Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Reading al Qaedas Encrypted Email
Strategypage ^ | August 5, 2004 | James Dunnigan

Posted on 08/04/2004 11:09:02 PM PDT by Straight Vermonter

The U.S. and Pakistan may have found a way to read months, or years, worth of secret al Qaeda messages. No one is saying anything about that, but it works like this.

The recent warnings that al Qaeda was planning attacks on specific targets in the United States was said to come from recent people, and information, captured in Pakistan. One of the two key al Qaeda people captured was Mohammed Naeem Noor Khan, an English speaking Pakistani computer engineer. Khan was running an al Qaeda communications network, using email and encryption to distribute messages that could not be read with out the decoding keys. What was left out of these reports was any mention of public key cryptography, PGP (a version of public key cryptography freely available to Internet users), the National Security Agency (NSA) and cracking (decoding) PGP. There’s more to Mister Khan’s capture than meets the eye.

During the 1990s, the NSA was frequently in court trying to keep PGP off the market. In the 1980s, NSA was trying to get the key length of commercial ciphers kept shorter than business wanted. NSA is in charge of developing systems to keep American government messages secret, and figuring out how to crack the codes other nations use. Although the NSA never admitted it, most cryptography experts believed NSA wanted to keep longer keys out of use, because NSA did not have powerful enough techniques, or computers, to crack longer keys.

OK, all this talk of cipers and keys length doesn’t make sense to most people, so let’s offer a brief explanation. It starts with the appearance of inexpensive computers, when it became possible to use new methods to turn messages into apparent gibberish with coding systems. This was done using a “key”, which was a string of letters and numbers. Think of it a kind of password. If the person receiving the message had the right key, the message could be decoded (using a mathematical routine similar to the one that garbled the message in the first place.) The most popular of these techniques was eventually released as an inexpensive commercial product called PGP (Pretty Good Privacy). Users could post a “public key” that other users of the PGP program could use to scramble an email message or data file. When you received a message scrambled with your public key, you entered your private key into PGP and it descrambled the email or file.

The trouble with PGP was that, as far as NSA was concerned, it was too good. NSA got the U.S. government to declare programs like PGP to be military equipment, and subject to export controls. Trying to stop the spread of PGP was absurd, however, and the government eventually backed off. But NSA’s problem with PGP encoded messages remained. Or did it? NSA, obviously, is not going to admit that it can, or cannot, crack PGP encoded messages.

The most straightforward to read an encoded PGP message, without the decoding key is to use a computer to run through every possible combination of the key, to find the ones that work. A 516 digit key can be cracked using this computerized “brute force” method. For example, if you have a computer that can perform a million instructions per second going at it for 30,000 years, you can read the message encoded with a 516 digit key. That’s a little misleading, as a thousand dollar PC in 2004 can generate several thousand MIPS. So it would only take you ten years to crack that code. Of course, if you got several hundred of these PCs working together, you could get the job done in a few weeks. You can see where this is going. NSA has billions of dollars a year to play with, and building “supercomputers” out of cheap PCs has become quite popular.

However, increase the key to 768 characters, and it takes about 6,600 times longer to crack it. Go to key size of 1024, and it takes 1,500 times longer than the 768 character key. Go to a 2048 key size and it takes a billion times longer than a 1024 character long key. PGP can use a 1024 character key, and many users go for the larger key for obvious reasons.

Down at the NSA, all is not lost. Cracking a PGP code can be done with clever math as well as powerful computers. While we know there are a lot of cheap, powerful computers available to the NSA, we also know the NSA has a lot of clever people who specialize in figuring out better ways to crack codes. What we don’t know is if NSA is able to crack PGP messages scrambled using 1024 character codes.

