Slashdot Mirror
Zimmermann Enters Debate on Microsoft Encryption
Golygydd Max writes "I didn't see much coverage of the RC4 flaw in Microsoft Office that was uncovered recently by a researcher, Hongjun Wu. Now, PGP creator Phil Zimmermann, dissatisfied with Microsoft's response, has joined in the debate. In an interview with Techworld he castigates Microsoft for their inadequate response: 'The lay user ought to be entitled to assume that the encryption produced by Microsoft is adequate. ... If Microsoft wants to earn the respect of the cryptographic community and the public it must rise to the occasion by producing competent security.' The cynic might ask, 'what respect', but should Microsoft have taken a flaw in some of its most popular programs more seriously?"
Do not use Microsoft encryption.
How else are we supposed to get access to all these works in 150 years time (or 50 in some countries) when the copyright expires on them.
thank God the internet isn't a human right.
Perhaps Microsoft should employ Mr. Zimmerman of PGP to fix M$'s broken code.
The fact that so many documents written (especially now) are using Microsoft formats, makes this problem very dangerous.
Its worth mentioning that any docuemtns that are actually worth protecting should by default not rely on Micrsofts (lack of) security, as it is a known trend that Microsoft fails time and time again to provide adaquate security.
People think "wow! encryption, and NOT a lame password". By as per normal, scratch a little deeper and you can see how flawed microsoft code actually is...
Zimmermann makes some Pretty Good Points in the interview.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
I especially dislike their Encrypted File System (EFS). One of its highlights is that the first administrator account set up in a domain is designated an "Encrypted Data Recovery Agent". What does this mean? If you use your domain login at work to encrypt your data, the administrator has immediate ability to decrypt it anytime they want.
How is this done? Every file that is written to an encrypted folder by User A has a private encryption key generated for it. That private encryption key is then encrypted with User A's public key and every designed Encrypted Data Recovery Agent's public key. Then either User A or any such recovery agent's private key can then decrypt the file.
Of course, MS just lets lay users assume their "encrypted" files are private.
I'm a big tall mofo.
Why fix it in a free patch, when they can charge money for a new version that you have a reason to buy?
Microsoft should sort flaw and abandon RC4 in favour of better ciphers, says PGP creator.
By John E. Dunn, Techworld
Cryptography expert Phil Zimmermann has said he believes the flaw discovered in Microsoft's Word and Excel encryption is serious and warrants immediate attention.
"I think this is a serious flaw - it is highly exploitable. It is not a theoretical attack," said Zimmermann, referring to a flaw in Microsoft's use of RC4 document encryption unearthed recently by a researcher in Singapore.
"The lay user ought to be entitled to assume that the encryption produced by Microsoft is adequate. [...] If Microsoft wants to earn the respect of the cryptographic community and the public it must rise to the occasion by producing competent security."
Microsoft has been dismissive of the seriousness of the flaw, which relates to the way it has implemented the RC4 encryption stream cipher. As explained by Hungjun Wu of the Institute of Infocomm Research, it would allow anyone able to gain access to two or more versions of the same password and encrypted document to reverse engineer the scheme used to make it secure.
"Stream ciphers have to be used most carefully. Any failure to do this will result in a disastrous loss of security," Zimmermann said. "Even with a properly chosen initialisation vector, you have to run it for a while before the quality of the stream cipher is good enough to use." Contrary to Microsoft's claims that the issue was a "very low threat", he countered that gaining access to a document would not present problems for a determined hacker. "There are tools one can use to cryptanalyse messages in this way."
Even if the flaw was fixed, in his view a more fundamental problem was Microsoft's use of RC4, licensed from RSA Security.
"Why does Microsoft continue to use RC4 in this day and age? It has other security flaws that have been published in other papers," adding that "RC4 is a proprietary cipher and has not stood up well to peer review. They should just stop using RC4. It would be better to switch to a block cipher."
When contacted Microsoft, was unable to commit to a timescale for correcting the flaw but issued the following statement by way of a spokesperson: "Microsoft is still investigating this report of a possible vulnerability in Microsoft Office. When that investigation is complete, we will take the appropriate actions to protect customers. This may include providing a security update through our monthly release process."
Zimmermann, meanwhile, emphasised the need for responsible disclosure of such problems. "The best way is to quietly disclose the problem to the vendor and then allow the vendor 30 days to fix the problem. Then go public," he said.
Phil Zimmermann is best-known as the creator of Pretty Good Privacy (PGP), a desktop encryption program that was powerful enough that the US authorities attempted to have its distribution stopped and Zimmermann imprisoned for writing it. The case was abandoned 1996. PGP was bought out by Network Associates, though an independent company, PGP Corporation, has since been spun out to develop its core technology.
You could always just dump their encryption and use PGP/GPG in its place.
