Breaking Vista's filesystem encryption

[iago]

So much for information security:

http://www.vnunet.com/vnunet/news/2150555/microsoft-teaching-police-hack

Microsoft may begin training the police in ways to break the encryption built into its forthcoming Vista operating system. [....] "It is our goal to give PC users the control and confidence they need so they can continue to get the most out of their PCs," said a Microsoft spokeswoman.  "At the same time, we are working with law enforcement to help them understand its security features and will continue to partner with governments, law enforcement and industry to help make the internet a safer place to learn and communicate."

[Newby]

And eventually one of them will leak it to the public, and bam, encryption is useless. Hooray!

[deadly7]

And eventually one of them will leak it to the public, and bam, encryption is useless. Hooray!

Hasn't encryption always been useless, though?  If you think about it, there's a plausible decryption for every encryption.  Sometimes it's blatantly obvious, sometimes it's not.

[Sidoh]

Hasn't encryption always been useless, though?  If you think about it, there's a plausible decryption for every encryption.  Sometimes it's blatantly obvious, sometimes it's not.

No, not useless.  If it was useless, it would be infinitely easy to crack! :)

Some encryption (by standard means) takes literally years to break.  By that time, the desired data is usually purposeless.

[Warrior]

I don't know what to think, I mean the EU also wants them to put backdoors in their FS. Is anyone forcing MS to do this specificly because it's rediculous if they are not. I wont side with MS, I think this is a really bad idea with potentially dangerous results.
*sigh* why can't they see when they're bound to get burned.

[Newby]

x86] link=topic=4936.msg56626#msg56626 date=1140585417]
I don't know what to think, I mean the EU also wants them to put backdoors in their FS. Is anyone forcing MS to do this specificly because it's rediculous if they are not. I wont side with MS, I think this is a really bad idea with potentially dangerous results.
*sigh* why can't they see when they're bound to get burned.

They don't want to lose market share. They want to make compromises for everyone, and meet in the middle. Too bad the middle is infested with people waiting to rip M$ apart.

[mc0]

Hasn't encryption always been useless, though?  If you think about it, there's a plausible decryption for every encryption.  Sometimes it's blatantly obvious, sometimes it's not.

No, not useless.  If it was useless, it would be infinitely easy to crack! :)

Some encryption (by standard means) takes literally years to break.  By that time, the desired data is usually purposeless.

(md5)

[Sidoh]

(md5)

MD5 is a one-way hash, not encryption.  You can find something that produces the same hash, but there's absolutely no guarantee that the collision is the exact same string used to form the hash in the first place.

[iago]

Yeah, there is a difference between encryption, hashing, and encoding.  In this case, we're talking about encryption. 

But yeah, if they build a backdoor into their encryption, that would be stupid. 

[mc0]

Yeah, there is a difference between encryption, hashing, and encoding.  In this case, we're talking about encryption. 

But yeah, if they build a backdoor into their encryption, that would be stupid. 

Providing an example of something that can take ages to crack. ;x

[Sidoh]

Providing an example of something that can take ages to crack. ;x

It's potentially so improbable that it can be cracked, that it can usually be considered an impossibility.

Since a MD5 hash of a string is simply a really, really big integer that is a "thumbprint" of that string, it's impossible to reverse the function with any degree of certainty that the string you've produced is the string that was used to originally create that string.

There are (virtually) an infinite amount of strings that can be plugged into the MD5 hashing function.  There are far, far less resulting possibilities of output.  If you find a collision, chances are the string you've created to produce the collision isn't the string that originally formed the hash (reiterating, hehe).

[Armin]

Where in that article is actual proof that Microsoft said they may be doing it? All it looks like to me, is that the person who wrote that article decided to throw out a random possibility from the largely general statement Microsoft has made.

Microsoft: "[W]e are working with law enforcement to help them understand its security features and will continue to partner with governments, law enforcement and industry to help make the internet a safer place to learn and communicate."
Person who wrote the article: "OMG OMG!!! MICROSOFT *MAY* BEGIN TRAINING OFFICERS IN WAYS TO BREAK THE ENCRYPTION BUILT INTO VISTA!!!!!!11"

I'm sorry, but I don't consider that a valid connection.

[Sidoh]

I'm sorry, but I don't consider that a valid connection.

Why?  What false conclusion did they draw?

[Armin]

Here, let me correct myself. I don't consider it a plausible* connect. Read my post if you have the same question, because it's already answered.

[Sidoh]

Here, let me correct myself. I don't consider it a plausible* connect. Read my post if you have the same question, because it's already answered.

No it's not.  Why shouldn't this be considered?  Microsoft is already releasing valuable security information to the government.  If you think that the government is constructed by a bunch of mindless, perfect zombies, you're wrong.  The information will be leaked in no time.