There is a VERY fine article in the September 2004 Atlantic Monthly about the
Al-Quida goodies found on a desktop and a laptop obtained by a Wall Street Journal reporter
just after his arrival in liberated Kabul.
Reading the terse e-mails between a field operative and his boss at headquarters
over his handling of Al-Quida funds is a hoot.
The U.S. and Pakistan may have found a way to read months, or years, worth of secret al Qaeda messages. No one is saying anything about that, but it works like this.
****
This fool should shut his mouth, or have it shut for him.
This is like when some fool Senator spilled the beans we were listening to Bin Laden's cellphone. Why tip off the enemy? LOOSE LIPS........
It's also possible that the guy didn't bother encrypting the contents of his own hard drive. He could have left a trail of unencrypted messages on the drive through bits of cache files, text files and other stuff on the drive as well.
Nice article. I doubt that the NSA can crack PGP, either due to magical advances in technology, or some implementation flaw that's exploitable.
My guess is sloppy key handling. If they captured the guys laptop, chances are they were able to recover his keys, because most people a) don't change their keys enough, and b) have crappy passwords on their private keys.
I'd guess tossing words/phrases from the Koran at an AQ password would likely be fruitful. Just put together a
dictionary of permutations of 'Allah', and see what you
get.
Someone needs to teach this reporter some math. The actual difficulty figures for a brute force crack are:
A 768-bit key takes 7.24x1075 times as long to crack as a 516-bit key (that's a 7 followed by *74* zeros).
A 1024-bit key takes 1.16x1077 times as long to crack as a 768-bit key (1 followed by 76 zeros).
A 2048-bit key takes 1.80x10308 times as long to crack as a 1024-bit key (about 2 followed by 307 zeros).
In each case the appropriate figure is 2(B2-B1), where B1 is the number of bits in the smaller key, and B2 is the number of bits in the larger key.
I don't know where in the hell the reporter got his figures from, but they're too small by enormous orders of magnitude.
If every single atom in the universe were a computer a trillion times faster than the fastest computer today, and ran for a trillion years, you still wouldn't have enough computer power to crack a single 2048-bit key by brute force.
Maybe they only found the Key in Pakistan...
Aren't we all assuming that there is no backdoor to PGP? Does anybody think that the NSA was simply going to drop their opposition to exporting this technology?
D-R-I-N-K
M-O-R-E
O-V-A-L-T-I-N-E
(BTTT)