Yet, like most security systems, encryption has an Achilles' heel -- the user. That's because some of today's most common encryption applications protect keys using a password supplied by the user. Most encryption programs urge users to pick strong, alphanumeric passwords, but far too often people ignore that critical piece of advice, said Bruce Schneier, an encryption expert and chief technology officer at Counterpane Internet Security Inc. in Mountain View, Calif.
"Most people don't pick a random password even though they should, and that's why projects like this work against a lot of keys," Schneier said. "Lots of people -- even the bad guys -- are really sloppy about choosing good passwords."
How DNA Works|
at 6:57 AM
The Secret Service's "Distributed Networking Attack" program consists of 4,000 computers linked together and configured to try different password combinations against a series of encryption keys.
The network is organized hierarchically, according to each computer's processing power and function, with each segment of the network named with a decidedly equine theme.
The machine that tells each segment of the network what to work on is called "Shadowfax," named after the horse in J.R.R. Tolkien's "Lord of the Rings" series.
Underneath Shadowfax are several "Blackhorse" machines that assign jobs to DNA computers in Secret Service-field offices around the country. The computers that actually do most of the computations are called "packhorses."
DNA scours a suspect's hard drive for words and phrases located in plaintext and fetches words from Internet sites listed in the computer's Web browser logs. DNA technicians then load the suspect's encrypted data into the system, while Shadowfax tells the Blackhorse computers how to distribute the workload of testing the keys against the word lists and execute any subsequent brute-force attacks against the targeted encryption keys.
-- Brian Krebs
Armed with the computing power provided by DNA and a treasure trove of data about a suspect's personal life and interests collected by field agents, Secret Service computer forensics experts often can discover encryption key passwords.
In each case in which DNA is used, the Secret Service has plenty of "plaintext" or unencrypted data resident on the suspect's computer hard drive that can provide important clues to that person's password. When that data is fed into DNA, the system can create lists of words and phrases specific to the individual who owned the computer, lists that are used to try to crack the suspect's password. DNA can glean word lists from documents and e-mails on the suspect's PC, and can scour the suspect's Web browser cache and extract words from Web sites that the individual may have frequented.
"If we've got a suspect and we know from looking at his computer that he likes motorcycle Web sites, for example, we can pull words down off of those sites and create a unique dictionary of passwords of motorcycle terms," the Secret Service's Lewis said.
DNA was developed under a program funded by the Technical Support Working Group -- a federal office that coordinates research on technologies to combat terrorism. AccessData's various offerings are currently used by nearly every federal agency that does computer forensics work, according to Hansen and executives at Pasadena, Calif.-based Guidance Software, another major player in the government market for forensics technology.
Hansen said AccessData has learned through feedback with its customers in law enforcement that between 40 and 50 percent of the time investigators can crack an encryption key by creating word lists from content at sites listed in the suspect's Internet browser log or Web site bookmarks.
"Most of the time this happens the password is some quirky word related to the suspect's area of interests or hobbies," Hansen said.
Hansen recalled one case several years ago in which police in the United Kingdom used AccessData's technology to crack the encryption key of a suspect who frequently worked with horses. Using custom lists of words associated with all things equine, investigators quickly zeroed in on his password, which Hansen says was some obscure word used to describe one component of a stirrup.
Having the ability to craft custom dictionaries for each suspect's computer makes it exponentially more likely that investigators can crack a given encryption code within a timeframe that would be useful in prosecuting a case, said David McNett, president of Distributed.net, created in 1997 as the world's first general-purpose distributed computing project.