Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zimmermann Enters Debate on Microsoft Encryption

Posted by michael on from the or-lack-of-it dept.

Golygydd Max writes "I didn't see much coverage of the RC4 flaw in Microsoft Office that was uncovered recently by a researcher, Hongjun Wu. Now, PGP creator Phil Zimmermann, dissatisfied with Microsoft's response, has joined in the debate. In an interview with Techworld he castigates Microsoft for their inadequate response: 'The lay user ought to be entitled to assume that the encryption produced by Microsoft is adequate. ... If Microsoft wants to earn the respect of the cryptographic community and the public it must rise to the occasion by producing competent security.' The cynic might ask, 'what respect', but should Microsoft have taken a flaw in some of its most popular programs more seriously?"

5 of 381 comments (clear)

  1. MS Encryption is a joke by bigtallmofo · · Score: 4, Informative

    I especially dislike their Encrypted File System (EFS). One of its highlights is that the first administrator account set up in a domain is designated an "Encrypted Data Recovery Agent". What does this mean? If you use your domain login at work to encrypt your data, the administrator has immediate ability to decrypt it anytime they want.

    How is this done? Every file that is written to an encrypted folder by User A has a private encryption key generated for it. That private encryption key is then encrypted with User A's public key and every designed Encrypted Data Recovery Agent's public key. Then either User A or any such recovery agent's private key can then decrypt the file.

    Of course, MS just lets lay users assume their "encrypted" files are private.

    --
    I'm a big tall mofo.
  2. Article mirror by Anonymous Coward · · Score: 3, Informative
    Crypto expert: Microsoft flaw is serious

    Microsoft should sort flaw and abandon RC4 in favour of better ciphers, says PGP creator.

    By John E. Dunn, Techworld

    Cryptography expert Phil Zimmermann has said he believes the flaw discovered in Microsoft's Word and Excel encryption is serious and warrants immediate attention.

    "I think this is a serious flaw - it is highly exploitable. It is not a theoretical attack," said Zimmermann, referring to a flaw in Microsoft's use of RC4 document encryption unearthed recently by a researcher in Singapore.

    "The lay user ought to be entitled to assume that the encryption produced by Microsoft is adequate. [...] If Microsoft wants to earn the respect of the cryptographic community and the public it must rise to the occasion by producing competent security."

    Microsoft has been dismissive of the seriousness of the flaw, which relates to the way it has implemented the RC4 encryption stream cipher. As explained by Hungjun Wu of the Institute of Infocomm Research, it would allow anyone able to gain access to two or more versions of the same password and encrypted document to reverse engineer the scheme used to make it secure.

    "Stream ciphers have to be used most carefully. Any failure to do this will result in a disastrous loss of security," Zimmermann said. "Even with a properly chosen initialisation vector, you have to run it for a while before the quality of the stream cipher is good enough to use." Contrary to Microsoft's claims that the issue was a "very low threat", he countered that gaining access to a document would not present problems for a determined hacker. "There are tools one can use to cryptanalyse messages in this way."

    Even if the flaw was fixed, in his view a more fundamental problem was Microsoft's use of RC4, licensed from RSA Security.

    "Why does Microsoft continue to use RC4 in this day and age? It has other security flaws that have been published in other papers," adding that "RC4 is a proprietary cipher and has not stood up well to peer review. They should just stop using RC4. It would be better to switch to a block cipher."

    When contacted Microsoft, was unable to commit to a timescale for correcting the flaw but issued the following statement by way of a spokesperson: "Microsoft is still investigating this report of a possible vulnerability in Microsoft Office. When that investigation is complete, we will take the appropriate actions to protect customers. This may include providing a security update through our monthly release process."

    Zimmermann, meanwhile, emphasised the need for responsible disclosure of such problems. "The best way is to quietly disclose the problem to the vendor and then allow the vendor 30 days to fix the problem. Then go public," he said.

    Phil Zimmermann is best-known as the creator of Pretty Good Privacy (PGP), a desktop encryption program that was powerful enough that the US authorities attempted to have its distribution stopped and Zimmermann imprisoned for writing it. The case was abandoned 1996. PGP was bought out by Network Associates, though an independent company, PGP Corporation, has since been spun out to develop its core technology.

  3. Could this have been ON PURPOSE? by DickBreath · · Score: 3, Informative

    I see all the posts about how Microsoft encryption is a joke, etc.

    Could it be that the poor encryption security was actually on purpose?

    After all, they were using RC4. It should be secure right? (sarcasm) Isn't the problem simply that they re-used a key stream, or something like that? Something that is a basic design "blunder", but could really have been done on purpose. This might make it easy for certian parties to crack, but it might still seem secure. All of the code is properly implemented. The RC4 algorithm is properly implemented, gives correct outputs for known inputs, etc. The flaw is in how the algorithm is improperly used. Something that could be missed by anyone disassembling the code.

    I'll leave it for someone else to reply here and speculate on the reasons that such a "blunder" might actually be deliberate. (I've got a malfunction in one of the antennas of my tin foil hat. I use the dual-antenna design of tin foil hats.)

    --

    I'll see your senator, and I'll raise you two judges.
  4. Re:First rule of Microsoft encryption by Anonymous Coward · · Score: 4, Informative
    Wasn't RC4 closed source until the source leaked out on the web
    The algorithm was one of RSA's trade secrets. It wasn't the source that was leaked but a description of the algorithm. Consequently, third-parties implemented the algorithm and there was nothing RSA could do about it -- it wasn't patented, RSA preferring the trade secret route, and copyright didn't apply because you can't copyright algorithms.
    which were patched, and it was a better algorithm for being "open sourced", albeit against it's will.
    It wasn't improved as far as I know, but the algorithm is sometimes known as arcfour. This is because RC4 is trademarked. Perhaps you were thinking of this.

    Also, it is a little misleading to say it was "open sourced" against its will. Firstly, because it wasn't "open sourced" in the strictest sense but more importantly, RC4 is just an algorithm with many different implementations and an algorithmic description is information. And as we all know, information wants to be freeee.
  5. Re:Encryption easily broken by Rich0 · · Score: 3, Informative

    Well, it isn't reversible encryption - they are hashed. However, the NTLM hash function is easy to brute-force.

    NTLM hashes should not be stored on any system where security is even remotely important, for this reason. The newer hash function is secure (assuming the password can't be guessed).