[10166] in cryptography@c2.net mail archive
Re: password-cracking by journalists...
daemon@ATHENA.MIT.EDU (Jim Cheesman)
Thu Jan 17 15:05:22 2002
Message-Id: <4.3.1.2.20020117095646.0200c020@lucas>
Date: Thu, 17 Jan 2002 10:02:09 +0100
To: Steve Bellovin <smb@research.att.com>,
cryptography@wasabisystems.com
From: Jim Cheesman <jchees@msl.es>
In-Reply-To: <20020116141521.138597B4B@berkshire.research.att.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
At 03:15 PM 16/01/02, Steve Bellovin wrote:
>A couple of months ago, a Wall Street Journal reporter bought two
>abandoned al Qaeda computers from a looter in Kabul. Some of the
>files on those machines were encrypted. But they're dealing with
>that problem:
>
> The unsigned report, protected by a complex password, was
> created on Aug. 19, according to the Kabul computer's
> internal record. The Wall Street Journal commissioned an
> array of high-speed computers programmed to crack passwords.
> They took five days to access the file.
>
>Does anyone have any technical details on this? (I assume that it's
>a standard password-guessing approach, but it it would be nice to know
>for certain. If nothing else, are Arabic passwords easier or harder
>to guess than, say, English ones?)
Most Arabic words have a root of 3 letters, to which prefixes, suffixes and
vowels are added: the root drs for example is related to books and
teaching: madrasa is a school, mudaris a teacher, etc. (It's been a while
since I studied any Arabic, so I aplogise for errors here.)
Of more use (I would have thought) is the fact that the Coran has a limited
and standardised vocabulary (unlike the Bible, for example, which has many
versions, both modern and old.) That would certainly speed up any
dictionary search - assuming that any password/phrase came from the Coran,
of course.
Jim
--
* Jim Cheesman *
Trabajo:
jchees@msl.es - (34)(91) 724 9200 x 2360
If there's one thing I
can't stand, it's intolerance.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
