Osama using PGP encryption?! WTF?@!

[sgopal2]

I use PGP to encrypt stuff on my hard-drive once in a while.

I just figured I'd query the PGP keyserver for the heck of it to see what would pop up...and wouldn't you know it there were 2 keys that showed up with the query "Bin Laden":

Here is the link to the MIT PGP keyserver site

From the keyserver, there are 3 separate public keys, with 2 separate email addresses listed:

1. 
   Bin Laden <bin.laden@hushmail.com>, created 1/19/00 DSS 2048 bit key, unsigned
   
   Bin Laden <binladen@nym.alias.net>, created 8/26/99 RSA 2048 bit key, unsigned
   
   Osama Bin Laden <no email address listed> created 4/30/01 DSS 2048 bit key, signed by unknown signer "0xDE7EEF67"

This means that these fvckers from Afganistan are using PGP, a freeware public-key private key encryption system to communicate. I sure hope the NSA people have something that can break these 2048 bit keys...

Can anyone find out more info on those email addresses above and see if they're really his?!?

 

[thereds]

Yeah, like he'd be using his own name to communicate.

Geez.

 

[xchangx]

I seriously doubt he would be using that. I imagine he would have his own satellite communications.

chang

 

[MikeO]

Yeah he encrypts his messages but still sends them with he's own name? C'mon...

 

[jpsj82]

"Yeah, like he'd be using his own name to communicate.

Geez."

no kidding. Bin Laden is an idiot, but he is not stupid. nobody would use there own name in making terriost attacks. and to think about it, who would want their data encrypt with the name Bin Laden?

 

[piku]

Hey, I saw him playing the new Wolfenstein multiplayer test too! Damn he sure is in the know when it comes to gaming...

 

[sgopal2]

Uh, ex-squeeze me.

WHY wouldn't he be using his own name? The PGP encryption scheme is impossible to break. The more widespread and easily available your public key is, the easier it is for people (in his case, his terrorist buddies) to communicate with him.

 

[jpsj82]

also the guy lives in mud huts in Afghanistan. he moves several times a week, do you really think that he is on a computer a lot.

 

[glenn1]

<< The PGP encryption scheme is impossible to break. >>



No encryption scheme is impossible to break, given enough time and resources. It might be in a practical sense undoable currently, but not impossible. In a few years, with the progression of Moore's Law, sufficient computing power might be available to be brought to bear on solving encryption algorithyms, that PGP might seem pretty weak.

 

[piku]

<< with the progression of Moore's Law >>


That doesn't even factor in Quantum Computing, which may or may not be a reality in that timeframe.

 

[sgopal2]

Breaking the PGP encryption scheme IS impossible. And will be for the near future as well. Here is a quote from a PGP web page that describes vulnerabilities in the PGP encryption scheme:



<< Still, factoring large numbers is hard. However, with the advances in number theory and computing power, it is getting easier. In 1977 Ron Rivest said that factoring a 125-digit number would take 40 quadrillion years. In 1994 RSA129 was factored using about 5000 MIPS-years of effort from idle CPU cycles on computers across the Internet for eight months. In 1995 the Blacknet key (116 digits) was factored using about 400 MIPS-years of effort (1 MIPS-year is a 1,000,000 instruction per second computer running for one year) from several dozen workstations and a MasPar for about three months. Given current trends the keysize that can be factored will only increase as time goes on. The table below estimates the effort required to factor some common PGP-based RSA public-key modulus lengths using the General Number Field Sieve:

KeySize MIPS-years required to factor
-----------------------------------------------------------------
512 30,000
768 200,000,000
1024 300,000,000,000
2048 300,000,000,000,000,000,000
>>



Now to me, 300,000,000,000,000,000,000 MIPS-years is a friggin-long-@ss time to crack a PGP key. Here is the link if you want to see the whole thing: http://axion.physics.ubc.ca/pgp-attack.html

 

[chiwawa626]

<< This means that these fvckers from Afganistan are using PGP, a freeware public-key private key encryption system to communicate. I sure hope the NSA people have something that can break these 2048 bit keys... >>



dude u dont think bin laden is that stupid do u? he must be a hell of a lot smarter then u are.

