From: wcs@anchor.ho.att.com
To: nick@mit.edu
Message Hash: d1e647891dd5443ecbba6b2a842737b5443ce640dec764ac11717e38ac608db3
Message ID: <9307100423.AA16160@anchor.ho.att.com>
Reply To: N/A
UTC Datetime: 1993-07-10 05:39:16 UTC
Raw Date: Fri, 9 Jul 93 22:39:16 PDT
From: wcs@anchor.ho.att.com
Date: Fri, 9 Jul 93 22:39:16 PDT
To: nick@mit.edu
Subject: Re: Can FBI/NSA break DES?
Message-ID: <9307100423.AA16160@anchor.ho.att.com>
MIME-Version: 1.0
Content-Type: text
Nick's story of the FBI agent telling him about having the NSA crack
DES files found on a PC in a drug case could of course be the agent
pulling his leg, but it could perfectly well be true.
After all, brute-force may not work well for searching 2**56 randomly-
generated session keys, but it's just fine for searching a million or
so easy-to-remember short stupid keys from dictionaries and such.
It's even faster if you augment your dictionary with the filenames on
the machine, first names of stupid people and the victim's friends,
family, customers, etc. If Crack can do a good job finding root passwords
for computer-literate sysadmins, it ought to be pretty good at finding
passwords for semi-literate folks as well.
Bill
# Bill Stewart wcs@anchor.ho.att.com +1-908-949-0705 Fax-4876
# AT&T Bell Labs, Room 4M-312, Crawfords Corner Rd, Holmdel, NJ 07733-3030
Return to July 1993
Return to “wcs@anchor.ho.att.com”
1993-07-10 (Fri, 9 Jul 93 22:39:16 PDT) - Re: Can FBI/NSA break DES? - wcs@anchor.ho.att.com