Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Reading al Qaedas Encrypted Email
Strategypage ^ | August 5, 2004 | James Dunnigan

Posted on 08/04/2004 11:09:02 PM PDT by Straight Vermonter

click here to read article


Navigation: use the links below to view more comments.
first previous 1-2021-4041-50 next last
To: BurbankKarl
Even so, CIA probably has hackers who stole the info from PGP

Wouldn't help. PGP is open source. You can study it all you want. Anyone can.

21 posted on 08/05/2004 4:15:27 AM PDT by eno_ (Freedom Lite, it's almost worth defending.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: cryptical

I agree, a dictionary attack on a keystore would be the most probable solution.

I've always wondered about bruteforce attacks. Each attempt with a random key will produce some sort of result. How does the computer recognize when the correct key has been used, and a valid result has appeared?


22 posted on 08/05/2004 4:55:12 AM PDT by proxy_user
[ Post Reply | Private Reply | To 10 | View Replies]

To: BurbankKarl

"I would rather plant spyware on the Hotmail page that loads to any computer that accesses it from Pakistan, and pings the CIA computer from there... "

Intelligence agencies would get in big doodoo if caught doing something like that.

Plus, installing stuff on someome elses computer surrepititiously in that way requires specific browser versions etc to be in place etc - it's just not possible to bug every browser in Pakistan!


23 posted on 08/05/2004 5:35:08 AM PDT by adam_az (Call your State Republican Party office and VOLUNTEER!!!!)
[ Post Reply | Private Reply | To 9 | View Replies]

To: proxy_user

"I've always wondered about bruteforce attacks. Each attempt with a random key will produce some sort of result. How does the computer recognize when the correct key has been used, and a valid result has appeared?"

You can't do THAT kind of attack against asymmetric crypto.

You are describing dictionary attacks against symmetric crypto, like DES.

You have a dictionary, you encrypt each word, then compare the result to the captured password file, for example, and look for matches. That is (a vastly simplified but accurate) explanation of how people 'crack' passwords for example.


24 posted on 08/05/2004 5:38:03 AM PDT by adam_az (Call your State Republican Party office and VOLUNTEER!!!!)
[ Post Reply | Private Reply | To 22 | View Replies]

To: Paleo Conservative
This is something you don’t want to discuss, one way or the other

Yeah the cell phone thing was truly stupid too.

25 posted on 08/05/2004 5:40:53 AM PDT by Tom Bombadil
[ Post Reply | Private Reply | To 8 | View Replies]

To: proxy_user

Bruce Schneier has a nice little primer on how to recognize plaintext.

http://www.schneier.com/crypto-gram-9812.html#plaintext


26 posted on 08/05/2004 8:24:52 AM PDT by cryptical
[ Post Reply | Private Reply | To 22 | View Replies]

To: Straight Vermonter
"The trouble with PGP was that, as far as NSA was concerned, it was too good. NSA got the U.S. government to declare programs like PGP to be military equipment, and subject to export controls. Trying to stop the spread of PGP was absurd, however, and the government eventually backed off. But NSA’s problem with PGP encoded messages remained. Or did it? NSA, obviously, is not going to admit that it can, or cannot, crack PGP encoded messages."

Aren't we all assuming that there is no backdoor to PGP? Does anybody think that the NSA was simply going to drop their opposition to exporting this technology?

27 posted on 08/05/2004 8:35:42 AM PDT by GallopingGhost
[ Post Reply | Private Reply | To 1 | View Replies]

To: adam_az

how would intelligence agencies get in trouble for that? no one can even hold the people who are doing it accountable!

they have caught a few sympathizers setting up fake AQ websites....who knows what else they are doing...


28 posted on 08/05/2004 8:38:08 AM PDT by BurbankKarl (Wish we had armor at LAX)
[ Post Reply | Private Reply | To 23 | View Replies]

To: Straight Vermonter

D-R-I-N-K
M-O-R-E
O-V-A-L-T-I-N-E

(BTTT)


29 posted on 08/05/2004 8:39:39 AM PDT by Cold Heart
[ Post Reply | Private Reply | To 1 | View Replies]

To: adam_az

There are 3 different keys that are useful in attacking PGP encrypted traffic.

