CDR: RE: Re: why should it be trusted?

[Ray Dillinger]

It occurs to me that the NSA may in fact have a much easier time 
of cracking most encrypted messages than is generally believed by 
the people who use them. 

We can rule out the idea that they may have computers capable of 
solving the ciphers by a brute force key search or modulus factoring
-- basically, such a computer would be at least the size of jupiter, 
assuming complete mastery of nanotech.  Since we can't see any such 
objects within five or six light-days, that pretty much cooks the 
"near real-time solving" of ciphers. 

However, we are forgetting what they do have.  They've got Echelon. 
That means all kinds of intercepts, by and about the people 
communicating, most of them in plaintext. They keep dossiers 
on people that list vital statistics like birthdate, hometown, 
grade school and high school classmates, parents, siblings, 
neighbors, organizations, etc.  They've got all our goofy quotes 
from our usenet posts, and of course everything that anyone's 
said on mailing lists like this one. 

Since most people use passwords and passphrases that are some 
chunk of personal information, their system may not have to crunch 
very long to come up with the password used by a particular target. 

Security sweeps are always finding people who used, eg, their 
college ID number, their first girlfriend's name, the street 
they lived on as a kid, their parents' address, names of 
countries or cities or fictional or historical characters, or 
even ghods help us their own drivers license number or SSN as a 
password.  The spooks tend to have all of this info in a nice 
cross-indexed database, so they can start guessing on something 
a hell of a lot easier than random keys.

If the NSA is using their resources effectively, and the key 
generator uses an input password or passphrase instead of random 
numbers, they may indeed be able to crack most 2048-bit RSA 
messages, in near realtime, just by knowing all the details 
about the people who sent them.  This is not an attack on the 
cipher, but it could have the same effect against most opponents 
most of the time. 

Witness the case of Rashael Keavy, an enterprising businesswoman 
of San Francisco.  In San Francisco, prostitution is considered 
about on a par with jaywalking.  Technically it's illegal, but 
the cops, as a matter of policy, don't bother making arrests 
unless there's a "real" crime, either against the pro or against 
the john, involved.  Ms. Keavy operated a ring of "outcall" 
prostitutes, and unlike most people in such businesses, treated 
her employees very well.  Paid them $50K salaries, with bennies, 
a four month annual vacation, and a comprehensive health plan, 
according to the papers that covered the arrest.  Anyway, when 
she expanded her business to the south, she encountered San Jose, 
where prostitution is actually considered a crime.  A few months 
later, when the San Jose police were trying to raise money for 
something or other, she was arrested.

She kept her business records encrypted on a laptop, and used a 
good cipher, and used some kind of file wipe utility -- so the 
cops figured they'd have to get one of her employees to testify 
against her -- but her employees, describing her as "a great 
woman", "an american hero", and generally the best thing ever 
to happen to them, flatly and unanimously refused to do so.  

This by the way is what attracted the attention of the press.  
Madams rarely inspire unconditional personal loyalty.

So the cops called in a "data recovery" specialist from the 
FBI, and her laptop yielded up its secrets in short order.
Ms. Keavy is now serving five to ten.  (or heck, this was a 
couple years ago, she may be paroled by now).  TANJ.  

Now I don't know what happened here -- there are any number of 
things that could have been done wrong in securing the laptop, 
especially since it was done by someone whose primary business 
was not cryptography. 

She may have forgotten to erase one time.  She may have erased 
but failed to use her file wipe utility.  The file wipe utility 
might have been one of those wimpy naive ones that just writes 
zeros over a file. The OS may have swapped the encryption program 
into the swapfile at a moment when the key was in memory, where 
they could just pick it off the disk later.

But, it's also plausible that they just made a copy of the 
encrypted files, sent them off to the Fort, and let a million 
dollars worth of hardware running with a dossier about her 
whole damn life spend a few hours guessing her passphrase.  
Did they break the cipher?  No.  Did they break the message? 
You betcha.


				Bear