Bah.... What does Bob Dylan know about encryption anyway. :)
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
Call me paranoid, but it's kind of convenient to security services that there is a flaw in Microsoft encryption systems. Surely if you were desigining a back-door for security services you'd do it in a way that looked like a bug rather than a feature.
Jolyon
Please read my Canon EOS tech blog at http://www.everyothershot.com
I wonder when someone writes a script to google for Word documents, get the protected ones out and decrypt them. Ought to be a fun project.
8 of 13 people found this answer helpful. Did you?
It was an interesting article that I thought, given some of the anti M$ venom thats running around at times, was very polite and well thought out.
:-D
Don't get me wrong, I think Microsoft generally deserve the crap thats thrown at them, I just think it sticks better when its well written
regards, the_leander
Well, seeing as how the majority of the world is using their software, they probably think it's obviously good enough, otherwise it wouldn't be used.
Total bull, but that's why they haven't change anything in IE for so many years.
MS considers it a low priority because there is no tool that currently is known to be available that can leverage the theoretical issues brought up in the paper. I agree with them. An issue is "high priority" when there is a tool that can be used by an end user now as an exploit. That is how you prioritize things in real life.
That chipping sound is the slow but steady decline of market share, trust, user loyalty, revenues...
It will eventually come down if they don't take issues of security, stability, usability, and bloat more seriously.
And they need to take thier g@##@&% copyright enforcement crap and stab it up... they need to can it, already. They need to decide who thier clients are... John Q. Public, or Hollywood?
The problem with socialism is that they always run out of other people's money. - Margaret Thatcher
Why not just encrypt the files outside of Office, using something renowned, tried, tested and passed? And why would the layperson want such high security on their documents? Surely the layperson and the security-conscious are different sets? I suppose that's the most naive thing I've ever come up with, right?
~~Every few years or so I'm accidentally fashionable!
Am I the only one who saw "Zimmerman" and thought of the inventer of the Emergency Medical Hologram?
Zvpebfbsg vf pbzzvggrq gb ranoyvat rirel phfgbzre gb jbex, pbzzhavpngr, naq genafnpg ohfvarff zber frpheryl. Oruvaq gur tybony frphevgl zbovyvmngvba naabhaprq va Bpgbore 2003, jr jvyy pbagvahr gbjneq gung tbny ol jbexvat pybfryl jvgu phfgbzref, cnegaref, naq gur vaqhfgel. Jr zrnfher bhe rssbegf hfvat gur FQ?+P senzrjbex.
While Microsoft should probbably fess up and fix the problem, is this really such a big deal? Who uses Microsoft word encryption, and for what? It still sounds like you'd require multiple versions of the same document. That means either access to the data store itself where the document was being edited, or the user has passed around multiple versions to others.
I guess what it comes down to is expectations of security. It should be obvious to not use word to protect national secrets. Secret love letters to your mistress are still probbably safe from your wife though (unless she happens to be a crypto-expert). In that case it's probbably easier to just use a keylogger, or install a trojan horse.
AccountKiller
I think Microsoft have the competence to implement strong encryption in its products. But the problem is, have Microsoft interest that a Word document encrypted with a strong password can't be broken? Or implement an encrypted disk that can't be broken if the attacker doesn't have the key? I think that's the reason, could be the US government behind this decision?
A master watched as an ambitious user reconstructed his Linux.
"I shall make every bit encrypted," the user said. "I shall use 2048 bit keys, three different algorithms, and make multiple passes."
The master replied: "I think it is unwise."
"Why?" asked the user. "Will my encryption harm the mighty Tao, which gives Linux life and creates the balance between kernel and processes? The mighty Tao, which is the thread that binds the modules and links them with the core? The mighty Tao, which safely guides the TCP/IP packets to and from the network card?"
"No," said the master, "It will hog too much cpu."
While it is understandable that one wants to be careful with the cashcow, you should at least immunize it.
You must be the change you wish to see in the world - Ghandi
I've toyed around with MS's "encryption" and all I can say is the following:-
1) That password you give your administrator account on your system can be hacked off in under 5 minutes with the Emergency Boot CD EBCD . So much for encryption.
2) Files encrypted in Windows 2000 (the OS I tested then on) were still visible in their directories, despite their contents being encrypted. To me, this wasn't good enough. I wanted the whole filesystem to be encrypted, with plausible deniability that the files that certain files (or even file systems) never even existed.
To add injury to insult, I could easily become administrator with the EBCD and get the encryption key easily to break the encryption anyway.
3) Built in Windows encryption isn't good enough, forcing you to get third party products to do the job right. This means that you pay through the nose if you haven't got the technical skill to set up a Linux or BSD box running free encryption modules and samba.