If al Qaeda’s computer savvy Mohammed Naeem Noor Khan was in charge of an al Qaeda communications network that used the Internet, then he was probably using PGP. Al Qaeda use of PGP has been reported many times, as have complaints about the potential for that providing al Qaeda with an invulnerable encryption system. NSA has remained silent. But if Kahn was the man in charge, and he had many of the decryption keys with him when he was captured, that enables the NSA to read many previous messages. How many? Depends on how many keys were captured. Could be months worth. It’s also possible that months worth of actual messages was captured. This kind of information is invaluable in figuring out what al Qaeda has been doing, and is currently planning. Did Kahn have the keys? This is something you don’t want to discuss, one way or the other. You want the al Qaeda users of Kahns network to sweat a bit, even if the keys were not grabbed. And if the keys were obtained, there are tough times ahead for terrorist users of "invulnerable" encryption.


TOPICS: Extended News; Foreign Affairs; War on Terror
KEYWORDS: alqaeda; alqaida; counterterrorism; khan; mohammedkhan; nsa; roundup

1 posted on 08/04/2004 11:09:02 PM PDT by Straight Vermonter
[ Post Reply | Private Reply | View Replies]

To: Straight Vermonter

There is a VERY fine article in the September 2004 Atlantic Monthly about the
Al-Quida goodies found on a desktop and a laptop obtained by a Wall Street Journal reporter
just after his arrival in liberated Kabul.

Reading the terse e-mails between a field operative and his boss at headquarters
over his handling of Al-Quida funds is a hoot.


2 posted on 08/04/2004 11:12:42 PM PDT by VOA
[ Post Reply | Private Reply | To 1 | View Replies]

To: Straight Vermonter

The U.S. and Pakistan may have found a way to read months, or years, worth of secret al Qaeda messages. No one is saying anything about that, but it works like this.
****
This fool should shut his mouth, or have it shut for him.

This is like when some fool Senator spilled the beans we were listening to Bin Laden's cellphone. Why tip off the enemy? LOOSE LIPS........


3 posted on 08/04/2004 11:19:09 PM PDT by Finalapproach29er ( Election day: FOUR Supreme Court Justices! Enough said.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Straight Vermonter

It's also possible that the guy didn't bother encrypting the contents of his own hard drive. He could have left a trail of unencrypted messages on the drive through bits of cache files, text files and other stuff on the drive as well.


4 posted on 08/04/2004 11:19:50 PM PDT by MediaMole (Microsoft math: 1 inch = 2.4 centimeters)
[ Post Reply | Private Reply | To 1 | View Replies]

To: MediaMole

a one time key is the safest way to communicate.

I think the govt can deciper PGP...I remember they couldnt export, then all of a sudden they could.

Even so, CIA probably has hackers who stole the info from PGP


5 posted on 08/04/2004 11:29:25 PM PDT by BurbankKarl (When in doubt, shoot it out)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Straight Vermonter
Echelon at work.
6 posted on 08/04/2004 11:35:15 PM PDT by NotJustAnotherPrettyFace (Michael <a href = "http://www.michaelmoore.com/" title="Miserable Failure">"Miserable Failure"</a>)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BurbankKarl

The nice thing about any strong crypto is that it should stand up to attack even if you know the algorithm and implementation.

Of course if you find a flaw.... it can make anything easier to crack, especially if you have known text to work with.

You might want to check out GPG, the GNU open source version of PGP.


7 posted on 08/04/2004 11:36:35 PM PDT by adam_az (Call your State Republican Party office and VOLUNTEER!!!!)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Finalapproach29er
This is like when some fool Senator spilled the beans we were listening to Bin Laden's cellphone. Why tip off the enemy? LOOSE LIPS........

It wasn't a senator. It was the prosecutor in one of the original 1993 WTC bombing case. That's because Bill Clinton treated terrorism as ordinary crime rather than a war crime or piracy.

8 posted on 08/04/2004 11:37:11 PM PDT by Paleo Conservative (Do not remove this tag under penalty of law.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: adam_az

I would rather plant spyware on the Hotmail page that loads to any computer that accesses it from Pakistan, and pings the CIA computer from there...

Look at all the Phishing exploits going on now....and how many people are unaware!


9 posted on 08/04/2004 11:40:28 PM PDT by BurbankKarl (When in doubt, shoot it out)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Straight Vermonter

Nice article. I doubt that the NSA can crack PGP, either due to magical advances in technology, or some implementation flaw that's exploitable.

