password-cracking by journalists...
Arnold G. Reinhold
reinhold at world.std.com
Thu Jan 17 11:23:49 EST 2002
At 9:15 AM -0500 1/16/02, Steve Bellovin wrote:
>A couple of months ago, a Wall Street Journal reporter bought two
>abandoned al Qaeda computers from a looter in Kabul. Some of the
>files on those machines were encrypted. But they're dealing with
>that problem:
>
> The unsigned report, protected by a complex password, was
> created on Aug. 19, according to the Kabul computer's
> internal record. The Wall Street Journal commissioned an
> array of high-speed computers programmed to crack passwords.
> They took five days to access the file.
>
>Does anyone have any technical details on this? (I assume that it's
>a standard password-guessing approach, but it it would be nice to know
>for certain. If nothing else, are Arabic passwords easier or harder
>to guess than, say, English ones?)
>
Outside of the good possibility that they might be quotations from
Islamic religious texts, why would you think Arabic passwords are any
easier to guess?
Another interesting question is whether the reporters and the Wall
Street Journal have violated the DCMA's criminal provisions. The al
Qaeda data was copyrighted (assuming Afghanistan signed one of the
copyright conventions--they may not have), the encryption is arguably
a "technological protection measure" and the breaking was done for
financial gain.
"17 USC 1204 (a) In General. - Any person who violates section 1201
or 1202 willfully and for purposes of commercial advantage or private
financial gain -(1) shall be fined not more than $500,000 or
imprisoned for not more than 5 years, or both, for the first
offense..."
BTW: The 2600 Magazine defense team has filed an appeal for en banc
review of the 2nd Circuit's DMCA opinion:
Brief: http://www.eff.org/IP/Video/MPAA_DVD_cases/20020114_ny_2600_appeal.html
Press Release:
http://www.eff.org/IP/Video/MPAA_DVD_cases/20020114_ny_eff_pr.html
Arnold Reinhold
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list