But come on. If MS made a perfect operating system, they wouldn't have a business model selling updates. Instead of dropping support for old products, I'm almost expecting their next OS to have a use-by date embedded in their EULA and OS to FORCE you off their old system after so many years.... or else!
READY.
PRINT ""+-0
In the interview referenced in the article, there is a paragraph that states
When contacted Microsoft, was unable to commit to a timescale for correcting the flaw but issued the following statement by way of a spokesperson: "Microsoft is still investigating this report of a possible vulnerability in Microsoft Office. When that investigation is complete, we will take the appropriate actions to protect customers. This may include providing a security update through our monthly release process."
Using my handy M$ anti-spin ray on the response from M$, I found that the response actually said, "Nothing to see here, move along please."Having done so much with so little for so long, I now can do anything with nothing at all.
Is there a handy piece of software which lets me read my PHB's documents?
10 ?"Hello World" life was simple then
Their programmers might care, but M$ itself isn't interested in respect from the cryptographic community, because it's something that doesn't matter to their stockholders; it's too obscure for them to care about. M$ only responds to this kind of thing once the news gets out and the public begins to perceive it as a problem. Security through obscurity, remember? Basically, M$ are only in it for the money; a statement that explains their entire track record.
Reason behind the weak Windows encryption is not to provide easy out of the box encryption for the masses. The real purpose is to provide out of the box mass decryption for government agencies. Surely Microsoft has been asked to do that by quite a number of them.
So, cryptopgraphic community perfectionism this time crosses interests of real power and will be ignored.
There you are, staring at me again.
Or they could just stop licensing RC4 and use an unencumbered and respected standard, AES.
500GB of disk, 5TB of transfer, $5.95/mo
Dear security researchers,
You can try to crack our encryption all you want. Microsoft Office(TM) documents are still the most secure format in the world, since you still won't be able to render them properly even if you manage to decrypt them.
Sincerely,
The Microsoft Corporation
That this is M$ we are talking about. Perhaps they are interested in actually developing a secure and stable product. I feel this is a gross exaggeration though. We wouldnt have had disasters like Code Red with IIS, and the constant eb of IE vulners that occur if Gates and Ballmer were really concerned with security. Gates is all wrapped up in his idea that Windows needs to be a media system than a secure system. IF , and thats a big huge IF, they actually spent time developing a secure stable OS, I might actually back them up a little. But as long as I can boot my LOAF and change acct info , its not happening.
"God of Rock, thank you for this chance to kick ass. "
Least of all your US government. The NSA makes a bulletproof distribution of Linux, and other US government offices shun it in favour of Windows.
Sun Microsystems released Star Office, and a bunch of open source wonks built OpenOffice, with better track records. Yet US government offices shun them in favour of Microsoft Office.
I'm not sure why they do, especially an omniscent body like the US government who knows these things exist. It must be because they don't want to use them.
And every day users? Well, users could have taken e-mail content security into their own hands over a decade ago when PGP was out, or eight years ago when PGP for the Exchange client came out. But NO, they didn't want to use it. They could have used S/MIME which was slightly easier to use, but NO, they didn't want to use it.
Users don't care enough to demand strong encryption in their applications. And Microsoft is in business to make money. They aren't going to waste time making a product that no one will buy. And YOU, slashdotters, aren't going to convince users to buy an alternative through fear, uncertainty and doubt.
Use Evolution instead of Outlook? Bewa
Y'know, asking MS to fix an obscure bug in their encryption that took a dedicated researcher to find is pretty much pointless. Remember - these are the same guys that are having a hard time poking through their code and replacing all the strcpy() calls with strncpy().
Asking these guys to address this is like asking someone to turn off the faucet in a burning building.
Weaselmancer
rediculous.
yes, changing the IV will help, but it's not the solution.
USE A FUCKING MAC!!! [message authentication code]
cipher == privacy
mac == authentication
Stupid fucking reporting...
Tom
Someday, I'll have a real sig.
Maybe everyone is just burned out and tired of the topic. We all know that the state of PCs in the world today is a vast, pathetic farce of biblical proportions thanks to MS. What's left to say about it? Windows is a shitpile, but people keep gobbling it up. Just like they gobble up all the other sludge in our culture. Nothing unusual to be seen here. Move along.
--- Ban humanity.
you can do this if the machines' encrypted files were encrypted by a local user. this is aimed at corporate work though, where they're domain users. the EBCD and all the other password crackers work on LOCAL accounts, not DOMAIN accounts. if joe blow encrypts his files on his work laptop with his usual domain account, you can't get at them.
I see all the posts about how Microsoft encryption is a joke, etc.
Could it be that the poor encryption security was actually on purpose?
