The default encryption standards on exported versions of Windows 2000 may have revealed confidential details about the movements of the al-Qaeda network.
Two computers bought by Wall Street Journal reporters from looters in Kabul after it was captured by the Northern Alliance turned out to have been lifted from al-Qaeda headquarters and still contained documents relating to the terrorist group's activities.

Of the thousands of files stored on the machines some of the more interesting documents, including a number that may relate to 'Shoe Bomber' Richard Reid, were encrypted using Windows 2000's standard 40-bit DES Encrypting File System.

Using a cluster of computers, the Wall Street Journal managed to crack the 40-bit encryption keys. But this took five days as the computers had to cycle through over a trillion different keys.

Had the software been bought after March of last year, or in the US itself, the keys would have been 128-bit by default and billions of times harder to crack.

In related news, computer files found at the UK homes of two Muslims charged with intention to cause explosions allegedly contained bomb making instructions.

http://www.vnunet.com/News/1128496

why use windows encryption when pgp is free and much secure .... i guess we are lucky they are smart enough to use weak encryption .... yeap trust ms and they'll screw u....

Hmm.....this is really stupid to use 40bit encription ,especially from al-Qaeda,but anyway probably those weren't such important data,or who knows?

Well, 2 bad for them. I guess they get so wrapped up in shitting in caves and/or btiching about supposed American imperialism and injustice... they don't spend much time on the books. Hahaha, 40bits.....that makes me laugh.

I thought they were against the USA why are thy using American made Products.

Because they are hypocrites. All of them. I remember seeing Osama in bell-bottoms and a nice butterfly collar standing in fron of a big ol' Caddy(I think it was a caddy) Anyway you get the jist.

Couldn't they have just recovered the sam and logged in as the user with the appropriate key?

Ammo

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=#post) by KorpDeath
Because they are hypocrites. All of them. I remember seeing Osama in bell-bottoms and a nice butterfly collar standing in fron of a big ol' Caddy(I think it was a caddy) Anyway you get the jist.

I suppose that writing their own PGP is hard to do in a cave when all you have to use is rocks and dirt. :p They are a bunch of tools.

I expect in another year or 2 we will laugh
about 128 bit encription....

Highlander> We already do. 128 bit is enough to keep the government out of you computer for maybe 1/2 hour or so.

Hmm. Either they never expected anyone to get their hands on it, using the encryption in a less serious way (In other words, to deter the casual), or they were stupid, or they intended the computers to be found...

Some have suggested that the reason that DES was made an open standard, and then the NSA and FBI began whining about export control, was so that people would adopt DES, thinking that the NSA couldn't crack it. (Because they didn't want it exported.) In reality, as the theory goes, DES was ALREADY crackable or had a hidden weakness, and it was all a trick to get possible enemies of the state to use DES...

Yup the government can tear through 128bit encryption faster then a fat lady with a bag of chips. I use 448 bit encryption, it makes for long keys but at least you don't have to worry about the government cracking it in a weekend.

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=#post) by Merlinboy
Hmm.....this is really stupid to use 40bit encription ,especially from al-Qaeda,but anyway probably those weren't such important data,or who knows?

Wonder about how they got electricity in to those caves to run the machines...

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=#post) by cwk9
Yup the government can tear through 128bit encryption faster then a fat lady with a bag of chips. I use 448 bit encryption, it makes for long keys but at least you don't have to worry about the government cracking it in a weekend.


Ummm... 448? Yeah... I think their weekend's still spared at that point - Friday night, after the beer bash... want something a bit more secure - perhaps 2048?

Then again, most people protect their keyfiles with suitably weak keys, so the overall security of the encyption is significantly weakened, anyway (ie. it doesn't matter if you use an insanely long key to protect data if the keyring is only protected with a simple password).