Danish police: Not Safeguard Easy but passwords were weak
bo.elkjaer at eb.dk
Thu Aug 9 13:06:45 EDT 2001
Dear Declan, Politech, Cryptographylist.
It was reported in national media - including tv - that the police had
succesfully _broken_ the encryption. This, it seems, is not the case. The
police have managed to find the _passwords_ of the five encrypted computers.
The information concerning the succesful decryption of the five
computers protected with Safeguard Easy was presented in court by chief
prosecutor Poul Gade. Investigation is lead by chief of police in
Holstebro, Jens Kaasgaard.
I have just interviewed Jens Kaasgaard. He says:
'To avoid misunderstandings, we haven't _broken_ Safeguard by
technically breaking down the encryption. We have located the passwords
in different ways. We have done it like any hacker would have done, by
trying to figure out the most probable passwords. This has payed success
in five cases.'
'After doing that we entered the document-parts, the harddisk of the
computer. Here we found some of the files unencrypted and other files
'When you use Safeguard you put a sort of shell around your data. This
is the first part you need to enter. This is what is claimed to be
impossible. It _is_ impossible. We have had six private companies
looking at this, and they have all failed.'
'We have used completely ordinary police investigation methods. We know
precisely who have had access to the encrypted machines. Then we can
start assessing probabilities and calculate upon this and set up models
for how, if you were a hacker, you'd find your way into the machines.
That's what we have done.'
_You did this yourself?_
'Yes. We did this inside the police system.'
From: Declan McCullagh
To: politech at politechbot.com
Cc: bo.elkjaer at eb.dk
Sent: 8/9/01 5:24 PM
Subject: Danish police break "Safeguard" encryption program in tax case
[From the cryptography mailing list. --Declan]
From: =?iso-8859-1?Q?Bo_Elkj=E6r?= <bo.elkjaer at eb.dk>
Subject: Utimacos Safeguard Easy broken by danish police in tax evation
Date: Tue, 7 Aug 2001 22:51:08 +0200
The german encryption program Safeguard Easy has been broken by the
police. Today the police from the city Holstebro in Jutland presented
evidence in court, that was provided after breaking the encryption on
out of sixteen computers that where seized april 25 this year.
All 16 computers were protected with Safeguard Easy from the german
encryption provider Utimaco. It is not known whether DES, 128-bit IDEA,
Blowfish or Stealth was used as algorithm on the computers. All four
algorithms are built in Safeguard Easy. Details are sparse. It is not
how the encryption was broken, whether it was brute forced or flaws in
program was exploited.
The computers where seized from the humanitarian (leftwing) foundation
(Humana) in connection with a case about tax evation. Among the evidence
provided from the encrypted computers were emails sent among the leaders
the foundation, Poul Jorgensen and Mogens Amdi Petersen describing
of large sums of money.
Apparantly, but not confirmed, british Scotland Yard has been involved
breaking the encryption. The danish police doesn't have the capacity to
break encryption by themselves. Neither has the danish civilian
service. Routine is that cases concerning encryption is handed over to
danish defence intelligence service DDIS. This procedure has been
earlier this year by the danish minister of justice in connection with
another case. DDIS denies involvement with the Tvind case.
Employees and leaders at Tvind has denied handing over their passwords
the computers. One even wrote a public letter mocking the chief of
Holstebro, describing how he changed his password weekly, and stating
he'd probably even forgotten his password by now. At a time, the police
concidered putting employees in custody until passwords were handed
Thats all for now
Bo Elkjaer, Denmark
Date: Tue, 7 Aug 2001 16:25:03 -0700 (PDT)
From: "Jay D. Dyson" <jdyson at treachery.net>
Subject: Re: Utimacos Safeguard Easy broken by danish police in tax
evation ca se
-----BEGIN PGP SIGNED MESSAGE-----
On Tue, 7 Aug 2001, [iso-8859-1] Bo Elkj=E6r wrote:=20
> All 16 computers were protected with Safeguard Easy from the german
> encryption provider Utimaco. It is not known whether DES, 128-bit
> Blowfish or Stealth was used as algorithm on the computers. All four
> algorithms are built in Safeguard Easy. Details are sparse. It is not
> known how the encryption was broken, whether it was brute forced or
> flaws in the program was exploited.
=09If the OS used was Windows, it's quite likely that the plaintext
and/or passphrases were recovered in the Windows swap file. Barring OS
considerations, it's also possible that the police put a keystroke
on the system, just as the FBI here in the States did with an organized
=09My gut sense is that, since only five of sixteen systems were
"cracked," it seems likely that it was the swap file that let the cat
of the bag. Even so, a flaw in the cryptosystem should be investigated
and proven or ruled out.
=09Let us not also forget that people can be pressured to divulge
passphrases. Rubber-hose cryptanalysis isn't just a humorous concept.
( ( _______
)) )) .-"There's always time for a good cup of coffee."-.
C|~~|C|~~| (>------ Jay D. Dyson - jdyson at treachery.net ------<) |
`--' `--' `-Speak softly and carry a thermonuclear warhead.-'
-----BEGIN PGP SIGNATURE-----
Comment: See http://www.treachery.net/~jdyson/ for current keys.
-----END PGP SIGNATURE-----
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography