password-cracking by journalists...

Thu Jan 17 04:02:09 EST 2002

At 03:15 PM 16/01/02, Steve Bellovin wrote:
>A couple of months ago, a Wall Street Journal reporter bought two
>abandoned al Qaeda computers from a looter in Kabul.  Some of the
>files on those machines were encrypted.  But they're dealing with
>that problem:
>
>         The unsigned report, protected by a complex password, was
>         created on Aug. 19, according to the Kabul computer's
>         internal record. The Wall Street Journal commissioned an
>         array of high-speed computers programmed to crack passwords.
>         They took five days to access the file.
>
>Does anyone have any technical details on this?  (I assume that it's
>a standard password-guessing approach, but it it would be nice to know
>for certain.  If nothing else, are Arabic passwords easier or harder
>to guess than, say, English ones?)

Most Arabic words have a root of 3 letters, to which prefixes, suffixes and 
vowels are added: the root drs for example is related to books and 
teaching: madrasa is a school, mudaris a teacher, etc. (It's been a while 
since I studied any Arabic, so I aplogise for errors here.)

Of more use (I would have thought) is the fact that the Coran has a limited 
and standardised vocabulary (unlike the Bible, for example, which has many 
versions, both modern and old.) That would certainly speed up any 
dictionary search - assuming that any password/phrase came from the Coran, 
of course.

Jim

--

                           *   Jim Cheesman   *
             Trabajo: 
jchees at msl.es - (34)(91) 724 9200 x 2360
          If there's one thing I 
can't stand, it's intolerance.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com