Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Reading al Qaedas Encrypted Email
Strategypage ^ | August 5, 2004 | James Dunnigan

Posted on 08/04/2004 11:09:02 PM PDT by Straight Vermonter

click here to read article


Navigation: use the links below to view more comments.
first 1-2021-4041-50 next last

1 posted on 08/04/2004 11:09:02 PM PDT by Straight Vermonter
[ Post Reply | Private Reply | View Replies]

To: Straight Vermonter

There is a VERY fine article in the September 2004 Atlantic Monthly about the
Al-Quida goodies found on a desktop and a laptop obtained by a Wall Street Journal reporter
just after his arrival in liberated Kabul.

Reading the terse e-mails between a field operative and his boss at headquarters
over his handling of Al-Quida funds is a hoot.


2 posted on 08/04/2004 11:12:42 PM PDT by VOA
[ Post Reply | Private Reply | To 1 | View Replies]

To: Straight Vermonter

The U.S. and Pakistan may have found a way to read months, or years, worth of secret al Qaeda messages. No one is saying anything about that, but it works like this.
****
This fool should shut his mouth, or have it shut for him.

This is like when some fool Senator spilled the beans we were listening to Bin Laden's cellphone. Why tip off the enemy? LOOSE LIPS........


3 posted on 08/04/2004 11:19:09 PM PDT by Finalapproach29er ( Election day: FOUR Supreme Court Justices! Enough said.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Straight Vermonter

It's also possible that the guy didn't bother encrypting the contents of his own hard drive. He could have left a trail of unencrypted messages on the drive through bits of cache files, text files and other stuff on the drive as well.


4 posted on 08/04/2004 11:19:50 PM PDT by MediaMole (Microsoft math: 1 inch = 2.4 centimeters)
[ Post Reply | Private Reply | To 1 | View Replies]

To: MediaMole

a one time key is the safest way to communicate.

I think the govt can deciper PGP...I remember they couldnt export, then all of a sudden they could.

Even so, CIA probably has hackers who stole the info from PGP


5 posted on 08/04/2004 11:29:25 PM PDT by BurbankKarl (When in doubt, shoot it out)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Straight Vermonter
Echelon at work.
6 posted on 08/04/2004 11:35:15 PM PDT by NotJustAnotherPrettyFace (Michael <a href = "http://www.michaelmoore.com/" title="Miserable Failure">"Miserable Failure"</a>)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BurbankKarl

The nice thing about any strong crypto is that it should stand up to attack even if you know the algorithm and implementation.

Of course if you find a flaw.... it can make anything easier to crack, especially if you have known text to work with.

You might want to check out GPG, the GNU open source version of PGP.


7 posted on 08/04/2004 11:36:35 PM PDT by adam_az (Call your State Republican Party office and VOLUNTEER!!!!)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Finalapproach29er
This is like when some fool Senator spilled the beans we were listening to Bin Laden's cellphone. Why tip off the enemy? LOOSE LIPS........

It wasn't a senator. It was the prosecutor in one of the original 1993 WTC bombing case. That's because Bill Clinton treated terrorism as ordinary crime rather than a war crime or piracy.

8 posted on 08/04/2004 11:37:11 PM PDT by Paleo Conservative (Do not remove this tag under penalty of law.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: adam_az

I would rather plant spyware on the Hotmail page that loads to any computer that accesses it from Pakistan, and pings the CIA computer from there...

Look at all the Phishing exploits going on now....and how many people are unaware!


9 posted on 08/04/2004 11:40:28 PM PDT by BurbankKarl (When in doubt, shoot it out)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Straight Vermonter

Nice article. I doubt that the NSA can crack PGP, either due to magical advances in technology, or some implementation flaw that's exploitable.

My guess is sloppy key handling. If they captured the guys laptop, chances are they were able to recover his keys, because most people a) don't change their keys enough, and b) have crappy passwords on their private keys.

I'd guess tossing words/phrases from the Koran at an AQ password would likely be fruitful. Just put together a
dictionary of permutations of 'Allah', and see what you
get.


10 posted on 08/04/2004 11:42:11 PM PDT by cryptical
[ Post Reply | Private Reply | To 1 | View Replies]

To: MediaMole
Indeed, it would be very suprising if a much used computer did not yield a lot of info regardless of how carefull the user was. It is very time consuming and use-inhibiting to wipe a disk of "deleted" data everytime it is used.

Also, most encryption systems, including PGP, ultimatly rely on a single passphrase that must be typed in with every use (or insecurly stored). It is hard to use a memerable passphrase that gives a hundred or more bits of equivalent key material.

And, finally, when you have the computer's owner as well as the computer, there is always rubber-hose cryptanalysis.
11 posted on 08/04/2004 11:43:09 PM PDT by ScuzzyTerminator
[ Post Reply | Private Reply | To 4 | View Replies]

To: Straight Vermonter
A 516 digit key can be cracked using this computerized “brute force” method. [...] However, increase the key to 768 characters, and it takes about 6,600 times longer to crack it. Go to key size of 1024, and it takes 1,500 times longer than the 768 character key. Go to a 2048 key size and it takes a billion times longer than a 1024 character long key. PGP can use a 1024 character key, and many users go for the larger key for obvious reasons.

