Can anyone else confirm or deny that this is the case? If it is so, it would bring new meaning to the term "weak encryption." Thanks, Jon Simon
>Well, no matter if they used 128 bit encryption. using M$ EFS only is >secure from other users. All one has to do is break the Administrator >password using change NT Password and they can decrypt the file with no >problem. I love how things are exagerated :) > > >Cheers, > >Jeremy > >"R. A. Hettinga" wrote: >> >> I wonder if he can sue BillG? :-). >> >> Cheers, >> RAH >> >> http://www.newscientist.com/news/news.jsp?id=ns99991804 >> >> Weakened encryption lays bare al-Qaeda files >> >> >> 17:07 17 January 02 >> Will Knight >> >> >> Relatively weak encryption appears to have been used to protect files >> recovered from two computers believed to have belonged to al-Qaeda >> operatives in Afghanistan. >> >> The files were found on a laptop and desktop computer bought by Wall Street >> Journal reporters from looters in Kabul a few days after it was captured by >> Northern Alliance forces on 13 November. The files provide information >> about reconnaissance missions to Europe and the Middle East. >> >> A report in the UK's Independent newspaper indicates that the encryption >> used to protect these files had been significantly weakened by US export >> restrictions that existed until last year. >> >> The files were reportedly stored using Microsoft's Windows 2000 operating >> system and protected from unauthorised access using the Encrypting File >> System (EFS), which comes as standard on this platform. They were protected >> with a 40-bit Data Encryption Standard (DES), according to the Independent >> report. This was the maximum strength encryption allowed for export by US >> law until March 2001. All systems are now sold with the standard 128-bit >> key encryption, exponentially stronger than 40-bit. >> >> Wall Street Journal reporters say that they decrypted a number of files >> using "an array of high-powered computers" to try every possible >> combination, or "key" in succession, a process that took five days. >> >> Billions of keys >> >> Brian Gladman, an ex-NATO encryption expert based in the UK, says that >> 40-bit DES means checking about a billion billion different keys in >> succession. This would take the average desktop computer a year, but a >> group of powerful machines could perform the feat in a few days, he says. >> However, he adds: "If you go much beyond 40 bits it is outside the realm of >> possible." >> >> But Gladman says the US should not seek to reintroduce controls on the >> export of strong encryption products in light of this evidence. He believes >> that export controls would not necessarily stop terrorists and could harm >> the security of companies outside the US. >> >> "The internet is already vulnerable and if we do not implement strong >> encryption, criminals will get away with murder," Gladman told New >> Scientist. "Any efforts to prevent the deployment of this technology will >> damage us rather than help." >> >> Gladman says that terrorists can rely on far more elementary techniques to >> keep information secret and communicate covertly. These include using >> secret code words and anonymous internet cafes. >> >> >> 17:07 17 January 02 >> ----------------- >> R. A. Hettinga <mailto: [EMAIL PROTECTED]> >> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> >> 44 Farquhar Street, Boston, MA 02131 USA >> "... however it may deserve respect for its usefulness and antiquity, >> [predicting the end of the world] has not been found agreeable to >> experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' >> >> --------------------------------------------------------------------- >> The Cryptography Mailing List >> Unsubscribe by sending "unsubscribe cryptography" to >>[EMAIL PROTECTED] > > > > >--------------------------------------------------------------------- >The Cryptography Mailing List >Unsubscribe by sending "unsubscribe cryptography" to >[EMAIL PROTECTED] -- --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]