After all, they were using RC4. It should be secure right? (sarcasm) Isn't the problem simply that they re-used a key stream, or something like that? Something that is a basic design "blunder", but could really have been done on purpose. This might make it easy for certian parties to crack, but it might still seem secure. All of the code is properly implemented. The RC4 algorithm is properly implemented, gives correct outputs for known inputs, etc. The flaw is in how the algorithm is improperly used. Something that could be missed by anyone disassembling the code.
I'll leave it for someone else to reply here and speculate on the reasons that such a "blunder" might actually be deliberate. (I've got a malfunction in one of the antennas of my tin foil hat. I use the dual-antenna design of tin foil hats.)
I'll see your senator, and I'll raise you two judges.
would you prefer frosty piss
or do you like it warmed up
"...but should Microsoft have taken a flaw in some of its most popular programs more seriously?"
If they start making exceptions now there will be no end to it and it might delay the Longhorn release. Hmmm...
MSFT does not care about quality; it cares about quantity. It cares about profits to shareholders and to the the number of units it shipped. It cares about its dominance in the market. It cares about crushing anyone or anything that competes or threatens their position. MSFT's leadership cares about the company's bottom line and nothing more.
If they truly cared about quality, there would be much less malware and and far fewer security holes in their products. They would actually care about this encryption issue. Their lack of response, to them, does not validate the problem as a reality.
But don't worry, Longhorn is coming! (He said with wry sarcasm. )
I might know what I'm talkin' about, but then again, this is Slashdot...
Microsoft is doing what it always does: Focusing on what most of their customers are most concerned about. Most users don't care about stuff like how strong the encryption is, and most don't even use it. Most users think using the password feature in Winzip is good enough. Microsoft has never been focused on niche markets, or the concerns of small groups of users.
In the article, Zimmerman bashes RC4, not just Microsoft. I think he's probably right. Why not use open-standard AES instead of RC4? (Or if you still have RSA on the brain, why not RC6, the RSA algorithm which was a runner-up in the Federal AES competition.)
Why care if the ball is leakign air?
---- Booth was a patriot ----
This is great news for DRM anti-enthusiasts!
These comments do express the opinions of my employers, and, personally, I think they're complete rubbish.
Phil Zimmermann is best-known as the creator of Pretty Good Privacy (PGP), a desktop encryption program that was powerful enough that the US authorities attempted to have its distribution stopped and Zimmermann imprisoned for writing it. Ever heard of a MS trial regarding their top notch encryption? I rest my case.
Just
The creator of PGP is dissatisfied with an alternative closed source encryption implementation?! What is this world coming to! :)
Lets home MS drops their flawed encryption algorithm. How do the Office alternatives stack up in this respect?
Basically, M$ are only in it for the money; a statement that explains their entire track record
Indeed. If there is a company that could afford good developers, it is Microsoft. So most of their shortcomings are probably the result of either
-hiring cheap but inexperienced people anyway
-rushing release dates and intentionally letting the customer beta-test
-or political maneuvring.
Considering the latter, I strongly suspect that making IE hard to uninstall was not a design error, but an intentional move for the antitrust suit. Windows XP Embedded shows they can make modular systems if they desire.
Of course, doing the above for a couple of years may lead to an accumulation of crap code that is hard to clear up. This might explain why Microsoft's attempts at improving security don't yield fast results.
C - the footgun of programming languages
So all the time I (black hat) am clever enough to just decrypt stuff and use the information without getting caught, the game plan is to concentrate on the script kiddies. Kewl ;-)
Justin.
You're only jealous cos the little penguins are talking to me.
Uhm... yes, they REALLY care. I can tell you that being on the inside. Every project was halted and all employees took secure coding technique seminars. Right now security is a top priority for all MS products. We are now forced to undertake arduous Threat Modeling of our applications, and undergo repeated security checkpoints along the way. Once things are 'ready to ship' they first need to go through a dedicated security group that audits the source and the threat models and either turns away the software or allows it's release. So anyway, yeah, there's a hell of a lot of work around here when it comes to security. And it's very noticeable if you see the software coming out of here post- 2003.
As to whether they 'care' about this encryption thing. They are obviously looking into it. But the fact is Office is run by millions of people, so they can't just overhaul the encryption system and release a hotfix without breaking lots of stuff. So these things take time. I do hope they change their methods, though.
Any closed-source encryption scheme is automatically suspect. If an encryption scheme demands secrecy for anything except the intended recipient's private key, then it is vulnerable to compromise.
Remember, just because you can't solve a problem you devised, does not necessarily mean it is insoluble, unless you proved so mathematically. For example, by expressing the encryption as a matrix multiplication and proving the matrix is singular. Preferably there should be more than one indeterminate variable, to increase the workspace for brute force attacks.
