Utimacos Safeguard Easy broken by danish police in tax evation ca se

Jay D. Dyson jdyson at treachery.net
Tue Aug 7 19:25:03 EDT 2001 

-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 7 Aug 2001, [iso-8859-1] Bo Elkjær wrote: 

> All 16 computers were protected with Safeguard Easy from the german
> encryption provider Utimaco. It is not known whether DES, 128-bit IDEA,
> Blowfish or Stealth was used as algorithm on the computers. All four
> algorithms are built in Safeguard Easy. Details are sparse. It is not
> known how the encryption was broken, whether it was brute forced or
> flaws in the program was exploited.

	If the OS used was Windows, it's quite likely that the plaintext
and/or passphrases were recovered in the Windows swap file.  Barring OS
considerations, it's also possible that the police put a keystroke logger
on the system, just as the FBI here in the States did with an organized
crime suspect. 

	My gut sense is that, since only five of sixteen systems were
"cracked," it seems likely that it was the swap file that let the cat out
of the bag.  Even so, a flaw in the cryptosystem should be investigated
and proven or ruled out.

	Let us not also forget that people can be pressured to divulge
passphrases.  Rubber-hose cryptanalysis isn't just a humorous concept.

- -Jay

  (    (                                                         _______
  ))   ))   .-"There's always time for a good cup of coffee."-.   >====<--.
C|~~|C|~~| (>------ Jay D. Dyson - jdyson at treachery.net ------<) |    = |-'
 `--' `--'  `-Speak softly and carry a thermonuclear warhead.-'  `------'

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iQCVAwUBO3BqwrlDRyqRQ2a9AQFgLQP/cUACUkIv9xZI77Nh6nbwHlYi4bpDX94K
wBJ22Gt6eAecC0NT4LpE5uKn/6AR8+KUD6jXSoefKsQQa+THCz+hrPMmowqzgtQ1
FQLvOK+7VBGckPztqOD6zimW0IPTYDzI5/uP8j6OxNyQJo2gX/y7uiIOCwZML9/i
bHPhCzAdRGc=
=57oN
-----END PGP SIGNATURE-----




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list