 

[kranky]

Seems very likely that they do indeed use PGP or something like it. Some years back he learned that his satellite phone calls (not cellular, satellite) were being intercepted and then went to mostly computer-based communication.

I saw this on the news the other day.

 

[chiwawa626]

Im guessing if it realy needed to break a pgp, go to the pgp creator, he could crack it... i bet.

 

[etech]

Is this an idea for a new distributed new project?

Break the terrorists code!

 

[boolerboy]

PGP has been analyzed by many crypto experts but they have not found a backdoor in it. And Phil Zimmermann (the inventor of PGP) doesn't seem to be type to put in a backdoor. This is the guy that printed his PGP source code on paper to get around the US government's laws against exporting strong crypto a few years ago. Apparently, print is protected by the first ammendment.

The government relaxed the strong crypto export laws a while back, so companies could export 128 bit (symmetric key) or 1024 bit (assymetric key) crypto. I suspect that they allowed this only because the NSA now has the technology to break 128 bit crypto in a short time. But that's just me being suspicious of the government.

 

[arcain]

I believe Bin Laden is known to be a fan of encryption. But I have also heard reports that he now doesn't use any sort of electronic devices (possibly due to his "house arrest").

Going to the creator will do no good. He wrote it using the known RSA algorithm. And brute force factoring probably isn't going to happen. It took researchers more than 5 months to factor a 155 digit number in 1999, using a lot of computing power. A 2048 bit key corresponds to 617 digits. If the NSA has a quick crack, it'll be because they have some brilliant mathematicians, not because they have huge computing power.

 

[Lioness]

The NSA is well aware of Bin Laden using this type of encryption. And No, not even the creator can fix this problem. How do I know?

I saw it on Dateline or 20/20 or some program of that nature within the past month. After the WTC fell, I tried everything I could to locate the transcript of that television program. I am sorry I cannot furnish you the proof.

The television viewer was shown some rooms in the NSA that had never been shown before. Each room was filled to capacity with PC's. The PC's monitor communications worldwide, trying to break code etc. etc. This NSA man was not an employee, but a high official within the NSA. He was quite nervous, which made me nervous. A man like this should not be the nervous type in his position.

The NSA lacked the funding to compete technology wise. He explained that some countries had people who had the means (money) for better technological equipment than what they had in the NSA. He never mentioned the name Bin Laden. However, he did voice his concern over an encryption code that they could not be broken.

From there, the television viewer was taken to the man who invented the encryption. Apparently, it's a freeware that he put together to protect the privacy of American citizens e-mail. Yes, "e-mail". Don't ask me how this is possible I am not familiar in this area. Some of you ATOT may know the name of this freeware.

The interviewer explained to him what the NSA man had said. The ecryption man said again he did this to protect privacy of American citizens and it never crossed his mind that his encryption would be valuable to enemies of the USA. When asked if he could break his own encryption, he said "No." I would but I can't. And yes, that he had been asked by the NSA to do exactly that.

Now, I'm sure many of you understand how this is im/possible to do more than I.

My concern was, why in heaven would something like this ever allowed to be televised.

Out of all you ATOT members, I can't possibly be the only one who saw this. At the same time, I understand if one cannot furnish proof of those transcripts it should be taken with a grain of salt. I would feel the same if I were in your position, but also do some research for this transcript.

At least the television station that put this program on the air should come forward (or is it the wrong time?) with this.

 

[Ameesh]

this is exatcly the problem the fbi and cia were talking about but nooo all these freak paranoid people had to have thier own 2k keys. now criminals of all sorts can talk right in front of us and we cant do jack.



and for the people who say just wait a few years we'll have computers to break the codes, yeah right. in a few years everyon wil be using 10k or 20k keys instead.