My guess is sloppy key handling. If they captured the guys laptop, chances are they were able to recover his keys, because most people a) don't change their keys enough, and b) have crappy passwords on their private keys.

I'd guess tossing words/phrases from the Koran at an AQ password would likely be fruitful. Just put together a
dictionary of permutations of 'Allah', and see what you
get.


10 posted on 08/04/2004 11:42:11 PM PDT by cryptical
[ Post Reply | Private Reply | To 1 | View Replies]

To: MediaMole
Indeed, it would be very suprising if a much used computer did not yield a lot of info regardless of how carefull the user was. It is very time consuming and use-inhibiting to wipe a disk of "deleted" data everytime it is used.

Also, most encryption systems, including PGP, ultimatly rely on a single passphrase that must be typed in with every use (or insecurly stored). It is hard to use a memerable passphrase that gives a hundred or more bits of equivalent key material.

And, finally, when you have the computer's owner as well as the computer, there is always rubber-hose cryptanalysis.
11 posted on 08/04/2004 11:43:09 PM PDT by ScuzzyTerminator
[ Post Reply | Private Reply | To 4 | View Replies]

To: Straight Vermonter
A 516 digit key can be cracked using this computerized “brute force” method. [...] However, increase the key to 768 characters, and it takes about 6,600 times longer to crack it. Go to key size of 1024, and it takes 1,500 times longer than the 768 character key. Go to a 2048 key size and it takes a billion times longer than a 1024 character long key. PGP can use a 1024 character key, and many users go for the larger key for obvious reasons.

Someone needs to teach this reporter some math. The actual difficulty figures for a brute force crack are:

A 768-bit key takes 7.24x1075 times as long to crack as a 516-bit key (that's a 7 followed by *74* zeros).

A 1024-bit key takes 1.16x1077 times as long to crack as a 768-bit key (1 followed by 76 zeros).

A 2048-bit key takes 1.80x10308 times as long to crack as a 1024-bit key (about 2 followed by 307 zeros).

In each case the appropriate figure is 2(B2-B1), where B1 is the number of bits in the smaller key, and B2 is the number of bits in the larger key.

I don't know where in the hell the reporter got his figures from, but they're too small by enormous orders of magnitude.

If every single atom in the universe were a computer a trillion times faster than the fastest computer today, and ran for a trillion years, you still wouldn't have enough computer power to crack a single 2048-bit key by brute force.

12 posted on 08/04/2004 11:55:55 PM PDT by Ichneumon ("...she might as well have been a space alien." - Bill Clinton, on Hillary, "My Life", p. 182)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Straight Vermonter

Maybe they only found the Key in Pakistan...


13 posted on 08/04/2004 11:56:27 PM PDT by Ernest_at_the_Beach
[ Post Reply | Private Reply | To 1 | View Replies]

To: Straight Vermonter
NSA is the finest technological intelligence organization in the world. The can read the mail like no one has ever dreamed about. They are so far ahead of everyone else in communications interception and cryptology that 1024 bit PGP key is child's play to them.
14 posted on 08/05/2004 12:01:35 AM PDT by Jeff Gordon (LWS - Legislating While Stupid. Someone should make this illegal.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ichneumon
In each case the appropriate figure is 2(B2-B1), where B1 is the number of bits in the smaller key, and B2 is the number of bits in the larger key.

It's actually much less than that. The security of a key against brute force attack is proportional to the number of possible keys, not the size of a key. For RSA keys, most members of the keyspace are not valid keys since RSA keys are based on large prime numbers. An n-bit RSA key is nowhere near as secure as an n-bit conventional cipher key.
15 posted on 08/05/2004 12:05:11 AM PDT by ScuzzyTerminator
[ Post Reply | Private Reply | To 12 | View Replies]

To: cryptical
For example, if you have a computer that can perform a million instructions per second going at it for 30,000 years.

The new IBM supercomputer "blue ocean" that the US navy is buying would do the job in 13 hours.

16 posted on 08/05/2004 12:07:12 AM PDT by Straight Vermonter (<a href="http://www.angelfire.com/ultra/terroristscorecard/">Terrorist Scorecard</a>)
[ Post Reply | Private Reply | To 10 | View Replies]

To: cryptical
I doubt that the NSA can crack PGP, either due to magical advances in technology, or some implementation flaw that's exploitable.

