Security of crypto security measures


How secure are the crypto security measures in practice today? In
everyday life, it is trivial that, if one puts treasures in a safe,
one has to consider how secure is the lock and even whether the
gangsters could carry the safe away. In matters closer to crypto,
UNIX, according to a revelation by one of its designers decades
after its launch, had a backdoor. And Windows have permanently to
be patched due to hacker attacks being detected. After all, it
is a general fact that the majority of all kinds of software are
not perfectly verified (if any formal verification were attempted
at all), so that there is almost always some non-negligible chance
of the existence of bugs that could be exploited. (The recently
reported case that the kernel of an OS was proved to be ok is a
very rare exception, I suppose.) In history of crypto, one knows
(or rather it is very plausibly believed by many) that a well-known
crypto machine manufacturer once enabled backdoor in its products
delivered to a certain country that was used for encryption of
diplomatic communications. Not very long time ago there was quite
some discussions in the media in Germany on the issue of whether
"online investigations" should be legalized, which, as far as I
understand, seem to mean the deployment of Trojans etc. on the
computers of the civilians by offcial agencies.

So how sure is a normal user of security software in the security
of his/her private communications in the current state of affairs?


M. K. Shen