In message <v0421010cb86ca9bc4254@[192.168.0.2]>, "Arnold G. Reinhold" writes: >At 9:15 AM -0500 1/16/02, Steve Bellovin wrote: >>A couple of months ago, a Wall Street Journal reporter bought two >>abandoned al Qaeda computers from a looter in Kabul. Some of the >>files on those machines were encrypted. But they're dealing with >>that problem: >> >> The unsigned report, protected by a complex password, was >> created on Aug. 19, according to the Kabul computer's >> internal record. The Wall Street Journal commissioned an >> array of high-speed computers programmed to crack passwords. >> They took five days to access the file. >> >>Does anyone have any technical details on this? (I assume that it's >>a standard password-guessing approach, but it it would be nice to know >>for certain. If nothing else, are Arabic passwords easier or harder >>to guess than, say, English ones?) >> > >Outside of the good possibility that they might be quotations from >Islamic religious texts, why would you think Arabic passwords are any >easier to guess?
I didn't say that they would be easier; I asked... As for why I asked -- while I don't know much about Arabic, I do know some Hebrew, and the languages are related. Some aspects of Hebrew would certainly impact a guessing program. For one thing, in Hebrew (and, I think, Arabic) vowels are not normally written. Hebrew vowels look like dots or lines surrounding the letters, which are all consonants; printed Hebrew material aimed at Israeli adults omits the vowels. Also, there are a few Hebrew letters which have different forms when they're the final letter in a word -- my understanding is that there are more Arabic letters that have a different final form, and that some have up to four forms: one initial, two middle, and one final. Finally, Hebrew (and, as someone else mentioned, Arabic) verbs have a three-letter root form; many nouns are derived from this root. Do these matter? I think so, though I suspect they'd make the problem harder. But I don't know, and I'd like to learn from someone who has paid more attention to the problem of password-cracking in other languages and alphabets. --Steve Bellovin, http://www.research.att.com/~smb Full text of "Firewalls" book now at http://www.wilyhacker.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]