Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zimmermann Enters Debate on Microsoft Encryption

Posted by michael on from the or-lack-of-it dept.

Golygydd Max writes "I didn't see much coverage of the RC4 flaw in Microsoft Office that was uncovered recently by a researcher, Hongjun Wu. Now, PGP creator Phil Zimmermann, dissatisfied with Microsoft's response, has joined in the debate. In an interview with Techworld he castigates Microsoft for their inadequate response: 'The lay user ought to be entitled to assume that the encryption produced by Microsoft is adequate. ... If Microsoft wants to earn the respect of the cryptographic community and the public it must rise to the occasion by producing competent security.' The cynic might ask, 'what respect', but should Microsoft have taken a flaw in some of its most popular programs more seriously?"

7 of 381 comments (clear)

  1. Employ Mr. Zimmerman by antivoid · · Score: 5, Interesting

    Perhaps Microsoft should employ Mr. Zimmerman of PGP to fix M$'s broken code.

    The fact that so many documents written (especially now) are using Microsoft formats, makes this problem very dangerous.

    Its worth mentioning that any docuemtns that are actually worth protecting should by default not rely on Micrsofts (lack of) security, as it is a known trend that Microsoft fails time and time again to provide adaquate security.

    People think "wow! encryption, and NOT a lame password". By as per normal, scratch a little deeper and you can see how flawed microsoft code actually is...

  2. Have to say it.... by GillBates0 · · Score: 5, Funny

    Zimmermann makes some Pretty Good Points in the interview.

    --
    An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
  3. Don't Worry by Dipster · · Score: 5, Funny
    It'll be fixed in the next installment. Just give them more of your money...

    Why fix it in a free patch, when they can charge money for a new version that you have a reason to buy?

  4. I wonder when... by cerberusss · · Score: 5, Interesting

    I wonder when someone writes a script to google for Word documents, get the protected ones out and decrypt them. Ought to be a fun project.

    --
    8 of 13 people found this answer helpful. Did you?
  5. Why it is "low priority" by Anonymous Coward · · Score: 5, Insightful

    MS considers it a low priority because there is no tool that currently is known to be available that can leverage the theoretical issues brought up in the paper. I agree with them. An issue is "high priority" when there is a tool that can be used by an end user now as an exploit. That is how you prioritize things in real life.

  6. Re:First rule of Microsoft encryption by JeffWhitledge · · Score: 5, Interesting

    Consider NSA's track record:

    • In the seventies they recommended changes to DES, which in the early ninties were discovered to have made it more secure.
    • They have developed and are freely distributing the source for an improved-security version of Linux.

    An agreement with Microsoft to ensure insecure encryption would be very out of character for them.

    That is, unless they're just a bunch of Linux freaks.

    --
    These comments do express the opinions of my employers, and, personally, I think they're complete rubbish.
  7. Re:MS Encryption is a joke by Proteus · · Score: 5, Insightful

    While I agree that the 'spiteful employee' arguement is largely bunk, the 'employee who quit, got fired, or otherwise left unexpectedly' arguement is not.

    e.g. I am a sysadmin, and I store all the incident reports on a Win2k3 EFS box, encrypted to my key. These incident reports are important to whomever is doing my job -- no one needs to see them unless I leave unexpectedly. If I get trampled by a herd of malicious gnus on the way to work, the top-level admins will need access to my data, as will whoever replaces me.

    There are two solutions to that -- share my key or use the EFS recoverable key system. Guess which I'd rather do?

    --
    We may not imagine how our lives could be more frustrating and complex—but Congress can. – Cullen Hightower