There’s the claim that backdoored systems are weaker. Agreed, but is this proof of that? The villain who changes Q is also capable of introducing a Q dependent backdoor. ScreenOS did not originally ship with any password backdoor, and yet there it was. That had absolutely nothing to do with any preexisting weakness.
There’s also the claim 1password’s security depends on encryption and not authentication. This is a good point as far as it goes, but there’s no discussion about how far it goes. I might wish for my bank account to be encrypted, but how would this impact things like autopay? As a blanket rule, “use encryption not authentication” seems to miss some of be reasons why people use auth in the first please. How do people comment on my Facebook posts if they’re encrypted?
What would it mean for ScreenOS to use encryption instead of authentication? What does a ScreenOS that cannot be backdoored look like?
I think these are good points, but the supporting argumentation is weak.
Ok, so I don’t disagree, but…
There’s the claim that backdoored systems are weaker. Agreed, but is this proof of that? The villain who changes Q is also capable of introducing a Q dependent backdoor. ScreenOS did not originally ship with any password backdoor, and yet there it was. That had absolutely nothing to do with any preexisting weakness.
There’s also the claim 1password’s security depends on encryption and not authentication. This is a good point as far as it goes, but there’s no discussion about how far it goes. I might wish for my bank account to be encrypted, but how would this impact things like autopay? As a blanket rule, “use encryption not authentication” seems to miss some of be reasons why people use auth in the first please. How do people comment on my Facebook posts if they’re encrypted?
What would it mean for ScreenOS to use encryption instead of authentication? What does a ScreenOS that cannot be backdoored look like?
I think these are good points, but the supporting argumentation is weak.