in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Data Encryption Software: Jihadist Doesn't Trust Modern Encryption Because Kaffirs Know About It

The other day I was remarking how encryption is powerful stuff, and pointed towards a problem that was pestering the FBI's crypto guys for twenty years.  Yes, encryption like AlertBoot software can ensure that secrets remain exactly that, a secret.

Then there are the non-believers such as Rajib Karim, better known in the UK as the Bangladeshi that plotted a terrorist attack from the confines of British Airways's IT department.  According to reports, Karim used a single-letter substitution cipher to encode messages and,

...rejected the use of a sophisticated code program called "Mujhaddin Secrets", which implements all the AES candidate cyphers, "because 'kaffirs', or non-believers, know about it so it must be less secure". [theregister.co.uk]

AES is, if you're not aware, one of the best encryption algorithms out there.  It's been cleared for use by the US government to guard its secrets, and its 256-bit version is used in powering AlertBoot endpoint encryption software for laptops.  Several weaknesses have been found, but nothing that would merit scrapping its use (and it's not because there's nothing of equal strength out there; it's just that the weaknesses are hard to implement successfully, and as I understand it, theoretical at this point).

Everybody Knows of It

Karim was right in noticing that kaffirs know about AES.  Heck, kaffirs and non-kaffirs not only know about it, they know how it works: the algorithm is open for inspection by all.  The strength of it lies in the fact that the encryption key, a random string of letters, numbers, and other characters, is kept secret by the person who creates it.  That's why AES and other modern encryption are considered to be so powerful: you can't crack it even if you know how it works!

Caesar Used It

Karim, instead of putting in his chips with AES, decided to create his own crypto solution: an Excel spreadsheet that was a base for creating a single letter substitution cipher, more commonly known as a Caesar cipher.  As you can tell from the name, it was used by the Roman general.

The cipher is pretty simple.  Letters are shifted a set number of places.  So, for example, if "A" is equal to "M," then "B" is equal to "N," "C" is equal to "O," and so on and so forth.  So, the word "cab" would end up reading "omn."  Of course, Karim didn't just a single iteration; instead, it looks like he may have used five iterations, where the a word is shifted, then the result is shifted, which is also shifted, etc. five times.

The problem with the above approach to encrypting data is that modern computers can be used to crack the problem in a very efficient manner.  (That's why modern encryption was created.)


Related Articles and Sites:
http://www.theregister.co.uk/2011/03/22/ba_jihadist_trial_sentencing/
http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/8391162/British-Airways-bomber-jailed-for-30-years.html

 
<Previous Next>

Hard Disk Encryption: Eisenhower Medical Center (Rancho Mirage) Breach Affects 514,330 People

Drive Encryption Software: NYU Langone Medical Center Notifies Nearly 670 Of Data Breach

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.