I\'m not a Cryptography expert, but i\'ve seen this topic sometimes on the Web:

Question

I'm not a Cryptography expert, but i've seen this topic sometimes on the Web: Master decrypt keys.

Most of the people said that "Master decrypt key" does not exist.

This makes sense if you developed your own Cryptography software.

But if a company releases a cryptography software, where the user must enter the content (string or file), and a password, and then he gets the output, wouldnt the company be able to include the user password in another string encrypted with the company's password in somepart of the file? so no matter the user has encrypted the file with 30 keys, the company could decrypt it's part of the file and get the user key to decrypt the entire file

does it make any sense? I was wondering this for security reasons

Explanation / Answer

In theory, someone could do this, but in practice nobody really uses random, sketchy third party cryptography software. Most, if not all, of the commonly used cryptography functions are well understood and tested. Most of them also openly reveal precisely how they work so anyone can implement them. This means lots of people can analyse the algorithms for built in weaknesses like the one you described.

The case you described is a good reason to stay away from unknown and untrusted third party cryptography software.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.