Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zimmermann Enters Debate on Microsoft Encryption

Posted by michael on from the or-lack-of-it dept.

Golygydd Max writes "I didn't see much coverage of the RC4 flaw in Microsoft Office that was uncovered recently by a researcher, Hongjun Wu. Now, PGP creator Phil Zimmermann, dissatisfied with Microsoft's response, has joined in the debate. In an interview with Techworld he castigates Microsoft for their inadequate response: 'The lay user ought to be entitled to assume that the encryption produced by Microsoft is adequate. ... If Microsoft wants to earn the respect of the cryptographic community and the public it must rise to the occasion by producing competent security.' The cynic might ask, 'what respect', but should Microsoft have taken a flaw in some of its most popular programs more seriously?"

2 of 381 comments (clear)

  1. Re:Do they care? by ratboy666 · · Score: 1, Troll

    Bwha, ha, ha ha!!

    What you're telling me is (wiping tears from my eyes) -- is that a security system that is insecure can't be fixed because it is too popular!

    What a field-day for the black-hats!

    Let me... make... sure. (gasping for air, here). Lots of documents are presumed safe, and are not, and that's why future documents won't be safe?

    Bwa, ha, ha, ha!

    Ratboy.

    --
    Just another "Cubible(sic) Joe" 2 17 3061
  2. Re:First rule of Microsoft encryption by AstroDrabb · · Score: 0, Troll
    Please tell us who these "MS Windows Freak" NSA guys you have meet are. It can be easily verified. Most of the NSA "guys" are _real_ computer scientists. You are very unlikely to find a bunch of computer scientist that are "windows freaks". I would bet that most _real_ computer scientist are *nix freaks, Linux, Unix and Mac OS freaks.

    Please tell us a few names of these NSA "windows freaks" so we can verify your statements. Unless, of course you are talking out your @ss.

    Imagine, if Microsoft said you had to be on-line AND log into their servers to access YOUR document.
    Huh? This is exactly what MS does with their latest versions of their software. I recently installed MS Office 2003. I couldn't continue to access _my_ documents until I was "on-line" AND I logged onto a MS server to "verify" that I had a "right" to use Office 2003. So exactly what the H3ll are you talking about?
    Sure, it's a bug. Cycle your passwords, and you're fine.
    Cycle your passwords? Try to get 140,000 employees (the size of the company I work for) to "cycle their passwords" in a timely fashion. It just isn't going to happen.

    Stop being such and MS apologist.

    --
    If Tyranny and Oppression come to this land,
    it will be in the guise of fighting a foreign enemy. -James Madison