A quantum computer can break a PGP key in O((log N)3) time using Shor's algorithm.

I'll bet that quantum computation research has commanded a significant portion of NSA's budget for ten years or more.

17 posted on 08/05/2004 12:07:44 AM PDT by Physicist
[ Post Reply | Private Reply | To 10 | View Replies]

To: Ichneumon
you still wouldn't have enough computer power to crack a single 2048-bit key by brute force.

"I think there is a world market for about five computers." -IBM founder Thomas Watson Sr.

18 posted on 08/05/2004 12:08:45 AM PDT by Jeff Gordon (LWS - Legislating While Stupid. Someone should make this illegal.)
[ Post Reply | Private Reply | To 12 | View Replies]

To: ScuzzyTerminator
It's actually much less than that. The security of a key against brute force attack is proportional to the number of possible keys, not the size of a key. For RSA keys, most members of the keyspace are not valid keys since RSA keys are based on large prime numbers. An n-bit RSA key is nowhere near as secure as an n-bit conventional cipher key.

Ah, good point, thanks for the correction. I was indeed thinking of n-bit conventional keys.

Is the number of valid 516-bit RSA keys known? It would be interesting to figure out how whether it would be feasible to pre-compute all possible keys into a "key dictionary", and then use that to brute-force test encrypted messages.

19 posted on 08/05/2004 12:11:41 AM PDT by Ichneumon ("...she might as well have been a space alien." - Bill Clinton, on Hillary, "My Life", p. 182)
[ Post Reply | Private Reply | To 15 | View Replies]

To: Finalapproach29er

Odds are PGP still cannot be brute-forced without, literally, hundreds of millions of dollars worth of supercomputers. I DO believe the NSA can brute-force PGP, but only with superhuman super-expensive efforts.

Odds are any messages that were cracked were either decoded by physically capturing the private key, bugging a computer and learning the key that way.

The is some chance that having clear-text messages and their encrypted versions might help crack other encrypted messages.

But I don't find any evidence here that PGP can routinely be cracked.


20 posted on 08/05/2004 4:14:29 AM PDT by eno_ (Freedom Lite, it's almost worth defending.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: BurbankKarl
Even so, CIA probably has hackers who stole the info from PGP

Wouldn't help. PGP is open source. You can study it all you want. Anyone can.

21 posted on 08/05/2004 4:15:27 AM PDT by eno_ (Freedom Lite, it's almost worth defending.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: cryptical

I agree, a dictionary attack on a keystore would be the most probable solution.

I've always wondered about bruteforce attacks. Each attempt with a random key will produce some sort of result. How does the computer recognize when the correct key has been used, and a valid result has appeared?


22 posted on 08/05/2004 4:55:12 AM PDT by proxy_user
[ Post Reply | Private Reply | To 10 | View Replies]

To: BurbankKarl

"I would rather plant spyware on the Hotmail page that loads to any computer that accesses it from Pakistan, and pings the CIA computer from there... "

Intelligence agencies would get in big doodoo if caught doing something like that.

Plus, installing stuff on someome elses computer surrepititiously in that way requires specific browser versions etc to be in place etc - it's just not possible to bug every browser in Pakistan!


23 posted on 08/05/2004 5:35:08 AM PDT by adam_az (Call your State Republican Party office and VOLUNTEER!!!!)
[ Post Reply | Private Reply | To 9 | View Replies]

To: proxy_user

"I've always wondered about bruteforce attacks. Each attempt with a random key will produce some sort of result. How does the computer recognize when the correct key has been used, and a valid result has appeared?"

You can't do THAT kind of attack against asymmetric crypto.

You are describing dictionary attacks against symmetric crypto, like DES.

You have a dictionary, you encrypt each word, then compare the result to the captured password file, for example, and look for matches. That is (a vastly simplified but accurate) explanation of how people 'crack' passwords for example.


