FC: More on Danish cops and "Safeguard" -- police found passwords

From: Declan McCullagh (declanat_private)
Date: Thu Aug 09 2001 - 10:16:15 PDT

  • Next message: Declan McCullagh: "FC: In-Q-Tel looks promising, but CIA overseers don't pay attention"

    Previous Politech message:
    
    "Danish police break "Safeguard" encryption program in tax case"
    http://www.politechbot.com/p-02371.html
    
    **********
    
    From: Bo Elkjær <bo.elkjaerat_private>
    To: "'Declan McCullagh '" <declanat_private>,
             "'politechat_private '"
    	<politechat_private>
    Subject: Danish police: Not Safeguard Easy but passwords were weak
    Date: Thu, 9 Aug 2001 19:06:45 +0200
    
    Dear Declan, Politech, Cryptographylist.
    
    It was reported in national media - including tv - that the police had
    succesfully _broken_ the encryption. This, it seems, is not the case. The
    police have managed to find the _passwords_ of the five encrypted computers.
    
    The information concerning the succesful decryption of the five
    computers protected with Safeguard Easy was presented in court by chief
    prosecutor Poul Gade. Investigation is lead by chief of police in
    Holstebro, Jens Kaasgaard.
    
    I have just interviewed Jens Kaasgaard. He says:
    
    'To avoid misunderstandings, we haven't _broken_ Safeguard by
    technically breaking down the encryption. We have located the passwords
    in different ways. We have done it like any hacker would have done, by
    trying to figure out the most probable passwords. This has payed success
    in five cases.'
    
    'After doing that we entered the document-parts, the harddisk of the
    computer. Here we found some of the files unencrypted and other files
    further encrypted.'
    
    'When you use Safeguard you put a sort of shell around your data. This
    is the first part you need to enter. This is what is claimed to be
    impossible. It _is_ impossible. We have had six private companies
    looking at this, and they have all failed.'
    
    'We have used completely ordinary police investigation methods. We know
    precisely who have had access to the encrypted machines. Then we can
    start assessing probabilities and calculate upon this and set up models
    for how, if you were a hacker, you'd find your way into the machines.
    That's what we have done.'
    
    _You did this yourself?_
    
    'Yes. We did this inside the police system.'
    
      
    
    
    
    
    -------------------------------------------------------------------------
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    To subscribe, visit http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/
    -------------------------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 10:28:03 PDT