Horseman Number 3: Osama Used 40 bits

Thu Jan 17 16:01:26 EST 2002

Well, no matter if they used 128 bit encryption. using M$ EFS only is
secure from other users.  All one has to do is break the Administrator
password using change NT Password and they can decrypt the file with no
problem.  I love how things are exagerated :)

Cheers,

Jeremy

"R. A. Hettinga" wrote:
> 
> I wonder if he can sue BillG? :-).
> 
> Cheers,
> RAH
> 
> http://www.newscientist.com/news/news.jsp?id=ns99991804
> 
> Weakened encryption lays bare al-Qaeda files
> 
> 
> 17:07 17 January 02
> Will Knight
> 
> 
> Relatively weak encryption appears to have been used to protect files
> recovered from two computers believed to have belonged to al-Qaeda
> operatives in Afghanistan.
> 
> The files were found on a laptop and desktop computer bought by Wall Street
> Journal reporters from looters in Kabul a few days after it was captured by
> Northern Alliance forces on 13 November. The files provide information
> about reconnaissance missions to Europe and the Middle East.
> 
> A report in the UK's Independent newspaper indicates that the encryption
> used to protect these files had been significantly weakened by US export
> restrictions that existed until last year.
> 
> The files were reportedly stored using Microsoft's Windows 2000 operating
> system and protected from unauthorised access using the Encrypting File
> System (EFS), which comes as standard on this platform. They were protected
> with a 40-bit Data Encryption Standard (DES), according to the Independent
> report. This was the maximum strength encryption allowed for export by US
> law until March 2001. All systems are now sold with the standard 128-bit
> key encryption, exponentially stronger than 40-bit.
> 
> Wall Street Journal reporters say that they decrypted a number of files
> using "an array of high-powered computers" to try every possible
> combination, or "key" in succession, a process that took five days.
> 
> Billions of keys
> 
> Brian Gladman, an ex-NATO encryption expert based in the UK, says that
> 40-bit DES means checking about a billion billion different keys in
> succession. This would take the average desktop computer a year, but a
> group of powerful machines could perform the feat in a few days, he says.
> However, he adds: "If you go much beyond 40 bits it is outside the realm of
> possible."
> 
> But Gladman says the US should not seek to reintroduce controls on the
> export of strong encryption products in light of this evidence. He believes
> that export controls would not necessarily stop terrorists and could harm
> the security of companies outside the US.
> 
> "The internet is already vulnerable and if we do not implement strong
> encryption, criminals will get away with murder," Gladman told New
> Scientist. "Any efforts to prevent the deployment of this technology will
> damage us rather than help."
> 
> Gladman says that terrorists can rely on far more elementary techniques to
> keep information secret and communicate covertly. These include using
> secret code words and anonymous internet cafes.
> 
> 
> 17:07 17 January 02
> -----------------
> R. A. Hettinga <mailto: rah at ibuc.com>
> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
> 44 Farquhar Street, Boston, MA 02131 USA
> "... however it may deserve respect for its usefulness and antiquity,
> [predicting the end of the world] has not been found agreeable to
> experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
> 
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com