24 posted on 08/05/2004 5:38:03 AM PDT by adam_az (Call your State Republican Party office and VOLUNTEER!!!!)
[ Post Reply | Private Reply | To 22 | View Replies]

To: Paleo Conservative
This is something you don’t want to discuss, one way or the other

Yeah the cell phone thing was truly stupid too.

25 posted on 08/05/2004 5:40:53 AM PDT by Tom Bombadil
[ Post Reply | Private Reply | To 8 | View Replies]

To: proxy_user

Bruce Schneier has a nice little primer on how to recognize plaintext.

http://www.schneier.com/crypto-gram-9812.html#plaintext


26 posted on 08/05/2004 8:24:52 AM PDT by cryptical
[ Post Reply | Private Reply | To 22 | View Replies]

To: Straight Vermonter
"The trouble with PGP was that, as far as NSA was concerned, it was too good. NSA got the U.S. government to declare programs like PGP to be military equipment, and subject to export controls. Trying to stop the spread of PGP was absurd, however, and the government eventually backed off. But NSA’s problem with PGP encoded messages remained. Or did it? NSA, obviously, is not going to admit that it can, or cannot, crack PGP encoded messages."

Aren't we all assuming that there is no backdoor to PGP? Does anybody think that the NSA was simply going to drop their opposition to exporting this technology?

27 posted on 08/05/2004 8:35:42 AM PDT by GallopingGhost
[ Post Reply | Private Reply | To 1 | View Replies]

To: adam_az

how would intelligence agencies get in trouble for that? no one can even hold the people who are doing it accountable!

they have caught a few sympathizers setting up fake AQ websites....who knows what else they are doing...


28 posted on 08/05/2004 8:38:08 AM PDT by BurbankKarl (Wish we had armor at LAX)
[ Post Reply | Private Reply | To 23 | View Replies]

To: Straight Vermonter

D-R-I-N-K
M-O-R-E
O-V-A-L-T-I-N-E

(BTTT)


29 posted on 08/05/2004 8:39:39 AM PDT by Cold Heart
[ Post Reply | Private Reply | To 1 | View Replies]

To: adam_az

There are 3 different keys that are useful in attacking PGP encrypted traffic.

There's a message key, for the symmetric cipher that's used to encrypt the individual message. That should only be useful for decrypting one message, so it's not that useful. I'm pretty retro, so using PGP 2.6.2 this ciper would be IDEA, its key length will be 128 bits.

There's the private key of the recipient, which decrypts the
message key that's encrypted to the public key of the recipient. This is thing you want, because you can decrypt all messages sent to that key. That you've ever intercepted. Storage is cheap, so it's worthwhile to keep all encrypted traffic you can capture, in case you get ahold of the keys later on.

Then there's a symmetric key used to encrypt the private key for storage on disk. I'm thinking they used IDEA for PGP 2.6.2 to encrypt the private key, but I'm too lazy to look. There's a passphrase that allows decrypting the private key, note that you need the secret keyring to attack this. When you get the passphrase (the passphrase, if weak, will be a lot easier to attack than brute forcing the encryption on the key).


30 posted on 08/05/2004 8:40:48 AM PDT by cryptical
[ Post Reply | Private Reply | To 24 | View Replies]

To: VOA

I just finished that article. It was a great piece of journalism. It was really odd to see al Qaeda in the light of functioning like any other organization, with all the pettiness and power struggles.


31 posted on 08/05/2004 8:41:21 AM PDT by creepycrawly
[ Post Reply | Private Reply | To 2 | View Replies]

To: creepycrawly
It was really odd to see al Qaeda in the light of functioning like any other
organization, with all the pettiness and power struggles.


I won't be holding my breath for The National Organization of Women to
highlight Al-Quida's use of translucent screens to disguise the news reports by
female reporters.

I can't recall the exact verbiage, but I was a bit bothered over the passage about
Al-Quida sort of hoping for direct attacks by the USA in order to
gain support/sympathy from the Islamic world.
I'm behind Dubya even during this difficult phase, but do wonder if we've
done all the smart things to bring these peckerwoods to justice.
And/or make them irrelevant.
32 posted on 08/05/2004 8:46:51 AM PDT by VOA
[ Post Reply | Private Reply | To 31 | View Replies]

To: VOA
I won't be holding my breath for The National Organization of Women to highlight Al-Quida's use of translucent screens to disguise the news reports by female reporters.

