Slashdot Mirror
Zimmermann Enters Debate on Microsoft Encryption
Golygydd Max writes "I didn't see much coverage of the RC4 flaw in Microsoft Office that was uncovered recently by a researcher, Hongjun Wu. Now, PGP creator Phil Zimmermann, dissatisfied with Microsoft's response, has joined in the debate. In an interview with Techworld he castigates Microsoft for their inadequate response: 'The lay user ought to be entitled to assume that the encryption produced by Microsoft is adequate. ... If Microsoft wants to earn the respect of the cryptographic community and the public it must rise to the occasion by producing competent security.' The cynic might ask, 'what respect', but should Microsoft have taken a flaw in some of its most popular programs more seriously?"
Do not use Microsoft encryption.
How else are we supposed to get access to all these works in 150 years time (or 50 in some countries) when the copyright expires on them.
thank God the internet isn't a human right.
One of its highlights is that the first administrator account set up in a domain is designated an "Encrypted Data Recovery Agent". What does this mean?
For corporations (the target market for EFS), it means that if someone is fired, quits, dies, etc. then their data is not lost foreever.
MS encryption should be better, but what you describe is not a flaw.
In a corporate setting it should not be permissible for an employee to conceal data from the owner of the data and machines. The owner of machine - aka the corporation - should have final say over what is encrypted or not.
Imagine what could be done if there was no way for a high-level sysadmin to decrypt user files. Imagine the damage that could be done.
AI spiteful (ex)-employee could easily encrypt and forever destroy sensitive data that is irreplaceable.
Not only that, but it is entirely possible that the user could accidentally render the data unencryptable. That'd be bad.
EFS is not for a typical user to permanently encrypt data that can never be revealed. It is primarily designed so that sensitive data on corporate laptops can be stored in a way that if it is stolen it cannot be decrypted. This purpose is well served by EFS.
There are many excellent critiques of MS's security and data protection capabilities. There is no need to overreach and bash things that do actually work as intended.
You could always just dump their encryption and use PGP/GPG in its place.
MS considers it a low priority because there is no tool that currently is known to be available that can leverage the theoretical issues brought up in the paper. I agree with them. An issue is "high priority" when there is a tool that can be used by an end user now as an exploit. That is how you prioritize things in real life.
While Microsoft should probbably fess up and fix the problem, is this really such a big deal? Who uses Microsoft word encryption, and for what? It still sounds like you'd require multiple versions of the same document. That means either access to the data store itself where the document was being edited, or the user has passed around multiple versions to others.
I guess what it comes down to is expectations of security. It should be obvious to not use word to protect national secrets. Secret love letters to your mistress are still probbably safe from your wife though (unless she happens to be a crypto-expert). In that case it's probbably easier to just use a keylogger, or install a trojan horse.
AccountKiller
Their programmers might care, but M$ itself isn't interested in respect from the cryptographic community, because it's something that doesn't matter to their stockholders; it's too obscure for them to care about. M$ only responds to this kind of thing once the news gets out and the public begins to perceive it as a problem. Security through obscurity, remember? Basically, M$ are only in it for the money; a statement that explains their entire track record.
"Imagine the damage that could be done."
Such as, exactly?
"AI spiteful (ex)-employee could easily encrypt and forever destroy sensitive data that is irreplaceable."
Or they could just del *.*. Or format c:. Or burn down the building.
This whole 'spiteful employee' argument is nonsense. The only reasons to have a 'key recovery agent' are to recover password for clueless employees and to spy on slightly more clued employees.
Least of all your US government. The NSA makes a bulletproof distribution of Linux, and other US government offices shun it in favour of Windows.
Sun Microsystems released Star Office, and a bunch of open source wonks built OpenOffice, with better track records. Yet US government offices shun them in favour of Microsoft Office.
I'm not sure why they do, especially an omniscent body like the US government who knows these things exist. It must be because they don't want to use them.
And every day users? Well, users could have taken e-mail content security into their own hands over a decade ago when PGP was out, or eight years ago when PGP for the Exchange client came out. But NO, they didn't want to use it. They could have used S/MIME which was slightly easier to use, but NO, they didn't want to use it.
Users don't care enough to demand strong encryption in their applications. And Microsoft is in business to make money. They aren't going to waste time making a product that no one will buy. And YOU, slashdotters, aren't going to convince users to buy an alternative through fear, uncertainty and doubt.
Use Evolution instead of Outlook? Bewa
1) That password you give your administrator account on your system can be hacked off in under 5 minutes with the Emergency Boot CD EBCD . So much for encryption.
That doesn't have anything to do with encryption. Anytime you have physical access to a computer all bets are off as far as security. You can do the exact same thing in linux, and most of the time you don't even need a CD. Just add a 1 to the kernel boot options and boot into single user mode. No password required, immediate root access. Sure, you can put a password on changing those bootloader options, but just slap in a linux emergency boot CD, and suddenly you have root access to all files.
Linux encrypted filesystems I know almost nothing about, but I've also never seen a distribution that supports it out of the box. There's probbably one out their, but it's not a mainstream linux feature.
AccountKiller
Maybe everyone is just burned out and tired of the topic. We all know that the state of PCs in the world today is a vast, pathetic farce of biblical proportions thanks to MS. What's left to say about it? Windows is a shitpile, but people keep gobbling it up. Just like they gobble up all the other sludge in our culture. Nothing unusual to be seen here. Move along.
--- Ban humanity.
Maybe at home but corporate computers are corporate property. There is not expected level of privacy on said property. If you don't want someone at work from looking at your private stuff then don't keep it on business machines.
While I agree that the 'spiteful employee' arguement is largely bunk, the 'employee who quit, got fired, or otherwise left unexpectedly' arguement is not.
e.g. I am a sysadmin, and I store all the incident reports on a Win2k3 EFS box, encrypted to my key. These incident reports are important to whomever is doing my job -- no one needs to see them unless I leave unexpectedly. If I get trampled by a herd of malicious gnus on the way to work, the top-level admins will need access to my data, as will whoever replaces me.
There are two solutions to that -- share my key or use the EFS recoverable key system. Guess which I'd rather do?
We may not imagine how our lives could be more frustrating and complex—but Congress can. – Cullen Hightower
There is a lot of speculation here that Microsoft put in this encryption bug on purpose. That's giving them too much credit on this one. I just read the paper about the weakness. They are essentially reusing the same keystream more than once. That's an amateur level bug that is discussed in any crypto book that talks about stream ciphers. Look in the book Applied Crytography by Bruce Schneier in the section on cryptographic modes. He talks about this directly. This is not a minor threat. It's a gaping hole since a simple XOR of two versions of the document gives you a lot of information.
The bigger question is why Microsoft used a stream cipher for this. As Zimmerman mentions, they are more difficult to use correctly. Although some weakness in RC4 have been found, it is still possible to use it in a strong manner. You just have to be careful. It would have been better to use a good block cipher (AES, Triple DES, blowfish, etc) and a simple mode like CBC. It's easy to code and still plenty strong if you reuse the same initialization vector. Even better would have been a newer mode like CCM.