Zimmermann Enters Debate on Microsoft Encryption

Golygydd Max writes "I didn't see much coverage of the RC4 flaw in Microsoft Office that was uncovered recently by a researcher, Hongjun Wu. Now, PGP creator Phil Zimmermann, dissatisfied with Microsoft's response, has joined in the debate. In an interview with Techworld he castigates Microsoft for their inadequate response: 'The lay user ought to be entitled to assume that the encryption produced by Microsoft is adequate. ... If Microsoft wants to earn the respect of the cryptographic community and the public it must rise to the occasion by producing competent security.' The cynic might ask, 'what respect', but should Microsoft have taken a flaw in some of its most popular programs more seriously?"

Employ Mr. Zimmerman

[antivoid]

Perhaps Microsoft should employ Mr. Zimmerman of PGP to fix M$'s broken code.

The fact that so many documents written (especially now) are using Microsoft formats, makes this problem very dangerous.

Its worth mentioning that any docuemtns that are actually worth protecting should by default not rely on Micrsofts (lack of) security, as it is a known trend that Microsoft fails time and time again to provide adaquate security.

People think "wow! encryption, and NOT a lame password". By as per normal, scratch a little deeper and you can see how flawed microsoft code actually is...

I wonder when...

[cerberusss]

I wonder when someone writes a script to google for Word documents, get the protected ones out and decrypt them. Ought to be a fun project.

Re:I wonder when...

[bvankuik]

attack is only valid when you have several different versions

This raises an interesting question: what about versioned documents? They'd have to contain several large revisions, but this shouldn't be a problem when I think of the documents that some account managers create here.

Encryption easily broken

[Neo-Rio-101]

I've toyed around with MS's "encryption" and all I can say is the following:-

1) That password you give your administrator account on your system can be hacked off in under 5 minutes with the Emergency Boot CD EBCD . So much for encryption.

2) Files encrypted in Windows 2000 (the OS I tested then on) were still visible in their directories, despite their contents being encrypted. To me, this wasn't good enough. I wanted the whole filesystem to be encrypted, with plausible deniability that the files that certain files (or even file systems) never even existed.
To add injury to insult, I could easily become administrator with the EBCD and get the encryption key easily to break the encryption anyway.

3) Built in Windows encryption isn't good enough, forcing you to get third party products to do the job right. This means that you pay through the nose if you haven't got the technical skill to set up a Linux or BSD box running free encryption modules and samba.

But come on. If MS made a perfect operating system, they wouldn't have a business model selling updates. Instead of dropping support for old products, I'm almost expecting their next OS to have a use-by date embedded in their EULA and OS to FORCE you off their old system after so many years.... or else!

Re:Encryption easily broken

[PowerKe]

1) That password you give your administrator account on your system can be hacked off in under 5 minutes with the Emergency Boot CD EBCD . So much for encryption.

Reading the linked site, it says that you can *change* any password, not decrypt it. You can do the same thing in unix/linux if you have physical access, I also don't see anything wrong with that. If the data is that important, you should guard the computer as well. In the other case it's handy if for some reason the administrator password is lost that you don't lose the system.

2) Files encrypted in Windows 2000 (the OS I tested then on) were still visible in their directories, despite their contents being encrypted. To me, this wasn't good enough. I wanted the whole filesystem to be encrypted, with plausible deniability that the files that certain files (or even file systems) never even existed. To add injury to insult, I could easily become administrator with the EBCD and get the encryption key easily to break the encryption anyway.

That's where I think (hope) you're wrong. You can change the admininistrator password, but by doing that you'll render the private keys inaccessible. If you want to reset a users password in windows you get a warning that encrypted files will become unavailable, therefor you should use change password. This suggests that the private keys are encrypted using the user's password. When you change your password, these keys first have to be decrypted and encrypted again using your new password. Resetting the administrator password still doesn't give you access to the files in that case.

To protect from losing your files if you forget the passord you can create an emergency disk. This should allow you to gain access to the system to the system in case the password is forgotten. I assume this disk would contain unencrypted private keys for this purpose (never used it, but it shows up on the password related functions). You also get a warning that you should put it in a safe place.

Re:First rule of Microsoft encryption

[JeffWhitledge]

Consider NSA's track record:

• In the seventies they recommended changes to DES, which in the early ninties were discovered to have made it more secure.
• They have developed and are freely distributing the source for an improved-security version of Linux.

An agreement with Microsoft to ensure insecure encryption would be very out of character for them.

That is, unless they're just a bunch of Linux freaks.

You're asking too much of MS

[Weaselmancer]

Y'know, asking MS to fix an obscure bug in their encryption that took a dedicated researcher to find is pretty much pointless. Remember - these are the same guys that are having a hard time poking through their code and replacing all the strcpy() calls with strncpy().

Asking these guys to address this is like asking someone to turn off the faucet in a burning building.

Zimmerman bashes RC4, not just Microsoft

[xxxJonBoyxxx]

In the article, Zimmerman bashes RC4, not just Microsoft. I think he's probably right. Why not use open-standard AES instead of RC4? (Or if you still have RSA on the brain, why not RC6, the RSA algorithm which was a runner-up in the Federal AES competition.)

Re:Do they care?

[dioscaido]

Uhm... yes, they REALLY care. I can tell you that being on the inside. Every project was halted and all employees took secure coding technique seminars. Right now security is a top priority for all MS products. We are now forced to undertake arduous Threat Modeling of our applications, and undergo repeated security checkpoints along the way. Once things are 'ready to ship' they first need to go through a dedicated security group that audits the source and the threat models and either turns away the software or allows it's release. So anyway, yeah, there's a hell of a lot of work around here when it comes to security. And it's very noticeable if you see the software coming out of here post- 2003.

As to whether they 'care' about this encryption thing. They are obviously looking into it. But the fact is Office is run by millions of people, so they can't just overhaul the encryption system and release a hotfix without breaking lots of stuff. So these things take time. I do hope they change their methods, though.

Re:Users don't want strong MS Office encryption

At MS I was shown a powerpoint slide by the PM on my project from a "confidential" presentation he attended. The slide, as best I can remember it, went something like this:

Why doesn't Microsoft Have Good Security?

• good security is hard
  
• hard things are expensive
  
• users don't understand security
  
• users don't want to pay for good security
  
• Microsoft doesn't do expensive things for
  people who don't want or understand them
  

I swear I'm not making this up.