[VOA]

There is a VERY fine article in the September 2004 Atlantic Monthly about the
Al-Quida goodies found on a desktop and a laptop obtained by a Wall Street Journal reporter
just after his arrival in liberated Kabul.

Reading the terse e-mails between a field operative and his boss at headquarters
over his handling of Al-Quida funds is a hoot.

[Finalapproach29er]

The U.S. and Pakistan may have found a way to read months, or years, worth of secret al Qaeda messages. No one is saying anything about that, but it works like this.
****
This fool should shut his mouth, or have it shut for him.

This is like when some fool Senator spilled the beans we were listening to Bin Laden's cellphone. Why tip off the enemy? LOOSE LIPS........

[MediaMole]

It's also possible that the guy didn't bother encrypting the contents of his own hard drive. He could have left a trail of unencrypted messages on the drive through bits of cache files, text files and other stuff on the drive as well.

[NotJustAnotherPrettyFace]

Echelon at work.

[cryptical]

Nice article. I doubt that the NSA can crack PGP, either due to magical advances in technology, or some implementation flaw that's exploitable.

My guess is sloppy key handling. If they captured the guys laptop, chances are they were able to recover his keys, because most people a) don't change their keys enough, and b) have crappy passwords on their private keys.

I'd guess tossing words/phrases from the Koran at an AQ password would likely be fruitful. Just put together a
dictionary of permutations of 'Allah', and see what you
get.

[Ichneumon]

A 516 digit key can be cracked using this computerized “brute force” method. [...] However, increase the key to 768 characters, and it takes about 6,600 times longer to crack it. Go to key size of 1024, and it takes 1,500 times longer than the 768 character key. Go to a 2048 key size and it takes a billion times longer than a 1024 character long key. PGP can use a 1024 character key, and many users go for the larger key for obvious reasons.

Someone needs to teach this reporter some math. The actual difficulty figures for a brute force crack are:

A 768-bit key takes 7.24x10⁷⁵ times as long to crack as a 516-bit key (that's a 7 followed by *74* zeros).

A 1024-bit key takes 1.16x10⁷⁷ times as long to crack as a 768-bit key (1 followed by 76 zeros).

A 2048-bit key takes 1.80x10³⁰⁸ times as long to crack as a 1024-bit key (about 2 followed by 307 zeros).

In each case the appropriate figure is 2^(B2-B1), where B1 is the number of bits in the smaller key, and B2 is the number of bits in the larger key.

I don't know where in the hell the reporter got his figures from, but they're too small by enormous orders of magnitude.

If every single atom in the universe were a computer a trillion times faster than the fastest computer today, and ran for a trillion years, you still wouldn't have enough computer power to crack a single 2048-bit key by brute force.

[Ernest_at_the_Beach]

Maybe they only found the Key in Pakistan...

[Jeff Gordon]

NSA is the finest technological intelligence organization in the world. The can read the mail like no one has ever dreamed about. They are so far ahead of everyone else in communications interception and cryptology that 1024 bit PGP key is child's play to them.

[GallopingGhost]

"The trouble with PGP was that, as far as NSA was concerned, it was too good. NSA got the U.S. government to declare programs like PGP to be military equipment, and subject to export controls. Trying to stop the spread of PGP was absurd, however, and the government eventually backed off. But NSA’s problem with PGP encoded messages remained. Or did it? NSA, obviously, is not going to admit that it can, or cannot, crack PGP encoded messages."

Aren't we all assuming that there is no backdoor to PGP? Does anybody think that the NSA was simply going to drop their opposition to exporting this technology?

[Cold Heart]

D-R-I-N-K
M-O-R-E
O-V-A-L-T-I-N-E

(BTTT)