A really determined adversary could get the source code by disassembling the binary. It'd be hard work, but the payoff might be worth it. So you have to assume that the enemy has the source code to the programme. You also have to assume that the enemy has the sender's sending key {which may or may not be the recipient's public key; but it should be either impossible or at least difficult to determine the receiving key from the sending key. In other words, symmetric cyphers are insecure.}
Even if you think your receiving key is secure, it may not be. But it's the only thing you, as the recipient of the message, really have any measure of control -- even if it's just in the "it won't hurt so much if you don't struggle so much" sense of a measure of control -- over. You don't know that your enemy hasn't found a way to get the source code of the programme and you don't know that your enemy hasn't found a way to get your contact's sending key {which is why they may as well be public anyway -- there is no benefit to you keeping these things secret}. You hope your enemy can't get your receiving key without your knowing about it.
Je fume. Tu fumes. Nous fûmes!
The standard required for a +5 post has hit rock bottom. Elevating a "Well don't use it" post as insightful is ridiclous.
microsoft is a monopoly and is not concerned about flaws in its products. the majority of "lay users" will be using them regardless. the "respect of the cryptographic community" is irrelevant to its profit margin, since said community is numerically insignificant in terms of sales, and it is the phbs that make corporate purchasing decisions, not technical experts. what microsoft "should" do, beyond what is in the interests of its profit margin, is a moot point.
Despite all the outrage that simmers regarding most subjects concerning Microsoft, I have to ask...Does the outrage really matter?
Despite this latest "outrage", product sales remain hardcore, and when other priorities are dealt with in turn, this one will be as well.
If you have a "Revision History" section, it will shift all the bytes of the document down by n number of bytes, making the attack that the researcher proposed utterly useless.
Any documents that are important enough to have encryption will probably have a Revision History section anyway, so who cares.
This is *so* not an issue, I love how security researcher talk about how "dangerous" these security problems are but chances are in the field it's not really an issue.
...but I will.
If you want good security, use PGP (or one of it's siblings).
Don't trust application products to secure your data. Use security products for that.
just buy anotehr product... microsoft does not need any respect. You have a choice. Just dont use the USA government to run microsoft. im starting to think most slashdotters are ignorant socialists.
Do NOT use Microsoft encryption.
In Tyler we trust.
-Peter
There is a lot of speculation here that Microsoft put in this encryption bug on purpose. That's giving them too much credit on this one. I just read the paper about the weakness. They are essentially reusing the same keystream more than once. That's an amateur level bug that is discussed in any crypto book that talks about stream ciphers. Look in the book Applied Crytography by Bruce Schneier in the section on cryptographic modes. He talks about this directly. This is not a minor threat. It's a gaping hole since a simple XOR of two versions of the document gives you a lot of information.
The bigger question is why Microsoft used a stream cipher for this. As Zimmerman mentions, they are more difficult to use correctly. Although some weakness in RC4 have been found, it is still possible to use it in a strong manner. You just have to be careful. It would have been better to use a good block cipher (AES, Triple DES, blowfish, etc) and a simple mode like CBC. It's easy to code and still plenty strong if you reuse the same initialization vector. Even better would have been a newer mode like CCM.
After decrypting them, you still have to translate them into English.
Putting my William Gibson hat on for a moment...
In Gibson's worlds, governments are somewhat shrunken and corporations are much more powerful. Though the NSA-equivalent is still to be feared, corporate espionage is just much so.
Back to reality...
As we wish that nVidia and ATI would release specs for Open Source drivers, we hear about how they fear giving information to competitors, reverse engineering, etc. At the same time, there are companies that reverse-engineer chips, selling layouts, block diagrams, and schematics. I've seen them, and I've had it done to me.
In these litiganous time, such "discovery" is how you decide who to sue for infringing on your IP. IP has become big business, and while I'm sure that keys to encrypted documents could be dragged out in court, I'm equally sure that some folks would kind of like to bypass that part of the mess. This is especially true, considering social aspects. "If this document is encrypted, I don't have to be as careful with its physical or network acces."
How far are we really, until corporate espionage takes on Gibson-like attributes?
The living have better things to do than to continue hating the dead.
He's not worried because the 5cR1p7 KiDdi35 don't have a point and click program to break the encryption.
The man who authored the report works at the Institute for Infocomm Research, Singapore. Now while the US of A and Britian may have chummy relations with the gov't of Singapore, I'm sure there are at least one or two other countries COUGH N. Korea & China COUGH who would like nothing more than to code a functional exploit.
This 'flaw' in MS's encryption isn't just another toy for blackhats. Setting aside the fact that various governments may want to exploit this to its fullest, there's the small issue of data theft. Can you imagine how trivial this will make corporate espionage?
The author's real conclusion isn't at the end, but halfway through the report:
The effort required to break MS's implementation of RC4 is trivial[Fuck Beta]
o0t!
- Fix RC4 implementation.
- Release patch.
- Problem solved.