There's a message key, for the symmetric cipher that's used to encrypt the individual message. That should only be useful for decrypting one message, so it's not that useful. I'm pretty retro, so using PGP 2.6.2 this ciper would be IDEA, its key length will be 128 bits.

There's the private key of the recipient, which decrypts the
message key that's encrypted to the public key of the recipient. This is thing you want, because you can decrypt all messages sent to that key. That you've ever intercepted. Storage is cheap, so it's worthwhile to keep all encrypted traffic you can capture, in case you get ahold of the keys later on.

Then there's a symmetric key used to encrypt the private key for storage on disk. I'm thinking they used IDEA for PGP 2.6.2 to encrypt the private key, but I'm too lazy to look. There's a passphrase that allows decrypting the private key, note that you need the secret keyring to attack this. When you get the passphrase (the passphrase, if weak, will be a lot easier to attack than brute forcing the encryption on the key).


30 posted on 08/05/2004 8:40:48 AM PDT by cryptical
[ Post Reply | Private Reply | To 24 | View Replies]

To: VOA

I just finished that article. It was a great piece of journalism. It was really odd to see al Qaeda in the light of functioning like any other organization, with all the pettiness and power struggles.


31 posted on 08/05/2004 8:41:21 AM PDT by creepycrawly
[ Post Reply | Private Reply | To 2 | View Replies]

To: creepycrawly
It was really odd to see al Qaeda in the light of functioning like any other
organization, with all the pettiness and power struggles.


I won't be holding my breath for The National Organization of Women to
highlight Al-Quida's use of translucent screens to disguise the news reports by
female reporters.

I can't recall the exact verbiage, but I was a bit bothered over the passage about
Al-Quida sort of hoping for direct attacks by the USA in order to
gain support/sympathy from the Islamic world.
I'm behind Dubya even during this difficult phase, but do wonder if we've
done all the smart things to bring these peckerwoods to justice.
And/or make them irrelevant.
32 posted on 08/05/2004 8:46:51 AM PDT by VOA
[ Post Reply | Private Reply | To 31 | View Replies]

To: VOA
I won't be holding my breath for The National Organization of Women to highlight Al-Quida's use of translucent screens to disguise the news reports by female reporters.

That picture was hilarious. It was surreal to see these images encased in the familiar Windows environment (and in English, no les). Reminded me of the Taliban rushing around in those old Toyota pickups.

I second your skepticism, but dare not express it in this neighborhood.

33 posted on 08/05/2004 8:58:38 AM PDT by creepycrawly
[ Post Reply | Private Reply | To 32 | View Replies]

To: cryptical

That's interesting. But wouldn't the overhead of testing each decrypted message slow down brute forcing considerably? It's one thing to try a billion keys a second, and it's quite another to look at each decryption and decide if it's any good or not.

If the encryptor knew the plaintext recognition algorithm, he could also take steps to dodge recognition:

LikeHereIsMyPlainTextMessage.

If they're looking for spaces they're out of luck.


34 posted on 08/05/2004 9:38:07 AM PDT by proxy_user
[ Post Reply | Private Reply | To 26 | View Replies]

To: proxy_user
...wouldn't the overhead of testing each decrypted message slow down brute forcing considerably

Its really not a bad problem. Here's how Bruce Schneier explains it:

How to Recognize Plaintext

A brute-force cracking machine tries every possible key until it finds the right one. If the machine has a chunk of ciphertext and decrypts it with one key after the other, how does it know when it found the correct plaintext?

It seems obvious to me, but I get this question often enough to address it in these pages. The machine knows that it found the plaintext because it looks like plaintext.

Plaintext tends to look like plaintext. It's an English-language message, or a data file from a computer application (programs like Microsoft Word have large known headers; even PK-ZIP files have known headers), or a database in a reasonable format. When you look at a decrypted file, it looks like something understandable. When you look at a ciphertext file, or a file decrypted with the wrong key, it looks like gibberish.

