Zimmermann Enters Debate on Microsoft Encryption 381
Golygydd Max writes "I didn't see much coverage of the RC4 flaw in Microsoft Office that was uncovered recently by a researcher, Hongjun Wu. Now, PGP creator Phil Zimmermann, dissatisfied with Microsoft's response, has joined in the debate. In an interview with Techworld he castigates Microsoft for their inadequate response: 'The lay user ought to be entitled to assume that the encryption produced by Microsoft is adequate. ... If Microsoft wants to earn the respect of the cryptographic community and the public it must rise to the occasion by producing competent security.' The cynic might ask, 'what respect', but should Microsoft have taken a flaw in some of its most popular programs more seriously?"
MS Encryption is a joke (Score:5, Informative)
How is this done? Every file that is written to an encrypted folder by User A has a private encryption key generated for it. That private encryption key is then encrypted with User A's public key and every designed Encrypted Data Recovery Agent's public key. Then either User A or any such recovery agent's private key can then decrypt the file.
Of course, MS just lets lay users assume their "encrypted" files are private.
Article mirror (Score:3, Informative)
Microsoft should sort flaw and abandon RC4 in favour of better ciphers, says PGP creator.
By John E. Dunn, Techworld
Cryptography expert Phil Zimmermann has said he believes the flaw discovered in Microsoft's Word and Excel encryption is serious and warrants immediate attention.
"I think this is a serious flaw - it is highly exploitable. It is not a theoretical attack," said Zimmermann, referring to a flaw in Microsoft's use of RC4 document encryption unearthed recently by a researcher in Singapore.
"The lay user ought to be entitled to assume that the encryption produced by Microsoft is adequate. [...] If Microsoft wants to earn the respect of the cryptographic community and the public it must rise to the occasion by producing competent security."
Microsoft has been dismissive of the seriousness of the flaw, which relates to the way it has implemented the RC4 encryption stream cipher. As explained by Hungjun Wu of the Institute of Infocomm Research, it would allow anyone able to gain access to two or more versions of the same password and encrypted document to reverse engineer the scheme used to make it secure.
"Stream ciphers have to be used most carefully. Any failure to do this will result in a disastrous loss of security," Zimmermann said. "Even with a properly chosen initialisation vector, you have to run it for a while before the quality of the stream cipher is good enough to use." Contrary to Microsoft's claims that the issue was a "very low threat", he countered that gaining access to a document would not present problems for a determined hacker. "There are tools one can use to cryptanalyse messages in this way."
Even if the flaw was fixed, in his view a more fundamental problem was Microsoft's use of RC4, licensed from RSA Security.
"Why does Microsoft continue to use RC4 in this day and age? It has other security flaws that have been published in other papers," adding that "RC4 is a proprietary cipher and has not stood up well to peer review. They should just stop using RC4. It would be better to switch to a block cipher."
When contacted Microsoft, was unable to commit to a timescale for correcting the flaw but issued the following statement by way of a spokesperson: "Microsoft is still investigating this report of a possible vulnerability in Microsoft Office. When that investigation is complete, we will take the appropriate actions to protect customers. This may include providing a security update through our monthly release process."
Zimmermann, meanwhile, emphasised the need for responsible disclosure of such problems. "The best way is to quietly disclose the problem to the vendor and then allow the vendor 30 days to fix the problem. Then go public," he said.
Phil Zimmermann is best-known as the creator of Pretty Good Privacy (PGP), a desktop encryption program that was powerful enough that the US authorities attempted to have its distribution stopped and Zimmermann imprisoned for writing it. The case was abandoned 1996. PGP was bought out by Network Associates, though an independent company, PGP Corporation, has since been spun out to develop its core technology.
Re:MS Encryption is a joke (Score:1, Informative)
The reason it's implmented like this is that this is how companies want it to work. No one would want an encryption system which would leave potentially important company documents encrypted without any way of getting at them should the person be unavailable (holiday, sickness, died etc.)
Good enough (Score:3, Informative)
Total bull, but that's why they haven't change anything in IE for so many years.
Could this have been ON PURPOSE? (Score:4, Informative)
Could it be that the poor encryption security was actually on purpose?
After all, they were using RC4. It should be secure right? (sarcasm) Isn't the problem simply that they re-used a key stream, or something like that? Something that is a basic design "blunder", but could really have been done on purpose. This might make it easy for certian parties to crack, but it might still seem secure. All of the code is properly implemented. The RC4 algorithm is properly implemented, gives correct outputs for known inputs, etc. The flaw is in how the algorithm is improperly used. Something that could be missed by anyone disassembling the code.
I'll leave it for someone else to reply here and speculate on the reasons that such a "blunder" might actually be deliberate. (I've got a malfunction in one of the antennas of my tin foil hat. I use the dual-antenna design of tin foil hats.)
Re:Next Microsoft Crypto Method? (Score:2, Informative)
Re:First rule of Microsoft encryption (Score:4, Informative)
Also, it is a little misleading to say it was "open sourced" against its will. Firstly, because it wasn't "open sourced" in the strictest sense but more importantly, RC4 is just an algorithm with many different implementations and an algorithmic description is information. And as we all know, information wants to be freeee.
Re:Encryption easily broken (Score:2, Informative)
Have you had a look at this: TrueCrypt: Free open-source disk encryption for Windows XP/2000/2003 [sourceforge.net]
Re:copyright (Score:3, Informative)
Re:Encryption easily broken (Score:4, Informative)
NTLM hashes should not be stored on any system where security is even remotely important, for this reason. The newer hash function is secure (assuming the password can't be guessed).
Re:You're asking too much of MS (Score:3, Informative)
They didn't. The original poster was lying.
Instead, they completely rewrote the C library functions in much safer versions, sidestepping that problem entirely.
MS is well aware of the problems with strncpy. Read their blogs some time.
the Microsoft StrSafe library [microsoft.com]
Schneier on RC4 Flaw (Score:2, Informative)
Linux encryptions (Score:3, Informative)
That doesn't have anything to do with encryption. Anytime you have physical access to a computer all bets are off as far as security.
The grandparent was saying that in Windows, it is easy to recover the Administrator's password. This is bad because you can log in without a recovery CD, and the Administrator won't notice (his password will still be the same). In Linux, obtaining the root password is not so easy by default (because shadow uses a DES+salt hash by default) and nearly impossible if you set it up properly (if you use MD5 hash, which is the default for SuSE - don't know about other distros).
Linux encrypted filesystems I know almost nothing about, but I've also never seen a distribution that supports it out of the box.
As far as I am aware, every modern Linux distro supports encrypted filesystems out of the box (filesystems, not files - so the enemy can't even see your directory structure). Google for cryptoloop, and try it on your box... I personally use it for encrypting my swap partition.