Return-Path: <sentto-279987-4339-1011362635-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Fri, 18 Jan 2002 06:06:08 -0800 (PST) Received: (qmail 19024 invoked by uid 510); 18 Jan 2002 14:04:00 -0000 Received: from n12.groups.yahoo.com (216.115.96.62) by all.net with SMTP; 18 Jan 2002 14:04:00 -0000 X-eGroups-Return: sentto-279987-4339-1011362635-fc=all.net@returns.groups.yahoo.com Received: from [216.115.97.165] by n12.groups.yahoo.com with NNFMP; 18 Jan 2002 14:03:55 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_1_3); 18 Jan 2002 14:03:55 -0000 Received: (qmail 21361 invoked from network); 18 Jan 2002 14:03:55 -0000 Received: from unknown (216.115.97.172) by m11.grp.snv.yahoo.com with QMQP; 18 Jan 2002 14:03:55 -0000 Received: from unknown (HELO red.all.net) (12.232.72.98) by mta2.grp.snv.yahoo.com with SMTP; 18 Jan 2002 14:03:55 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g0IE41411185 for iwar@onelist.com; Fri, 18 Jan 2002 06:04:01 -0800 Message-Id: <200201181404.g0IE41411185@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Fri, 18 Jan 2002 06:04:01 -0800 (PST) Subject: [iwar] [fc:Weakened.encryption.lays.bare.al-Qaeda.files] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Weakened encryption lays bare al-Qaeda files Will Knight, NewScientist.com, 1/17/02 <a href="http://www.newscientist.com/news/news.jsp?id=ns99991804">http://www.newscientist.com/news/news.jsp?id=ns99991804> Relatively weak encryption appears to have been used to protect files recovered from two computers believed to have belonged to al-Qaeda operatives in Afghanistan. The files were found on a laptop and desktop computer bought by Wall Street Journal reporters from looters in Kabul a few days after it was captured by Northern Alliance forces on 13 November. The files provide information about reconnaissance missions to Europe and the Middle East. A report in the UK's Independent newspaper indicates that the encryption used to protect these files had been significantly weakened by US export restrictions that existed until last year. The files were reportedly stored using Microsoft's Windows 2000 operating system and protected from unauthorised access using the Encrypting File System (EFS), which comes as standard on this platform. They were protected with a 40-bit Data Encryption Standard (DES), according to the Independent report. This was the maximum strength encryption allowed for export by US law until March 2001. All systems are now sold with the standard 128-bit key encryption, exponentially stronger than 40-bit. Wall Street Journal reporters say that they decrypted a number of files using "an array of high-powered computers" to try every possible combination, or "key" in succession, a process that took five days. Billions of keys Brian Gladman, an ex-NATO encryption expert based in the UK, says that 40-bit DES means checking about a billion billion different keys in succession. This would take the average desktop computer a year, but a group of powerful machines could perform the feat in a few days, he says. However, he adds: "If you go much beyond 40 bits it is outside the realm of possible." But Gladman says the US should not seek to reintroduce controls on the export of strong encryption products in light of this evidence. He believes that export controls would not necessarily stop terrorists and could harm the security of companies outside the US. "The internet is already vulnerable and if we do not implement strong encryption, criminals will get away with murder," Gladman told New Scientist. "Any efforts to prevent the deployment of this technology will damage us rather than help." Gladman says that terrorists can rely on far more elementary techniques to keep information secret and communicate covertly. These include using secret code words and anonymous internet cafes. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Tiny Wireless Camera under $80! Order Now! FREE VCR Commander! Click Here - Only 1 Day Left! http://us.click.yahoo.com/WoOlbB/7.PDAA/ySSFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-12-31 02:15:03 PST