Confessions of a skeptical mind (re: reports that 17-year-old "cracked" al Qaeda "encryption").

[Ben Laurie]

Roy M.Silvernail wrote:

> On Sunday 18 May 2003 12:20 am, Jay D. Dyson wrote:
> 
>>Hi folks,
>>
>>	I found this article and I must admit that my usually robust
>>skepticism is now in overdrive.  First off, this is the first (and only)
>>report I've seen on the subject.  Second, I know of several top minds (not
>>the least of which is Niels Provos) who have sought to verify claims of al
>>Qaeda-sired use of cryptography and steganography...and all reports thus
>>far have indicated that there's no evidence to support any such claims.
>>
>>	With that in mind, I'm seeking any substantiation or refutation of
>>this article's claims.  I'm including both the URL and the full text of
>>the article for review.
> 
> 
> The research of Provos and others proves, if nothing else, that nothing 
> resembling well-known crypto is stegged.

OK, I'll admit I haven't discussed this for a year or more with Niels,
but last time I did, we agreed that he proved no such thing. He looks
for certain statistical anomolies that correspond to particular ways of
doing stego. When he finds them, he tries to brute force the key.

Clearly, if the perp uses either some other form of stego or a strong
key, he loses. So, AFAICS, he's only going to catch stego done by people
who don't know what they're doing.

Now, what he has proved, IMO, is that it isn't routinely used by any
significant number of people, coz if it were, then some of them would
choose weak keys, as we know from other studies.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com