html#comment-172995 most encryption algorithms public knowledge, so asking for the encryption algorithms makes absolutely no sense, since it is public knowledge how to encrypt and decrypt data, the problem is, that you can't decrypt in a suitable amount of time without the private encryption keys, which RIM has, but giving those out defeats the purpose of the entire encryption process for all users. Unless it designates specific public keys for Indian specific devices, and hands over the private keys to the Indian govermnent, and makes sure no other devices world wide would use these keys, could I see a resolution in this manner. Either way, if an Indian BlackBerry was communicating with someone outside the country the government would only be able to decrypt 1/2 the conversation. Also handing over private encryption keys makes it possible to man in the middle attacks with people from outside the country, you wouldn't be guaranteed you were talking to that person in India, it could be someone from the government. Handing the keys over would go against the purpose of security. But they could easily hand over all algorithms, they use and not give them the keys, if that is all they asked for, since without the keys, you could know exactly how the BlackBerry encrypts and decyrpts its data, but would still take you years to decrypt it without those private keys. most encryption algorithms public knowledge, so asking for the encryption algorithms makes absolutely no sense, since it is public knowledge how to encrypt and decrypt data, the problem is, that you can’t decrypt in a suitable amount of time without the private encryption keys, which RIM has, but giving those out defeats the purpose of the entire encryption process for all users.

Unless it designates specific public keys for Indian specific devices, and hands over the private keys to the Indian govermnent, and makes sure no other devices world wide would use these keys, could I see a resolution in this manner.

Either way, if an Indian BlackBerry was communicating with someone outside the country the government would only be able to decrypt 1/2 the conversation.

Also handing over private encryption keys makes it possible to man in the middle attacks with people from outside the country, you wouldn’t be guaranteed you were talking to that person in India, it could be someone from the government.

Handing the keys over would go against the purpose of security. But they could easily hand over all algorithms, they use and not give them the keys, if that is all they asked for, since without the keys, you could know exactly how the BlackBerry encrypts and decyrpts its data, but would still take you years to decrypt it without those private keys.

]]>