At 9:15 AM -0500 1/16/02, Steve Bellovin wrote: >A couple of months ago, a Wall Street Journal reporter bought two >abandoned al Qaeda computers from a looter in Kabul. Some of the >files on those machines were encrypted. But they're dealing with >that problem: > > The unsigned report, protected by a complex password, was > created on Aug. 19, according to the Kabul computer's > internal record. The Wall Street Journal commissioned an > array of high-speed computers programmed to crack passwords. > They took five days to access the file. > >Does anyone have any technical details on this? (I assume that it's >a standard password-guessing approach, but it it would be nice to know >for certain. If nothing else, are Arabic passwords easier or harder >to guess than, say, English ones?) >
Outside of the good possibility that they might be quotations from Islamic religious texts, why would you think Arabic passwords are any easier to guess? Another interesting question is whether the reporters and the Wall Street Journal have violated the DCMA's criminal provisions. The al Qaeda data was copyrighted (assuming Afghanistan signed one of the copyright conventions--they may not have), the encryption is arguably a "technological protection measure" and the breaking was done for financial gain. "17 USC 1204 (a) In General. - Any person who violates section 1201 or 1202 willfully and for purposes of commercial advantage or private financial gain -(1) shall be fined not more than $500,000 or imprisoned for not more than 5 years, or both, for the first offense..." BTW: The 2600 Magazine defense team has filed an appeal for en banc review of the 2nd Circuit's DMCA opinion: Brief: http://www.eff.org/IP/Video/MPAA_DVD_cases/20020114_ny_2600_appeal.html Press Release: http://www.eff.org/IP/Video/MPAA_DVD_cases/20020114_ny_eff_pr.html Arnold Reinhold --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