As I understand it, fixing the RC4 implementation wouldn't render it incompatible with unpatched versions. People who haven't made the uppgrade would still be able to decrypt a document produced by a fixed version (the security problem would still remain, however, as long as one of the two persons who exchange documents kept a bad version of Office). It's a matter of fixing improper reuse of streams, that's all, not fundamentally changing how the algorithm works.Correct me if I'm wrong.
What I'm saying is that I'm not going to accept the same old excuse this time around. And no, I'm not blaming you because you happen to work for Microsoft, I blame the company as a whole.
Zimmerman's great and all, but in this scenario we need a simple symmetric algorithm. Have Bruce Schneier implement his patent-free 448 bit key, 64 bit block Blowfish or 256 bit key, 128 bit block Twofish.
Bwha, ha, ha ha!!
What you're telling me is (wiping tears from my eyes) -- is that a security system that is insecure can't be fixed because it is too popular!
What a field-day for the black-hats!
Let me... make... sure. (gasping for air, here). Lots of documents are presumed safe, and are not, and that's why future documents won't be safe?
Bwa, ha, ha, ha!
Ratboy.
Just another "Cubible(sic) Joe" 2 17 3061
,hearing it, and I'm not looking to be anyone's parent here.
This problem is solved by not using MSFT software. They actually DO a pretty good job with hardware. I tried my best to destroy several Intellimouse trackballs, and utterly failed (I also cleaned them really well; kind of like what you have to do with the registry?). I also have a Sidewinder Precision 2 that has consistently, and precisely, worked since the first day I bought it; unlike my Gravis Wingman 3D.
As a software company, MSFT makes really good hardware.
In a corporate environment, you have to balance protecting data versus putting yourself at the mercy of a disgruntled employee. If hard drives go missing with your financials, your employee data (!!!), or the designs for your latest product, an EFS will help you sleep a lot easier at night. I'd look at some way to set the key for the EFS and prevent it from being changed, if that's even possible. Give each user their own EFS with their own key, and the key recorded in at least two separate and safe places.
-paul
Pistol caliber is like religion: everyone has their favourite, and theirs is the only right choice.
The worst case was a package called Fortress, marketed and endorsed by an international firm of accountants, which was so weak that it barely needed analysis at all. Their response: not a promise to strengthen the algorithm but a cloud of PR and obfuscation. Public relations people were evidently cheaper than programmers with a knowledge of crypto. It seems that they still are.
A paper summarizing the whole story is here: The Comedy of Commercial Encryption Software.
Sure, you can put a password on changing those bootloader options, but just slap in a linux emergency boot CD, and suddenly you have root access to all files.
Certainly, unless the system is configured to boot only from the hard drive && the passwd option is enabled in the BIOS.
However - since we have established that physical access is involved - the interloper could probably use the oft-present jumper on the motherboard to clear the CMOS and get the system to boot from the CD. Of course at that point he could just take the hard drive with him, leaving a similar but bulk-degaussed replacement (to emulate a very very borked hard drive).
Anyway, I mention these points only to back your assertion that physical access can allow subversion and bypass of several commonly used security mechanisms.
I want to drag this out as long as possible. Bring me my protractor.
If you apply the same, or different encryption methods, multiple times to the same thing, is the result more or less secure then it was to start with? For instance , say i have a block of text i want to encrypt. If i put it through PGP using a different key each time, and the person at the end knows which order to apply the keys to it in order to decrypt it - wouldnt it be much more secure from a hack? sure they might crack it once, but all theyll see is jibberish and have no way of knowing if they succeeded or not. unless im missing something, most encryptions if applied several times to something would be massively more secure then an encryption done once ( ok except for rot13 ;D ).
if for example the probability that a given encryption can be broken is 1/100 ( a very high example probability ) , then applying the same encryption to the same thing 5 times would result in a probability of ( 0.01 * 0.01 * 0.01 * 0.01 * 0.01 ) = 0.0000000001 for breaking the whole thing
Surely you can see if you have a strong encryption and apply it several times like this, the probability it gets cracked rapidly approaches 0
unless theres a flaw in my reasoning someone would like to enlighten me on :)
Separating two English texts that have been XORed together is quite possible. That's been known since Vernam two-tape systems of the 1940s were cracked. The paper described in Footnote 2, "E. Dawson and L. Nielsen. Automated cryptanalysis of XOR plaintext strings. Cryptologia, (2):165-181, April 1996.", covers the technique. This is a statistical technique, based on the fact that English is so redundant that two English texts XORed together can usually be separated.
You won't get 100% recovery. You'll probably get back most of the English words. Images, no. Formatting information, no. The end result will look something like what you see if you look at a Word file in a text editor, only worse.
For a classic example of this mistake, see Venona. The KGB's New York resident reused one-time pads in the 1940s. Cryptanalysis of that produced the information that A-bomb design data was being leaked, and after several years of frantic work, where the leak was.
