FC: More on Danish cops and "Safeguard" -- police found passwords

From: Declan McCullagh (declanat_private)
Date: Thu Aug 09 2001 - 10:16:15 PDT

Next message: Declan McCullagh: "FC: In-Q-Tel looks promising, but CIA overseers don't pay attention"

Previous message: Declan McCullagh: "FC: Cato: Free speech means nixing both censorship and "privacy" laws"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Previous Politech message:

"Danish police break "Safeguard" encryption program in tax case"
http://www.politechbot.com/p-02371.html

**********

From: Bo Elkjær <bo.elkjaerat_private>
To: "'Declan McCullagh '" <declanat_private>,
         "'politechat_private '"
	<politechat_private>
Subject: Danish police: Not Safeguard Easy but passwords were weak
Date: Thu, 9 Aug 2001 19:06:45 +0200

Dear Declan, Politech, Cryptographylist.

It was reported in national media - including tv - that the police had
succesfully _broken_ the encryption. This, it seems, is not the case. The
police have managed to find the _passwords_ of the five encrypted computers.

The information concerning the succesful decryption of the five
computers protected with Safeguard Easy was presented in court by chief
prosecutor Poul Gade. Investigation is lead by chief of police in
Holstebro, Jens Kaasgaard.

I have just interviewed Jens Kaasgaard. He says:

'To avoid misunderstandings, we haven't _broken_ Safeguard by
technically breaking down the encryption. We have located the passwords
in different ways. We have done it like any hacker would have done, by
trying to figure out the most probable passwords. This has payed success
in five cases.'

'After doing that we entered the document-parts, the harddisk of the
computer. Here we found some of the files unencrypted and other files
further encrypted.'

'When you use Safeguard you put a sort of shell around your data. This
is the first part you need to enter. This is what is claimed to be
impossible. It _is_ impossible. We have had six private companies
looking at this, and they have all failed.'

'We have used completely ordinary police investigation methods. We know
precisely who have had access to the encrypted machines. Then we can
start assessing probabilities and calculate upon this and set up models
for how, if you were a hacker, you'd find your way into the machines.
That's what we have done.'

_You did this yourself?_

'Yes. We did this inside the police system.'

-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------

Next message: Declan McCullagh: "FC: In-Q-Tel looks promising, but CIA overseers don't pay attention"
Previous message: Declan McCullagh: "FC: Cato: Free speech means nixing both censorship and "privacy" laws"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 10:28:03 PDT