Horseman Number 3: Osama Used 40 bits
Jon Simon
jon at jonsimon.com
Fri Jan 18 20:00:02 EST 2002
Can anyone else confirm or deny that this is the case? If it is so,
it would bring new meaning to the term "weak encryption."
Thanks,
Jon Simon
>Well, no matter if they used 128 bit encryption. using M$ EFS only is
>secure from other users. All one has to do is break the Administrator
>password using change NT Password and they can decrypt the file with no
>problem. I love how things are exagerated :)
>
>
>Cheers,
>
>Jeremy
>
>"R. A. Hettinga" wrote:
>>
>> I wonder if he can sue BillG? :-).
>>
>> Cheers,
>> RAH
>>
>> http://www.newscientist.com/news/news.jsp?id=ns99991804
>>
>> Weakened encryption lays bare al-Qaeda files
>>
>>
>> 17:07 17 January 02
>> Will Knight
>>
>>
>> Relatively weak encryption appears to have been used to protect files
>> recovered from two computers believed to have belonged to al-Qaeda
>> operatives in Afghanistan.
>>
>> The files were found on a laptop and desktop computer bought by Wall Street
>> Journal reporters from looters in Kabul a few days after it was captured by
>> Northern Alliance forces on 13 November. The files provide information
>> about reconnaissance missions to Europe and the Middle East.
>>
>> A report in the UK's Independent newspaper indicates that the encryption
>> used to protect these files had been significantly weakened by US export
>> restrictions that existed until last year.
>>
>> The files were reportedly stored using Microsoft's Windows 2000 operating
>> system and protected from unauthorised access using the Encrypting File
>> System (EFS), which comes as standard on this platform. They were protected
>> with a 40-bit Data Encryption Standard (DES), according to the Independent
>> report. This was the maximum strength encryption allowed for export by US
>> law until March 2001. All systems are now sold with the standard 128-bit
>> key encryption, exponentially stronger than 40-bit.
>>
>> Wall Street Journal reporters say that they decrypted a number of files
>> using "an array of high-powered computers" to try every possible
>> combination, or "key" in succession, a process that took five days.
>>
>> Billions of keys
>>
>> Brian Gladman, an ex-NATO encryption expert based in the UK, says that
>> 40-bit DES means checking about a billion billion different keys in
>> succession. This would take the average desktop computer a year, but a
>> group of powerful machines could perform the feat in a few days, he says.
>> However, he adds: "If you go much beyond 40 bits it is outside the realm of
>> possible."
>>
>> But Gladman says the US should not seek to reintroduce controls on the
>> export of strong encryption products in light of this evidence. He believes
>> that export controls would not necessarily stop terrorists and could harm
>> the security of companies outside the US.
>>
>> "The internet is already vulnerable and if we do not implement strong
>> encryption, criminals will get away with murder," Gladman told New
>> Scientist. "Any efforts to prevent the deployment of this technology will
>> damage us rather than help."
>>
>> Gladman says that terrorists can rely on far more elementary techniques to
>> keep information secret and communicate covertly. These include using
>> secret code words and anonymous internet cafes.
>>
>>
>> 17:07 17 January 02
>> -----------------
>> R. A. Hettinga <mailto: rah at ibuc.com>
>> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
>> 44 Farquhar Street, Boston, MA 02131 USA
>> "... however it may deserve respect for its usefulness and antiquity,
>> [predicting the end of the world] has not been found agreeable to
>> experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
>>
>> ---------------------------------------------------------------------
>> The Cryptography Mailing List
>> Unsubscribe by sending "unsubscribe cryptography" to
>>majordomo at wasabisystems.com
>
>
>
>
>---------------------------------------------------------------------
>The Cryptography Mailing List
>Unsubscribe by sending "unsubscribe cryptography" to
>majordomo at wasabisystems.com
--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list