* via http://theMezz.com/lists

* subscribe at http://techPolice.com

Weakened encryption lays bare al-Qaeda files

17:07 17 January 02
Will Knight

Relatively weak encryption appears to have been used to protect files recovered from 
two computers believed to have belonged to al-Qaeda operatives in Afghanistan.

The files were found on a laptop and desktop computer bought by Wall Street Journal 
reporters from looters in Kabul a few days after it was captured by Northern Alliance 
forces on 13 November. The files provide information about reconnaissance missions to 
Europe and the Middle East.

A report in the UK's Independent newspaper indicates that the encryption used to 
protect these files had been significantly weakened by US export restrictions that 
existed until last year.

The files were reportedly stored using Microsoft's Windows 2000 operating system and 
protected from unauthorised access using the Encrypting File System (EFS), which comes 
as standard on this platform. They were protected with a 40-bit Data Encryption 
Standard (DES), according to the Independent report. This was the maximum strength 
encryption allowed for export by US law until March 2001. All systems are now sold 
with the standard 128-bit key encryption, exponentially stronger than 40-bit.

Wall Street Journal reporters say that they decrypted a number of files using "an 
array of high-powered computers" to try every possible combination, or "key" in 
succession, a process that took five days.

Billions of keys

Brian Gladman, an ex-NATO encryption expert based in the UK, says that 56-bit DES 
means checking about a billion billion different keys in succession. This would take 
the average desktop computer a year, but a group of powerful machines could perform 
the feat in a few days, he says. However, he adds: "If you go much beyond 56 bit it is 
outside the realm of possible."

But Gladman says the US should not seek to reintroduce controls on the export of 
strong encryption products in light of this evidence. He believes that export controls 
would not necessarily stop terrorists and could harm the security of companies outside 
the US.

"The internet is already vulnerable and if we do not implement strong encryption, 
criminals will get away with murder," Gladman told New Scientist. "Any efforts to 
prevent the deployment of this technology will damage us rather than help."

Gladman says that terrorists can rely on far more elementary techniques to keep 
information secret and communicate covertly. These include using secret code words and 
anonymous internet cafes.


The creator of this web-based guide earns six figures a
year from his basement. Come read this unique guide for
free right now, and discover exactly how you can make YOUR
living online. (It's easier than you might think.)

--via http://techPolice.com
archive: http://theMezz.com/cybercrime/archive
subscribe: [EMAIL PROTECTED]
--via http://theMezz.com

This email was sent to: archive@jab.org

EASY UNSUBSCRIBE click here: http://topica.com/u/?b1dhr0.b2EDp2
Or send an email to: [EMAIL PROTECTED]

T O P I C A -- Register now to manage your mail!

Reply via email to