Someone needs to teach this reporter some math. The actual difficulty figures for a brute force crack are:

A 768-bit key takes 7.24x1075 times as long to crack as a 516-bit key (that's a 7 followed by *74* zeros).

A 1024-bit key takes 1.16x1077 times as long to crack as a 768-bit key (1 followed by 76 zeros).

A 2048-bit key takes 1.80x10308 times as long to crack as a 1024-bit key (about 2 followed by 307 zeros).

In each case the appropriate figure is 2(B2-B1), where B1 is the number of bits in the smaller key, and B2 is the number of bits in the larger key.

I don't know where in the hell the reporter got his figures from, but they're too small by enormous orders of magnitude.

If every single atom in the universe were a computer a trillion times faster than the fastest computer today, and ran for a trillion years, you still wouldn't have enough computer power to crack a single 2048-bit key by brute force.

12 posted on 08/04/2004 11:55:55 PM PDT by Ichneumon ("...she might as well have been a space alien." - Bill Clinton, on Hillary, "My Life", p. 182)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Straight Vermonter

Maybe they only found the Key in Pakistan...


13 posted on 08/04/2004 11:56:27 PM PDT by Ernest_at_the_Beach
[ Post Reply | Private Reply | To 1 | View Replies]

To: Straight Vermonter
NSA is the finest technological intelligence organization in the world. The can read the mail like no one has ever dreamed about. They are so far ahead of everyone else in communications interception and cryptology that 1024 bit PGP key is child's play to them.
14 posted on 08/05/2004 12:01:35 AM PDT by Jeff Gordon (LWS - Legislating While Stupid. Someone should make this illegal.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ichneumon
In each case the appropriate figure is 2(B2-B1), where B1 is the number of bits in the smaller key, and B2 is the number of bits in the larger key.

It's actually much less than that. The security of a key against brute force attack is proportional to the number of possible keys, not the size of a key. For RSA keys, most members of the keyspace are not valid keys since RSA keys are based on large prime numbers. An n-bit RSA key is nowhere near as secure as an n-bit conventional cipher key.
15 posted on 08/05/2004 12:05:11 AM PDT by ScuzzyTerminator
[ Post Reply | Private Reply | To 12 | View Replies]

To: cryptical
For example, if you have a computer that can perform a million instructions per second going at it for 30,000 years.

The new IBM supercomputer "blue ocean" that the US navy is buying would do the job in 13 hours.

16 posted on 08/05/2004 12:07:12 AM PDT by Straight Vermonter (<a href="http://www.angelfire.com/ultra/terroristscorecard/">Terrorist Scorecard</a>)
[ Post Reply | Private Reply | To 10 | View Replies]

To: cryptical
I doubt that the NSA can crack PGP, either due to magical advances in technology, or some implementation flaw that's exploitable.

A quantum computer can break a PGP key in O((log N)3) time using Shor's algorithm.

I'll bet that quantum computation research has commanded a significant portion of NSA's budget for ten years or more.

17 posted on 08/05/2004 12:07:44 AM PDT by Physicist
[ Post Reply | Private Reply | To 10 | View Replies]

To: Ichneumon
you still wouldn't have enough computer power to crack a single 2048-bit key by brute force.

"I think there is a world market for about five computers." -IBM founder Thomas Watson Sr.

18 posted on 08/05/2004 12:08:45 AM PDT by Jeff Gordon (LWS - Legislating While Stupid. Someone should make this illegal.)
[ Post Reply | Private Reply | To 12 | View Replies]

To: ScuzzyTerminator
It's actually much less than that. The security of a key against brute force attack is proportional to the number of possible keys, not the size of a key. For RSA keys, most members of the keyspace are not valid keys since RSA keys are based on large prime numbers. An n-bit RSA key is nowhere near as secure as an n-bit conventional cipher key.

Ah, good point, thanks for the correction. I was indeed thinking of n-bit conventional keys.

Is the number of valid 516-bit RSA keys known? It would be interesting to figure out how whether it would be feasible to pre-compute all possible keys into a "key dictionary", and then use that to brute-force test encrypted messages.

19 posted on 08/05/2004 12:11:41 AM PDT by Ichneumon ("...she might as well have been a space alien." - Bill Clinton, on Hillary, "My Life", p. 182)
[ Post Reply | Private Reply | To 15 | View Replies]

To: Finalapproach29er

Odds are PGP still cannot be brute-forced without, literally, hundreds of millions of dollars worth of supercomputers. I DO believe the NSA can brute-force PGP, but only with superhuman super-expensive efforts.

Odds are any messages that were cracked were either decoded by physically capturing the private key, bugging a computer and learning the key that way.

The is some chance that having clear-text messages and their encrypted versions might help crack other encrypted messages.

But I don't find any evidence here that PGP can routinely be cracked.


20 posted on 08/05/2004 4:14:29 AM PDT by eno_ (Freedom Lite, it's almost worth defending.)
[ Post Reply | Private Reply | To 3 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-50 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson