Zimmermann Enters Debate on Microsoft Encryption

Golygydd Max writes "I didn't see much coverage of the RC4 flaw in Microsoft Office that was uncovered recently by a researcher, Hongjun Wu. Now, PGP creator Phil Zimmermann, dissatisfied with Microsoft's response, has joined in the debate. In an interview with Techworld he castigates Microsoft for their inadequate response: 'The lay user ought to be entitled to assume that the encryption produced by Microsoft is adequate. ... If Microsoft wants to earn the respect of the cryptographic community and the public it must rise to the occasion by producing competent security.' The cynic might ask, 'what respect', but should Microsoft have taken a flaw in some of its most popular programs more seriously?"

Employ Mr. Zimmerman

[antivoid]

Perhaps Microsoft should employ Mr. Zimmerman of PGP to fix M$'s broken code.

The fact that so many documents written (especially now) are using Microsoft formats, makes this problem very dangerous.

Its worth mentioning that any docuemtns that are actually worth protecting should by default not rely on Micrsofts (lack of) security, as it is a known trend that Microsoft fails time and time again to provide adaquate security.

People think "wow! encryption, and NOT a lame password". By as per normal, scratch a little deeper and you can see how flawed microsoft code actually is...

I wonder when...

[cerberusss]

I wonder when someone writes a script to google for Word documents, get the protected ones out and decrypt them. Ought to be a fun project.

Re:First rule of Microsoft encryption

[JeffWhitledge]

Consider NSA's track record:

• In the seventies they recommended changes to DES, which in the early ninties were discovered to have made it more secure.
• They have developed and are freely distributing the source for an improved-security version of Linux.

An agreement with Microsoft to ensure insecure encryption would be very out of character for them.

That is, unless they're just a bunch of Linux freaks.