IP: More on Danish cops and "Safeguard" -- police found passwords

[David Farber <dave () farber net>]

> Previous Politech message:
>
> "Danish police break "Safeguard" encryption program in tax case"
> http://www.politechbot.com/p-02371.html
>
> **********
>
> From: Bo Elkjær <bo.elkjaer () eb dk>
> To: "'Declan McCullagh '" <declan () well com>,
>         "'politech () politechbot com '"
>         <politech () politechbot com>
> Subject: Danish police: Not Safeguard Easy but passwords were weak
> Date: Thu, 9 Aug 2001 19:06:45 +0200
>
> Dear Declan, Politech, Cryptographylist.
>
> It was reported in national media - including tv - that the police had
> succesfully _broken_ the encryption. This, it seems, is not the case. The
> police have managed to find the _passwords_ of the five encrypted computers.
>
> The information concerning the succesful decryption of the five
> computers protected with Safeguard Easy was presented in court by chief
> prosecutor Poul Gade. Investigation is lead by chief of police in
> Holstebro, Jens Kaasgaard.
>
> I have just interviewed Jens Kaasgaard. He says:
>
> 'To avoid misunderstandings, we haven't _broken_ Safeguard by
> technically breaking down the encryption. We have located the passwords
> in different ways. We have done it like any hacker would have done, by
> trying to figure out the most probable passwords. This has payed success
> in five cases.'
>
> 'After doing that we entered the document-parts, the harddisk of the
> computer. Here we found some of the files unencrypted and other files
> further encrypted.'
>
> 'When you use Safeguard you put a sort of shell around your data. This
> is the first part you need to enter. This is what is claimed to be
> impossible. It _is_ impossible. We have had six private companies
> looking at this, and they have all failed.'
>
> 'We have used completely ordinary police investigation methods. We know
> precisely who have had access to the encrypted machines. Then we can
> start assessing probabilities and calculate upon this and set up models
> for how, if you were a hacker, you'd find your way into the machines.
> That's what we have done.'
>
> _You did this yourself?_
>
> 'Yes. We did this inside the police system.'
>
>
>
>
>
>
> -------------------------------------------------------------------------
> POLITECH -- Declan McCullagh's politics and technology mailing list
> You may redistribute this message freely if you include this notice.
> To subscribe, visit http://www.politechbot.com/info/subscribe.html
> This message is archived at http://www.politechbot.com/
> -------------------------------------------------------------------------



For archives see: http://www.interesting-people.org/