password-cracking by journalists...

Arnold G. Reinhold reinhold at world.std.com
Thu Jan 17 11:23:49 EST 2002


At 9:15 AM -0500 1/16/02, Steve Bellovin wrote:
>A couple of months ago, a Wall Street Journal reporter bought two
>abandoned al Qaeda computers from a looter in Kabul.  Some of the
>files on those machines were encrypted.  But they're dealing with
>that problem:
>
>	The unsigned report, protected by a complex password, was
>	created on Aug. 19, according to the Kabul computer's
>	internal record. The Wall Street Journal commissioned an
>	array of high-speed computers programmed to crack passwords.
>	They took five days to access the file.
>
>Does anyone have any technical details on this?  (I assume that it's
>a standard password-guessing approach, but it it would be nice to know
>for certain.  If nothing else, are Arabic passwords easier or harder
>to guess than, say, English ones?)
>

Outside of the good possibility that they might be quotations from 
Islamic religious texts, why would you think Arabic passwords are any 
easier to guess?

Another interesting question is whether the reporters and the Wall 
Street Journal have violated the DCMA's criminal provisions. The al 
Qaeda data was copyrighted (assuming Afghanistan signed one of the 
copyright conventions--they may not have), the encryption is arguably 
a "technological protection measure" and the breaking was done for 
financial gain.

"17 USC 1204 (a) In General. - Any person who violates section 1201 
or 1202 willfully and for purposes of commercial advantage or private 
financial gain -(1) shall be fined not more than $500,000 or 
imprisoned for not more than 5 years, or both, for the first 
offense..."

BTW: The 2600 Magazine defense team has filed an appeal for en banc 
review of the 2nd Circuit's DMCA opinion:

Brief: http://www.eff.org/IP/Video/MPAA_DVD_cases/20020114_ny_2600_appeal.html

Press Release: 
http://www.eff.org/IP/Video/MPAA_DVD_cases/20020114_ny_eff_pr.html


Arnold Reinhold



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list