That picture was hilarious. It was surreal to see these images encased in the familiar Windows environment (and in English, no les). Reminded me of the Taliban rushing around in those old Toyota pickups.

I second your skepticism, but dare not express it in this neighborhood.

33 posted on 08/05/2004 8:58:38 AM PDT by creepycrawly
[ Post Reply | Private Reply | To 32 | View Replies]

To: cryptical

That's interesting. But wouldn't the overhead of testing each decrypted message slow down brute forcing considerably? It's one thing to try a billion keys a second, and it's quite another to look at each decryption and decide if it's any good or not.

If the encryptor knew the plaintext recognition algorithm, he could also take steps to dodge recognition:

LikeHereIsMyPlainTextMessage.

If they're looking for spaces they're out of luck.


34 posted on 08/05/2004 9:38:07 AM PDT by proxy_user
[ Post Reply | Private Reply | To 26 | View Replies]

To: proxy_user
...wouldn't the overhead of testing each decrypted message slow down brute forcing considerably

Its really not a bad problem. Here's how Bruce Schneier explains it:

How to Recognize Plaintext

A brute-force cracking machine tries every possible key until it finds the right one. If the machine has a chunk of ciphertext and decrypts it with one key after the other, how does it know when it found the correct plaintext?

It seems obvious to me, but I get this question often enough to address it in these pages. The machine knows that it found the plaintext because it looks like plaintext.

Plaintext tends to look like plaintext. It's an English-language message, or a data file from a computer application (programs like Microsoft Word have large known headers; even PK-ZIP files have known headers), or a database in a reasonable format. When you look at a decrypted file, it looks like something understandable. When you look at a ciphertext file, or a file decrypted with the wrong key, it looks like gibberish.

In the 1940s, Claude Shannon invented a concept called the unicity distance. Among other things, the unicity distance measures the amount of ciphertext required such that there is only one reasonable plaintext. This number depends both on the characteristics of the plaintext and the key length of the encryption algorithm.

For example, RC4 encrypts data in bytes. Imagine a single ASCII letter as plaintext. There are 26 possible plaintexts out of 256 possible decryptions. Any random key, when used to decrypt the ciphertext, has a 26/256 chance of producing a valid plaintext. The analyst has no way to tell the wrong plaintext from the correct plaintext.

Now imagine a 1K e-mail message. The analyst tries random keys, and eventually a plaintext emerges that looks like an e-mail message: words, phrases, sentences, grammar. The odds are infinitesimal that this is not the correct plaintext.

Everything else is in the middle. The unicity distance determines when you can think like the second example instead of the first.

For a standard English message, the unicity distance is K/6.8, where K is the key length. (The 6.8 is a measure of the redundancy of English in ASCII. For other plaintexts it will be more or less, but not that much more or less.) For DES, the unicity distance is 8.2 bytes. For 128-bit ciphers, it is about 19 bytes.

This means that if you are trying to brute-force DES you need two ciphertext blocks. (DES's block length is 8 bytes.) Decrypt the first ciphertext block with one key after another. If the resulting plaintext looks like English, then decrypt the second block with the same key. If the second plaintext block also looks like English, you've found the correct key.

The unicity distance grows as the redundancy of the plaintext shrinks. For compressed files, the redundancy might be 2.5, or three blocks of DES ciphertext. For a 256-bit-key cipher, that would be 105 plaintext bytes. If the plaintext is a random key, the redundancy is zero and the unicity distance reaches infinity: it is impossible to recognize the correct plaintext from an incorrect plaintext.

But that's a special case. Most of the time, it is easy to recognize plaintext.


35 posted on 08/05/2004 11:46:07 AM PDT by ScuzzyTerminator
[ Post Reply | Private Reply | To 34 | View Replies]

To: eno_

Hope you're right.


36 posted on 08/05/2004 1:06:46 PM PDT by Finalapproach29er ( Election day: FOUR Supreme Court Justices! Enough said.)
[ Post Reply | Private Reply | To 20 | View Replies]

To: adam_az
it's just not possible to bug every browser in Pakistan!

