Breaking Vista's filesystem encryption

[iago]

So much for information security:

http://www.vnunet.com/vnunet/news/2150555/microsoft-teaching-police-hack

Microsoft may begin training the police in ways to break the encryption built into its forthcoming Vista operating system. [....] "It is our goal to give PC users the control and confidence they need so they can continue to get the most out of their PCs," said a Microsoft spokeswoman.  "At the same time, we are working with law enforcement to help them understand its security features and will continue to partner with governments, law enforcement and industry to help make the internet a safer place to learn and communicate."

[Newby]

And eventually one of them will leak it to the public, and bam, encryption is useless. Hooray!

[deadly7]

And eventually one of them will leak it to the public, and bam, encryption is useless. Hooray!

Hasn't encryption always been useless, though?  If you think about it, there's a plausible decryption for every encryption.  Sometimes it's blatantly obvious, sometimes it's not.

[Sidoh]

Hasn't encryption always been useless, though?  If you think about it, there's a plausible decryption for every encryption.  Sometimes it's blatantly obvious, sometimes it's not.

No, not useless.  If it was useless, it would be infinitely easy to crack!

Some encryption (by standard means) takes literally years to break.  By that time, the desired data is usually purposeless.

[Warrior]

I don't know what to think, I mean the EU also wants them to put backdoors in their FS. Is anyone forcing MS to do this specificly because it's rediculous if they are not. I wont side with MS, I think this is a really bad idea with potentially dangerous results.
*sigh* why can't they see when they're bound to get burned.

[Newby]

I don't know what to think, I mean the EU also wants them to put backdoors in their FS. Is anyone forcing MS to do this specificly because it's rediculous if they are not. I wont side with MS, I think this is a really bad idea with potentially dangerous results.
*sigh* why can't they see when they're bound to get burned.

They don't want to lose market share. They want to make compromises for everyone, and meet in the middle. Too bad the middle is infested with people waiting to rip M$ apart.

[mc0]

Hasn't encryption always been useless, though?  If you think about it, there's a plausible decryption for every encryption.  Sometimes it's blatantly obvious, sometimes it's not.

No, not useless.  If it was useless, it would be infinitely easy to crack!

Some encryption (by standard means) takes literally years to break.  By that time, the desired data is usually purposeless.

(md5)

[Sidoh]

(md5)

MD5 is a one-way hash, not encryption.  You can find something that produces the same hash, but there's absolutely no guarantee that the collision is the exact same string used to form the hash in the first place.

[iago]

Yeah, there is a difference between encryption, hashing, and encoding.  In this case, we're talking about encryption. 

But yeah, if they build a backdoor into their encryption, that would be stupid. 

[mc0]

Yeah, there is a difference between encryption, hashing, and encoding.  In this case, we're talking about encryption. 

But yeah, if they build a backdoor into their encryption, that would be stupid. 

Providing an example of something that can take ages to crack. ;x

[Sidoh]

Providing an example of something that can take ages to crack. ;x

It's potentially so improbable that it can be cracked, that it can usually be considered an impossibility.

Since a MD5 hash of a string is simply a really, really big integer that is a "thumbprint" of that string, it's impossible to reverse the function with any degree of certainty that the string you've produced is the string that was used to originally create that string.

There are (virtually) an infinite amount of strings that can be plugged into the MD5 hashing function.  There are far, far less resulting possibilities of output.  If you find a collision, chances are the string you've created to produce the collision isn't the string that originally formed the hash (reiterating, hehe).

[Armin]

Where in that article is actual proof that Microsoft said they may be doing it? All it looks like to me, is that the person who wrote that article decided to throw out a random possibility from the largely general statement Microsoft has made.

Microsoft: "[W]e are working with law enforcement to help them understand its security features and will continue to partner with governments, law enforcement and industry to help make the internet a safer place to learn and communicate."
Person who wrote the article: "OMG OMG!!! MICROSOFT *MAY* BEGIN TRAINING OFFICERS IN WAYS TO BREAK THE ENCRYPTION BUILT INTO VISTA!!!!!!11"

I'm sorry, but I don't consider that a valid connection.

[Sidoh]

I'm sorry, but I don't consider that a valid connection.

Why?  What false conclusion did they draw?

[Armin]

Here, let me correct myself. I don't consider it a plausible* connect. Read my post if you have the same question, because it's already answered.

[Sidoh]

Here, let me correct myself. I don't consider it a plausible* connect. Read my post if you have the same question, because it's already answered.

