[liberationtech] Feds put heat on Web firms for master encryption keys
Florian Weimer
fw at deneb.enyo.de
Thu Jul 25 13:26:14 PDT 2013
> Google also declined to disclose whether it had received requests
> for encryption keys. But a spokesperson said the company has "never
> handed over keys" to the government,
Surely they have provided hard disk images containing key material to
aid government investigations related to themselves or their
employees? Certainly, the key material wouldn't be the focus of the
data sharing in such cases, but saying that it never happened is a bit
of a stretch.
But this pressure finally explains why Google would prefer ephemeral
DH (for perfect forward secrecy) with RC4 over AES without it:
<https://www.imperialviolet.org/2011/11/22/forwardsecret.html>
<https://www.imperialviolet.org/2012/03/02/ieecdhe.html>
This didn't make much sense at the time because is by far
weakest-looking cipher in wide use. But if Google faced demands to
disclose the private keys used by their TLS servers to enable passive
eavesdropping, switching on perfect forward secrecy might counteract
these demands.
More information about the liberationtech
mailing list