Can anyone else confirm or deny that this is the case? If it is so,
it would bring new meaning to the term weak encryption.
Thanks,
Jon Simon
Well, no matter if they used 128 bit encryption. using M$ EFS only is
secure from other users. All one has to do is break the Administrator
password using change NT Password and they can decrypt the file with no
problem. I love how things are exagerated :)
Cheers,
Jeremy
R. A. Hettinga wrote:
I wonder if he can sue BillG? :-).
Cheers,
RAH
http://www.newscientist.com/news/news.jsp?id=ns1804
Weakened encryption lays bare al-Qaeda files
17:07 17 January 02
Will Knight
Relatively weak encryption appears to have been used to protect files
recovered from two computers believed to have belonged to al-Qaeda
operatives in Afghanistan.
The files were found on a laptop and desktop computer bought by Wall Street
Journal reporters from looters in Kabul a few days after it was captured by
Northern Alliance forces on 13 November. The files provide information
about reconnaissance missions to Europe and the Middle East.
A report in the UK's Independent newspaper indicates that the encryption
used to protect these files had been significantly weakened by US export
restrictions that existed until last year.
The files were reportedly stored using Microsoft's Windows 2000 operating
system and protected from unauthorised access using the Encrypting File
System (EFS), which comes as standard on this platform. They were protected
with a 40-bit Data Encryption Standard (DES), according to the Independent
report. This was the maximum strength encryption allowed for export by US
law until March 2001. All systems are now sold with the standard 128-bit
key encryption, exponentially stronger than 40-bit.
Wall Street Journal reporters say that they decrypted a number of files
using an array of high-powered computers to try every possible
combination, or key in succession, a process that took five days.
Billions of keys
Brian Gladman, an ex-NATO encryption expert based in the UK, says that
40-bit DES means checking about a billion billion different keys in
succession. This would take the average desktop computer a year, but a
group of powerful machines could perform the feat in a few days, he says.
However, he adds: If you go much beyond 40 bits it is outside the realm of
possible.
But Gladman says the US should not seek to reintroduce controls on the
export of strong encryption products in light of this evidence. He believes
that export controls would not necessarily stop terrorists and could harm
the security of companies outside the US.
The internet is already vulnerable and if we do not implement strong
encryption, criminals will get away with murder, Gladman told New
Scientist. Any efforts to prevent the deployment of this technology will
damage us rather than help.
Gladman says that terrorists can rely on far more elementary techniques to
keep information secret and communicate covertly. These include using
secret code words and anonymous internet cafes.
17:07 17 January 02
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to
[EMAIL PROTECTED]
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to
[EMAIL PROTECTED]
--
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
