Horseman Number 3: Osama Used 40 bits

Jon Simon jon at jonsimon.com
Fri Jan 18 20:00:02 EST 2002 

Can anyone else confirm or deny that this is the case?  If it is so, 
it would bring new meaning to the term "weak encryption."
Thanks,
Jon Simon

>Well, no matter if they used 128 bit encryption. using M$ EFS only is
>secure from other users.  All one has to do is break the Administrator
>password using change NT Password and they can decrypt the file with no
>problem.  I love how things are exagerated :)
>
>
>Cheers,
>
>Jeremy
>
>"R. A. Hettinga" wrote:
>>
>>  I wonder if he can sue BillG? :-).
>>
>>  Cheers,
>>  RAH
>>
>>  http://www.newscientist.com/news/news.jsp?id=ns99991804
>>
>>  Weakened encryption lays bare al-Qaeda files
>>
>>
>>  17:07 17 January 02
>>  Will Knight
>>
>>
>>  Relatively weak encryption appears to have been used to protect files
>>  recovered from two computers believed to have belonged to al-Qaeda
>>  operatives in Afghanistan.
>>
>>  The files were found on a laptop and desktop computer bought by Wall Street
>>  Journal reporters from looters in Kabul a few days after it was captured by
>>  Northern Alliance forces on 13 November. The files provide information
>>  about reconnaissance missions to Europe and the Middle East.
>>
>>  A report in the UK's Independent newspaper indicates that the encryption
>>  used to protect these files had been significantly weakened by US export
>>  restrictions that existed until last year.
>>
>>  The files were reportedly stored using Microsoft's Windows 2000 operating
>>  system and protected from unauthorised access using the Encrypting File
>>  System (EFS), which comes as standard on this platform. They were protected
>>  with a 40-bit Data Encryption Standard (DES), according to the Independent
>>  report. This was the maximum strength encryption allowed for export by US
>>  law until March 2001. All systems are now sold with the standard 128-bit
>>  key encryption, exponentially stronger than 40-bit.
>>
>>  Wall Street Journal reporters say that they decrypted a number of files
>>  using "an array of high-powered computers" to try every possible
>>  combination, or "key" in succession, a process that took five days.
>>
>>  Billions of keys
>>
>>  Brian Gladman, an ex-NATO encryption expert based in the UK, says that
>>  40-bit DES means checking about a billion billion different keys in
>>  succession. This would take the average desktop computer a year, but a
>>  group of powerful machines could perform the feat in a few days, he says.
>>  However, he adds: "If you go much beyond 40 bits it is outside the realm of
>>  possible."
>>
>>  But Gladman says the US should not seek to reintroduce controls on the
>>  export of strong encryption products in light of this evidence. He believes
>>  that export controls would not necessarily stop terrorists and could harm
>>  the security of companies outside the US.
>>
>>  "The internet is already vulnerable and if we do not implement strong
>>  encryption, criminals will get away with murder," Gladman told New
>>  Scientist. "Any efforts to prevent the deployment of this technology will
>>  damage us rather than help."
>>
>>  Gladman says that terrorists can rely on far more elementary techniques to
>>  keep information secret and communicate covertly. These include using
>>  secret code words and anonymous internet cafes.
>>
>>
>>  17:07 17 January 02
>>  -----------------
>>  R. A. Hettinga <mailto: rah at ibuc.com>
>>  The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
>>  44 Farquhar Street, Boston, MA 02131 USA
>>  "... however it may deserve respect for its usefulness and antiquity,
>>  [predicting the end of the world] has not been found agreeable to
>>  experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
>>
>>  ---------------------------------------------------------------------
>>  The Cryptography Mailing List
>>  Unsubscribe by sending "unsubscribe cryptography" to 
>>majordomo at wasabisystems.com
>
>
>
>
>---------------------------------------------------------------------
>The Cryptography Mailing List
>Unsubscribe by sending "unsubscribe cryptography" to 
>majordomo at wasabisystems.com

-- 



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list