Actually, it's not all that hard to bug a lot of them. Writing a worm that attacks a particular Internet address space and checks for local languages, etc., is well within possibility, and vastly cheaper than recon satellites.

37 posted on 08/05/2004 1:21:34 PM PDT by eno_ (Freedom Lite, it's almost worth defending.)
[ Post Reply | Private Reply | To 23 | View Replies]

To: GallopingGhost
Aren't we all assuming that there is no backdoor to PGP?

You can assume that U.S. intelligence and/or law enforcement have tried to strongarm every provider of encrypted communication to provide a backdoor.

There are, however, open source versions of PGP.

38 posted on 08/05/2004 1:24:39 PM PDT by eno_ (Freedom Lite, it's almost worth defending.)
[ Post Reply | Private Reply | To 27 | View Replies]

To: Finalapproach29er

You need some clue, hack, or exploit. Even in the days of Enigma, info gathered in the field about the machines, cleartexts, etc., were vital to success. I don't believe that there is fundamental knowledge that exists only inside NSA that enables them to crack encryption that other people cannot crack or prove a crack exists.

That said, 2048 bit keys are probably not excessive.


39 posted on 08/05/2004 1:28:34 PM PDT by eno_ (Freedom Lite, it's almost worth defending.)
[ Post Reply | Private Reply | To 36 | View Replies]

To: Ichneumon

"A 1024-bit key takes 1.16x10^77 times as long to crack as a 768-bit key (1 followed by 76 zeros)."

That would be a 1 followed by 77 zeros. Just like 1 times 10^2 is a one followed by 2 zeros.


40 posted on 08/05/2004 1:30:14 PM PDT by Flightdeck (Procrastinate later)
[ Post Reply | Private Reply | To 12 | View Replies]

To: proxy_user

How does the computer recognize when the correct key has been used, and a valid result has appeared?


I believe that Blenchley Park solved that problem with "The Bomb". They knew the constraints on enigma machine, they had an electro-mechanical computer that would brute force possible combinations until plain-text German appeared in short snippets. It could false alarm, but just reset and continue.


41 posted on 08/05/2004 1:40:07 PM PDT by Lonesome in Massachussets (Take Luca Brazzi, make him an offer he can't refuse.)
[ Post Reply | Private Reply | To 22 | View Replies]

To: Flightdeck
That would be a 1 followed by 77 zeros. Just like 1 times 10^2 is a one followed by 2 zeros.

D'oh!

Sigh, it was the wee hours of the morning, and I've spent a lot of time correcting people who say that 10X is "10 followed by X zeros", when it's really X-1. So I was primed to make the reverse mistake myself out of habit. :-)

42 posted on 08/05/2004 2:05:37 PM PDT by Ichneumon ("...she might as well have been a space alien." - Bill Clinton, on Hillary, "My Life", p. 182)
[ Post Reply | Private Reply | To 40 | View Replies]

To: ScuzzyTerminator; Lonesome in Massachussets; cryptical

I agree it is not a hard problem. My point is speed. How many machine cycles will be needed to test each decryption for plaintext? If you're trying to test a billion keys per second, this definitely becomes a consideration.

There would be many ways around brute-force recognition algorithms for skilled operatives. For example, you could write you text in a graphics application, and save it as a .jpg. Then uuencode it or yenc it to disguise the filetype, and apply your encryption algorithm. The brute-force cracker cannot be programmed to recognize to many variants without slowing it down so much that it would be worthless.


43 posted on 08/05/2004 2:21:11 PM PDT by proxy_user
[ Post Reply | Private Reply | To 35 | View Replies]

To: proxy_user

I think the point is that even things like that have headers in them, which would make them even easier to decrypt and recognize. Besides, AQ don't want to be slowed up, they just wanna fire off emails without all the rigamarole.


44 posted on 08/05/2004 2:26:43 PM PDT by Lonesome in Massachussets (Take Luca Brazzi, make him an offer he can't refuse.)
[ Post Reply | Private Reply | To 43 | View Replies]

To: proxy_user
How many machine cycles will be needed to test each decryption for plaintext?

