FITUG e.V.
Förderverein Informationstechnik und Gesellschaft
FITUG e.V.Förderverein Informationstechnik und Gesellschaft |
|
------- Forwarded message follows ------- Date sent: Thu, 09 Aug 2001 13:16:15 -0400 To: politech@politechbot.com From: Declan McCullagh <declan@well.com> Subject: FC: More on Danish cops and "Safeguard" -- police found passwords Copies to: bo.elkjaer@eb.dk Send reply to: declan@well.com
Previous Politech message:
"Danish police break "Safeguard" encryption program in tax case" http://www.politechbot.com/p-02371.html
**********
From: Bo Elkjær <bo.elkjaer@eb.dk> To: "'Declan McCullagh '" <declan@well.com>, "'politech@politechbot.com '" <politech@politechbot.com> Subject: Danish police: Not Safeguard Easy but passwords were weak Date: Thu, 9 Aug 2001 19:06:45 +0200
Dear Declan, Politech, Cryptographylist.
It was reported in national media - including tv - that the police had succesfully _broken_ the encryption. This, it seems, is not the case. The police have managed to find the _passwords_ of the five encrypted computers.
The information concerning the succesful decryption of the five computers protected with Safeguard Easy was presented in court by chief prosecutor Poul Gade. Investigation is lead by chief of police in Holstebro, Jens Kaasgaard.
I have just interviewed Jens Kaasgaard. He says:
'To avoid misunderstandings, we haven't _broken_ Safeguard by technically breaking down the encryption. We have located the passwords in different ways. We have done it like any hacker would have done, by trying to figure out the most probable passwords. This has payed success in five cases.'
'After doing that we entered the document-parts, the harddisk of the computer. Here we found some of the files unencrypted and other files further encrypted.'
'When you use Safeguard you put a sort of shell around your data. This is the first part you need to enter. This is what is claimed to be impossible. It _is_ impossible. We have had six private companies looking at this, and they have all failed.'
'We have used completely ordinary police investigation methods. We know precisely who have had access to the encrypted machines. Then we can start assessing probabilities and calculate upon this and set up models for how, if you were a hacker, you'd find your way into the machines. That's what we have done.'
_You did this yourself?_
'Yes. We did this inside the police system.'
---------------------------------------------------------------------- --- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. To subscribe, visit http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ ---------------------------------------------------------------------- ---
------- End of forwarded message -------