If you want to read about more technical details and social implications of the RC4 flaw, I highly recommend starting from Bruce Schneier on Security: Microsoft RC4 Flaw (January 18, 2005). There are a lot of informative links and interesting comments there.
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
I don't know this for certain, but I suspect that the NSA was involved in the NIST evaluation of the crypto algorithms for the new national standard, and they are likely involved in the current evaluation of encryption mode functions.
In comparison, the DOE has written many Network Intrusion Detector/Countermeasure packages, but the software is invariably encrypted and licensed under terms that would make the most corrupt CEO weep with envy.
The NSA has done, and continues to do, many things I don't consider reasonable. However, when it comes to supporting technologists and developers, they have done infinitely more than any other part of the US Government.
That says a lot about the NSA, but it also speaks volumes about the other departments.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
The question then becomes one of whether the policy was written in ignorance and never updated, even when the flaws started appearing, or whether they knew in advance that the strategy was vulnerable.
Even if it's the latter, it's possible they reasoned that encryption just wasn't that important. More of a decoration than anything. That way, you'd WANT to use something fast, which likely means that it is flawed.
So, there are other possible views which don't have Microsoft playing the Evil Villain. Just the Court Fool. I'd be happy to let Microsoft decide which they are.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Do not talk about Microsoft encryption.
Your head a splode
They (and they employers) also probably assume that when their key is lost then all of their work is not lost forever. You are right that Microsoft's encryption is a joke, but this is not a good example. What you have described is not a flaw per se, but a design decision. In fact, that is the only way to restore the encrypted data when the user's key is lost. On the other hand, the RC4 flaw is about reusing the same keystream in stream ciphers, which is an inexcusable amateur mistake and shows a level of incompetence just plainly laughable in the case of the largest software giant on the planet. Let me quote Bruce Schneier on Microsoft RC4 Flaw:
As you can see, Microsoft's crypto is a joke indeed. It is an old, unfunny joke that they keep repeating ad nauseam. But it is about a much more important incompetence than what you have noticed. As some people say: "When it comes to security, it's always Amateur Hour in Redmond." Sadly, this has been true forever. When people invest in Microsoft's security they always say "maybe this time they got it right, I'm sure." This is not without a reason.
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
No ratboy, I didn't say it can't be fixed. What I'm pointing out is that it's not surprising that a hotfix hasn't immediately been released by the group. I would be surprised if a fix isn't released very soon. But the fact is, this isn't fixing a buffer overflow. This is a fundamental change in an algorithm, and any change would be pretty major. The modifications have to be fully tested and the ramifications to backward compatibility have to be explored. If you've ever been involved in an an application with as deep a history, as wide an adoption, and as intrinsic to business as Office, you'd understand.
When I first read the article, I thought they were going to say they were using RC4 without discarding the first 256 bytes, which is known to allow the key to be reverse engineered. But no -- they're using the same RC4 stream XORed with multiple different texts.
This isn't a case of Microsoft not being diligent about the latest advances in encryption. This is just kid sister encryption. It's been known for centuries that you don't reuse one-time pads. This is much more secure than ROT-13, and a little harder than a Caesar cipher, but that's about it.
I bet they're not discarding the first 256 bytes of RC4 in addition to this.
the DES algorithm was never meant to made public; the original idea was to provide black-box chips only.
NSA reduced the key length from 112 to 56 bits which is definitely not secure.
iterations/S-box were introduced to protect against a type of attack that was not commonly known at the time, but bound to be discovered later. So, the NSA assures decryption is only feasible with the original key or a google-sized computer resort. In short, they will try and ensure that they can decrypt without a key while others may not-- insecure encryption.
Anytime you have physical access to a computer all bets are off as far as security.
That's simply not true in this case. Preventing access to data when physical security is breached is the primary reason for encrypted filesystems. The thief who has unrestricted "physical access" to your work laptop should not be able to crack into an encrypted filesystem, Emergency Boot CD or no.
If the encryption key is sitting there on the hard drive, protected only by user-based access control (as the grandparent post seems to imply) then the whole setup is horrendously broken. Such a stupid system is equally possible on Linux or Windows of course.
For encrypted filesystems to be meaningful, the encryption key needs to be protected by a decent password that's not stored anywhere on the disk (duh). Sure, it's a PITA to enter each time you boot your computer, but otherwise you might as well not bother.
If you WANT two parties to share a private key, you should be able to set that up (and it should be easy to do), but it shouldn't be a default hidden behavior.
I have heard about this method before. If you wish to increase the security, it is best to take your original string, and simply XOR it with itself.
Next time you talk on your cell phone, just remember this:
:)
Phone company: The encryption used to transmit the phone number is encrypted and difficult to decrypt.