In the 1940s, Claude Shannon invented a concept called the unicity distance. Among other things, the unicity distance measures the amount of ciphertext required such that there is only one reasonable plaintext. This number depends both on the characteristics of the plaintext and the key length of the encryption algorithm.

For example, RC4 encrypts data in bytes. Imagine a single ASCII letter as plaintext. There are 26 possible plaintexts out of 256 possible decryptions. Any random key, when used to decrypt the ciphertext, has a 26/256 chance of producing a valid plaintext. The analyst has no way to tell the wrong plaintext from the correct plaintext.

Now imagine a 1K e-mail message. The analyst tries random keys, and eventually a plaintext emerges that looks like an e-mail message: words, phrases, sentences, grammar. The odds are infinitesimal that this is not the correct plaintext.

Everything else is in the middle. The unicity distance determines when you can think like the second example instead of the first.

For a standard English message, the unicity distance is K/6.8, where K is the key length. (The 6.8 is a measure of the redundancy of English in ASCII. For other plaintexts it will be more or less, but not that much more or less.) For DES, the unicity distance is 8.2 bytes. For 128-bit ciphers, it is about 19 bytes.

This means that if you are trying to brute-force DES you need two ciphertext blocks. (DES's block length is 8 bytes.) Decrypt the first ciphertext block with one key after another. If the resulting plaintext looks like English, then decrypt the second block with the same key. If the second plaintext block also looks like English, you've found the correct key.

The unicity distance grows as the redundancy of the plaintext shrinks. For compressed files, the redundancy might be 2.5, or three blocks of DES ciphertext. For a 256-bit-key cipher, that would be 105 plaintext bytes. If the plaintext is a random key, the redundancy is zero and the unicity distance reaches infinity: it is impossible to recognize the correct plaintext from an incorrect plaintext.

But that's a special case. Most of the time, it is easy to recognize plaintext.


35 posted on 08/05/2004 11:46:07 AM PDT by ScuzzyTerminator
[ Post Reply | Private Reply | To 34 | View Replies]

To: eno_

Hope you're right.


36 posted on 08/05/2004 1:06:46 PM PDT by Finalapproach29er ( Election day: FOUR Supreme Court Justices! Enough said.)
[ Post Reply | Private Reply | To 20 | View Replies]

To: adam_az
it's just not possible to bug every browser in Pakistan!

Actually, it's not all that hard to bug a lot of them. Writing a worm that attacks a particular Internet address space and checks for local languages, etc., is well within possibility, and vastly cheaper than recon satellites.

37 posted on 08/05/2004 1:21:34 PM PDT by eno_ (Freedom Lite, it's almost worth defending.)
[ Post Reply | Private Reply | To 23 | View Replies]

To: GallopingGhost
Aren't we all assuming that there is no backdoor to PGP?

You can assume that U.S. intelligence and/or law enforcement have tried to strongarm every provider of encrypted communication to provide a backdoor.

There are, however, open source versions of PGP.

38 posted on 08/05/2004 1:24:39 PM PDT by eno_ (Freedom Lite, it's almost worth defending.)
[ Post Reply | Private Reply | To 27 | View Replies]

To: Finalapproach29er

You need some clue, hack, or exploit. Even in the days of Enigma, info gathered in the field about the machines, cleartexts, etc., were vital to success. I don't believe that there is fundamental knowledge that exists only inside NSA that enables them to crack encryption that other people cannot crack or prove a crack exists.

That said, 2048 bit keys are probably not excessive.


39 posted on 08/05/2004 1:28:34 PM PDT by eno_ (Freedom Lite, it's almost worth defending.)
[ Post Reply | Private Reply | To 36 | View Replies]

To: Ichneumon

"A 1024-bit key takes 1.16x10^77 times as long to crack as a 768-bit key (1 followed by 76 zeros)."

That would be a 1 followed by 77 zeros. Just like 1 times 10^2 is a one followed by 2 zeros.


40 posted on 08/05/2004 1:30:14 PM PDT by Flightdeck (Procrastinate later)
[ Post Reply | Private Reply | To 12 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-50 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson