password-cracking by journalists...
Steven M. Bellovin
smb at research.att.com
Thu Jan 17 21:24:50 EST 2002
In message <v0421010cb86ca9bc4254@[192.168.0.2]>, "Arnold G. Reinhold" writes:
>At 9:15 AM -0500 1/16/02, Steve Bellovin wrote:
>>A couple of months ago, a Wall Street Journal reporter bought two
>>abandoned al Qaeda computers from a looter in Kabul. Some of the
>>files on those machines were encrypted. But they're dealing with
>>that problem:
>>
>> The unsigned report, protected by a complex password, was
>> created on Aug. 19, according to the Kabul computer's
>> internal record. The Wall Street Journal commissioned an
>> array of high-speed computers programmed to crack passwords.
>> They took five days to access the file.
>>
>>Does anyone have any technical details on this? (I assume that it's
>>a standard password-guessing approach, but it it would be nice to know
>>for certain. If nothing else, are Arabic passwords easier or harder
>>to guess than, say, English ones?)
>>
>
>Outside of the good possibility that they might be quotations from
>Islamic religious texts, why would you think Arabic passwords are any
>easier to guess?
I didn't say that they would be easier; I asked... As for why I asked
-- while I don't know much about Arabic, I do know some Hebrew, and the
languages are related. Some aspects of Hebrew would certainly impact a
guessing program.
For one thing, in Hebrew (and, I think, Arabic) vowels are not normally
written. Hebrew vowels look like dots or lines surrounding the
letters, which are all consonants; printed Hebrew material aimed at
Israeli adults omits the vowels. Also, there are a few Hebrew letters
which have different forms when they're the final letter in a word --
my understanding is that there are more Arabic letters that have a
different final form, and that some have up to four forms: one initial,
two middle, and one final. Finally, Hebrew (and, as someone else
mentioned, Arabic) verbs have a three-letter root form; many nouns are
derived from this root.
Do these matter? I think so, though I suspect they'd make the problem
harder. But I don't know, and I'd like to learn from someone who has
paid more attention to the problem of password-cracking in other
languages and alphabets.
--Steve Bellovin, http://www.research.att.com/~smb
Full text of "Firewalls" book now at http://www.wilyhacker.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list