Cryptographers: Yep, invented in 1864 by the US Military for use in the Civil War (a.k.a. War between the states) by the Union Army.
Do the research and find out for yourself. It's been cracked
I know a lot of people would like to castigate Microsoft. The US justice department tried it, and now the EU has joined in. Even your average man on the street has been heard attempting to castigate MS, but a lone individual has little chance against such a large company.
Is this fair? I don't know. Ask yourself honestly: "who did I want to castigate today?". The answer might surprise you.
These posts express my own personal views, not those of my employer
The cynic might ask, 'what respect', but should Microsoft have taken a flaw in some of its most popular programs more seriously?
No. Their customers absolutely don't care about this, and the few exceptions have tools to fix the problem themselves.
Everybody else who cares doesn't use Windows for things that need encryption.
1) That password you give your administrator account on your system can be hacked off in under 5 minutes with the Emergency Boot CD EBCD . So much for encryption.
That doesn't have anything to do with encryption. Anytime you have physical access to a computer all bets are off as far as security.
The grandparent was saying that in Windows, it is easy to recover the Administrator's password. This is bad because you can log in without a recovery CD, and the Administrator won't notice (his password will still be the same). In Linux, obtaining the root password is not so easy by default (because shadow uses a DES+salt hash by default) and nearly impossible if you set it up properly (if you use MD5 hash, which is the default for SuSE - don't know about other distros).
Linux encrypted filesystems I know almost nothing about, but I've also never seen a distribution that supports it out of the box.
As far as I am aware, every modern Linux distro supports encrypted filesystems out of the box (filesystems, not files - so the enemy can't even see your directory structure). Google for cryptoloop, and try it on your box... I personally use it for encrypting my swap partition.
... the meaning of the words "adequate" or "respect" or "security". Isn't that blatantly obvious by now?
I understand the reasons why everybody wants their computers secure, and that there's a lot at stake. But consider the security standards we accept in other aspects of our lives. If you have a 2-foot strip of metal with a notch in it you can open just about any car lock out there, and a crowbar can physically rip the lockset assembly right out of most people's front doors. Anybody who really wants to can get inside your house in seconds without undue commotion. All it really takes is brazenness, and maybe a hedge screening your front porch from view.
If we held car makers and home builders accountable for security flaws, our houses and cars would look a lot different, and they would STILL get broken into. I wouldn't want armed guards patrolling my neighborhood, or to go through an airport-like screening at the corner, any more than I would want to live the RIAA's wet dream of requesting authorization to display any video, sound or image with my own computer.
I wonder if the pursuit of total data security is a phantom, and we just have to accept a certain amount of risk and deal with it the best we can, possibly by not putting as much trust in our machines and networks as we would like to.
You're absolutely spreading FUD, we run it all the time on system volumes on Windows XP (stared with 2K0 with no problems in 2 years.
your main argument of momentum is indisputable, however "fundamental change to the algorithm" is overstepping the rhetoric a bit.
if the bug is in the implementation of functionality (and interface) that is well-specified, fixing it does not imply a fundamental change in the algorithm, but rather the opposite.
if you can understand this, and morever understand how your bosses (and whoever they consort w/ to set the party line) do not or will not understand this, you will understand also how and why people scorn usloth.
good luck in the bowels of the beast!
http://shit.slashdot.org/article.pl?sid=05/01/27/1 344218
porn movies, music cd's, pictures from google. It's all bits anyways.
Well let's see - there's the new Office 2003 that's already had several vuln's found, and now we learn the encryption is lame.
In 2003 Microsoft also brought us SP2's new security Center which gives continuous false alarms about Anti-virus definitions being out of date (for the two most common AV solutions out there - Norton and McAffey. In fact, only PC-Cillin actually works correctly with security center) resulting in people just ingnoring ALL warnings. You, know - crying wolf and stuff. They brag about how the firewall starts sooner, but the Windows firewall STILL doesn't regulate outbound traffic. Internet Exploder STILL has exploits deemed "minimal" that have existed since the 90's. In 2003 several of those old "minor" vulns were combined to create a real problem (the russian website bug - forget what it's official name is) which STILL ISN'T FULLY FIXED. Microsoft's "patch" for this vuln essentially was to place that one web address into the host-deny file. Nothing prevents someone from using a similar expliot with a different url to hook up to.
Microsoft isn't truly worried about security. It's worried about looking worried about security. They don't really care if it's secure - as long as it APPEARS secure and they can convince the public.
TommyOpen Source for Open Minds
There's no program they know about
Doesn't mean one doesn't exist, and couldn't be in use right now...
Ok, so Europe smurope or whatever...
You can keep on extending your copyrights as long as you want, but so long as here in Europe we don't we get to copy all the stuff you pay for.
Yes, Elvis has just entered the public domain.
thank God the internet isn't a human right.