No it's not.  Why shouldn't this be considered?  Microsoft is already releasing valuable security information to the government.  If you think that the government is constructed by a bunch of mindless, perfect zombies, you're wrong.  The information will be leaked in no time.

[Armin]

You obviously misinterperated what I said. Reread it.

[Sidoh]

Not really.

If you're going to claim this isn't true, find articles proving it or disproving it.  Otherwise, your claim is just as bogus.

[Warrior]

http://www.x86labs.org:81/forum/index.php/topic,5073.0.html

It isn't happening.

[Sidoh]

http://www.x86labs.org:81/forum/index.php/topic,5073.0.html

It isn't happening.

These are two different issues.  Yours is dealing with implementing backdoors in shipped versions of Vista.  This one is teaching government (specifically law enforcement officials) how to break the filesystem encryption.

[Warrior]

If you'd read:

Microsoft may begin training the police in ways to break the encryption built into its forthcoming Vista operating system.

and

Government officials look at the security of new systems, whether they are easy for the general public to hack into and how the police can access material in them.

from the BBC article

They seem pretty much related to me.

[Sidoh]

If you'd read:

Microsoft may begin training the police in ways to break the encryption built into its forthcoming Vista operating system.

and

Government officials look at the security of new systems, whether they are easy for the general public to hack into and how the police can access material in them.

from the BBC article

They seem pretty much related to me.

From the sounds of the second article, Police are going to be getting into Microsoft's filesystem encryption, whether they like it or not.

Government officials look at the security of new systems, whether they are easy for the general public to hack into and how the police can access material in them.

[Armin]

Not really.

If you're going to claim this isn't true, find articles proving it or disproving it.  Otherwise, your claim is just as bogus.

You still obviously misinterpreted what I said. I never said anything about it's not true, I just said it's a horrible, incredibly specific guess comming from an incredibly general statement. Please read this more closely so you actually understand what I'm trying to say, because your posts have nothing to do with my main idea.

[W]e are working with law enforcement to help them understand its security features and will continue to partner with governments, law enforcement and industry to help make the internet a safer place to learn and communicate.

Microsoft may begin training the police in ways to break the encryption built into its forthcoming Vista operating system.

Microsoft said absolutely nothing about training the police in ways to break Vista's encryption. Now, I'm not saying that Microsoft isn't working with police and that it's a false statement, but if that's where the author got all of his sources from, that's one hell of an assumption.

[Sidoh]

Not really.

If you're going to claim this isn't true, find articles proving it or disproving it.  Otherwise, your claim is just as bogus.

You still obviously misinterpreted what I said. I never said anything about it's not true, I just said it's a horrible, incredibly specific guess comming from an incredibly general statement. Please read this more closely so you actually understand what I'm trying to say, because your posts have nothing to do with my main idea.

[W]e are working with law enforcement to help them understand its security features and will continue to partner with governments, law enforcement and industry to help make the internet a safer place to learn and communicate.

Microsoft may begin training the police in ways to break the encryption built into its forthcoming Vista operating system.

Microsoft said absolutely nothing about training the police in ways to break Vista's encryption. Now, I'm not saying that Microsoft isn't working with police and that it's a false statement, but if that's where the author got all of his sources from, that's one hell of an assumption.

What's wrong with drawing a conclusion like that when you see Microsoft publish an article like that?

 -- Microsoft explicitly stated they are working with law enforcement to understand security features.

They're teaching law enforcement officials to "understand" security features.  Why would law enforcement officials want to understand security features?  So they can get around them; so they can get to potentially case-breaking information stored on a hard drive or some similar media.  What security measures do they need to get around this?  Encryption.

I just don't think you're seeing what I'm seeing in the article.

[Armin]

Yeah, I guess I was just looking at it at just a literal level, and not really thinking about what it means. Makes sense when I look at it like that.

[iago]

I haven't read this whole thread, but ohwell

In terms of the backdoor idea, one Microsoft developer has confirmed that he won't do it.  I believe he said, "over my dead body" (I just glanced over it at /.).  Of course, that doesn't stop the corporation as a whole from doing it, but it doesn't seem likely. 

I'm glad that Microsoft is training law enforcement on how the filesystem encryption works.  I know that I've had to deal with encrypted harddrives in a forensic situation before.  We had to decrypt them without modifying them, based on the user's password which we had.  This could be an example of where the situation differs between what Sidoh and Metal are saying.  We don't know how to BREAK the encryption, but we know how to work with it. 

[Warrior]

That's probably the best approach, inform them enough to know how to play with it but don't put in a deadset backdoor.
Information like that is probably harder to spread than whatever backdoor they may have put in.