 

[Justarius]

If the PGP encryption method is based on RSA but simply with larger numbers to be factored, then it is just about impossible to crack, except perhaps the brute force method (that involves testing every frigging number). I think they came up with a new method that simplies factoring, but even that method would take an extremely long time to utilize. By then they can simply use even larger numbers and it'd be back to the drawing board.

Why is it so terribly difficult to crack? Because noone has found any fast way to find the factors of a number. At least this is what I remember of it, someone jump in and clear it up for me= ).

 

[boolerboy]

PGP uses (i should say used to the last time i checked) IDEA for encryption, RSA for key management and MD5 for hashing.

RSA math:
find two random large prime numbers p and q.

compute n = pq

find encryption key e, such that e and (p-1)(q-1) are relatively prime.

using the extended euclidean algorithm, compute the decryption key d, such that e and d are inverses of each other modulo (p-1)(q-1).

if message m is to be encrypted, then the encrypted message
c = (m ^ e) mod n

to decrypt the message,
m = (c ^ d) mod n

e and d are, in a manner of speaking, opposites of each other. what e can do, d can undo and vice versa. the decryption key d is kept private. the encryption key e is made available to the public. given d and n, if one was to figure out p and q, the algorithm would be considered broken. all these numbers are large - 1024 bits and more. factoring such large numbers is very slow by the standards of computing hardware available to the masses.

if i remember PGP correctly, the sender generates a symmetric key for the IDEA algorithm and uses it to encrypt the message. the sender then encrypts the IDEA key with the receiver's public key. optionally, the sender generates a hash of the entire message using MD5 and encrypts it with his private key. this last step is called signing. the receiver verifys the signature first, if it is present. he uses the sender's public key to decrypt the hash. then he independently generates a hash of the entire message and compares the two. if they match, he knows that the message actually came from the sender and not just anyone. then the receiver uses his private key to decrypt the IDEA key. the IDEA key is then used to decrypt the actual message.

PGP uses both symmetric and asymmetric crypto for performance reasons. asymmetric crypto is slow because of the exponentiation. symmetric crypto usually goes much faster because it uses bit permutation and substitution.

 

[piku]

I agree 100% Ameesh.

 

[Superdoopercooper]

Dude... MIT is FILLED with geeks of unknown brain capacity... I know... some of them helped me get through Multivariable calculus there (thanks by the way if you're reading this)!!

So... these said people were probably board sitting through astro-physics and topology classes... and decided to plug into the nearby network drop... and do some silliness.

Bin Laden has so many names, aliases, etc... I wonder if HE even knows his own name?! I don't buy those three security key signatures.

Edit: Okay... maybe he did use the PGP thing... but I thought you folks might find my first sentence slightly amusing, anyway.

 

[rahvin]

<<this is exatcly the problem the fbi and cia were talking about but nooo all these freak paranoid people had to have thier own 2k keys. now criminals of all sorts can talk right in front of us and we cant do jack.



and for the people who say just wait a few years we'll have computers to break the codes, yeah right. in a few years everyon wil be using 10k or 20k keys instead>>

You can't make encryption illegal, pandora's box was opened 50 years ago when the idea was invented. We must deal with the fact that said encryption exists, not make silly laws that hurt internal industries while accomplishing no ready goal. The availability of said encryption makes credit card and banking transactions safe, it protects our entire economic, millitary and civillian enterprise systems.

Guns don't kill people, people do. Encryption doens't hurt people, people do.

 

[sgopal2]

Phil Zimmerman made the PGP code freely available when he first wrote the code back in the late 90s.

Many many expert cryptologists have examined the code and found no back-doors. The code itself is released with a PGP signature, so if someone fvcks around with the code, you can simply view the signature to see if the code has been tampered with before you install it on your system.

There is also something called PGPFone that lets people communicate securely using phone lines...this would render phone taps useless.