I doubt that the NSA would use CPUs to crack well known algorithms. I assume they use hardware designed for the task, like the EFF DES Cracker project. The "randomness meter"  would likely be a module that works in parallel without slowing anything down.

There would be many ways around brute-force recognition algorithms for skilled operatives. For example, you could write you text in a graphics application, and save it as a .jpg. Then uuencode it or yenc it to disguise the filetype, and apply your encryption algorithm.

Steganography before encryption doesn't help because you know you found the key when you've found, for example, a .jpg  or a uuencode. Generally, you need to encrypt before you hide.

The brute-force cracker cannot be programmed to recognize to many variants...

Variants don't matter. You're not looking for recognizable data patterns but just measuring randomness. Any message with meaningful information, no matter what the format, will be manifest as non-random if you have a sample at least as big as the unicity distance.
45 posted on 08/05/2004 6:33:43 PM PDT by ScuzzyTerminator
[ Post Reply | Private Reply | To 43 | View Replies]

To: Finalapproach29er
This fool should shut his mouth, or have it shut for him.

Nah. This article is mostly just speculation. If the NSA is reading the PGP messages from al Qaeda laptops, it's most likely that it is because they have the 'secret key', and it is protected with a weak password rather than a brute force attack. People are generally pretty stupid when it comes to passwords, which is one reason that PGP always says "pass phrase" in its documentation. MY pgp pasphrase is more than 40 characters, but few people go to such lengths because they simply don't understand the concept of the "weakest link". If the NSA has posession of the encrypted message (cyphertext), the public key, and the private key, it should be obvious that they'll attack the private key because it is the "master" that enables them to decrypt messages at will.

It used to be that the NSA had the best crypto folks on the planet, and while this might still be true to a degree, there are a heck of a lot more high-quality cryptographers out there in the world at large than there used to be.

I'd still bet that absent physical posession of the secret keys, PGP is probably still opaque to the NSA. That's one reason why it is so important to safeguard your keys.

Even without the ability to decrypt messages, traffic analysis is a useful tool in building information about networks of people. Knowing that Alice, Bob, and Chuck are communicating with a bunch of encrypted messages acn tell you a lot about relationships.

I support the universal use of encrypted mail. Unfortunately, most people can't be bothered. They'd rather send their messages on postcards than protect them with an envelope.

46 posted on 08/05/2004 6:49:15 PM PDT by zeugma (The Great Experiment is over and the Constitution is dead.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Ichneumon
If every single atom in the universe were a computer a trillion times faster than the fastest computer today, and ran for a trillion years, you still wouldn't have enough computer power to crack a single 2048-bit key by brute force.

I call keys like that 'heat death' keys, because they'll take longer to decrypt than the ultimate fate of the universe.

47 posted on 08/05/2004 6:52:10 PM PDT by zeugma (The Great Experiment is over and the Constitution is dead.)
[ Post Reply | Private Reply | To 12 | View Replies]

To: zeugma

The more basic question: Why announce it and let them know we can read their mail?

I don't understand the need to tip off the enemy when we succeed at gathering info.


48 posted on 08/05/2004 7:10:48 PM PDT by Finalapproach29er ( Election day: FOUR Supreme Court Justices! Enough said.)
[ Post Reply | Private Reply | To 46 | View Replies]

To: Finalapproach29er

Oddly enough, AQ continues to use satellite phones, even though the CIA owns the satellites. My guess is that NSA can read PGP. All encryption systems have vulnerabilities, fatal ones if you get your hands on even one machine in the chain of communication.


49 posted on 08/05/2004 7:19:33 PM PDT by js1138 (In a minute there is time, for decisions and revisions which a minute will reverse. J Forbes Kerry)
[ Post Reply | Private Reply | To 3 | View Replies]

To: VOA

THX. Will try and check it out.


50 posted on 08/05/2004 8:09:57 PM PDT by Quix (PRAYER WARRIORS, DO YOUR STUFF! LIVES AND NATIONS DEPEND ON IT)
[ Post Reply | Private Reply | To 2 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson