[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] (Fwd) FC: More on Danish cops and "Safeguard" -- police found passwords

------- Forwarded message follows -------
Date sent:      	Thu, 09 Aug 2001 13:16:15 -0400
To:             	politech@politechbot.com
From:           	Declan McCullagh <declan@well.com>
Subject:        	FC: More on Danish cops and "Safeguard" -- police found passwords
Copies to:      	bo.elkjaer@eb.dk
Send reply to:  	declan@well.com

Previous Politech message:

"Danish police break "Safeguard" encryption program in tax case"


From: Bo Elkjśr <bo.elkjaer@eb.dk>
To: "'Declan McCullagh '" <declan@well.com>,
         "'politech@politechbot.com '"
Subject: Danish police: Not Safeguard Easy but passwords were weak
Date: Thu, 9 Aug 2001 19:06:45 +0200

Dear Declan, Politech, Cryptographylist.

It was reported in national media - including tv - that the police had
succesfully _broken_ the encryption. This, it seems, is not the case.
The police have managed to find the _passwords_ of the five encrypted

The information concerning the succesful decryption of the five
computers protected with Safeguard Easy was presented in court by
chief prosecutor Poul Gade. Investigation is lead by chief of police
in Holstebro, Jens Kaasgaard.

I have just interviewed Jens Kaasgaard. He says:

'To avoid misunderstandings, we haven't _broken_ Safeguard by
technically breaking down the encryption. We have located the
passwords in different ways. We have done it like any hacker would
have done, by trying to figure out the most probable passwords. This
has payed success in five cases.'

'After doing that we entered the document-parts, the harddisk of the
computer. Here we found some of the files unencrypted and other files
further encrypted.'

'When you use Safeguard you put a sort of shell around your data. This
is the first part you need to enter. This is what is claimed to be
impossible. It _is_ impossible. We have had six private companies
looking at this, and they have all failed.'

'We have used completely ordinary police investigation methods. We
know precisely who have had access to the encrypted machines. Then we
can start assessing probabilities and calculate upon this and set up
models for how, if you were a hacker, you'd find your way into the
machines. That's what we have done.'

_You did this yourself?_

'Yes. We did this inside the police system.'

--- POLITECH -- Declan McCullagh's politics and technology mailing
list You may redistribute this message freely if you include this
notice. To subscribe, visit
http://www.politechbot.com/info/subscribe.html This message is
archived at http://www.politechbot.com/

------- End of forwarded message -------