Wikileaks video "crypto".

Thierry Moreau thierry.moreau at connotech.com
Fri Apr 9 16:16:57 EDT 2010 

Perry E. Metzger wrote:
> Earlier this weeks, Wikileaks released of video of an incident involving
> an Apache helicopter which killed two Reuters reporters and a number of
> bystanders in Iraq.
> 
> A number of the reports surrounding the release claim that the video was
> "decrypted" by Wikileaks. Indeed, Wikileaks requested "supercomputer
> time" via twitter and other means to "decrypt" a video, see:
> http://twitter.com/wikileaks/status/7530875613
> 
> The video was apparently intentionally given to Wikileaks, so one can't
> imagine that the releasing parties would have wanted it to be unreadable
> by them (or that any reasonable modern cryptosystem would have be
> crackable). What, then, does the "decryption" claim mean here. Does
> anyone know?
> 

As the adage goes, "Those who know don't speak. Those who speak don't 
know." I am in the latter category.

I guess we can use the simplest explanation from the available clues.

(A) The video file was encrypted when it circulated within the "victim" 
organization (e.g. encrypted .zip file attached to an e-mail). (Granted 
"victim" of the breach is an euphemism when consideration is given to 
civilian deaths.)

(B.1) Someone not having the decryption key had a personal motivation 
for the leak.

(B.2) Or someone having the decryption key feared that release in 
decrypted form would allow to trace the source of the leak. Don't forget 
that many more people would have legitimate access to the ciphertext.

(C) Wikileaks analysts understood the brute force key cracking (and/or 
dictionary attack for a password-derived encryption key) and deemed it 
was useful in this case due to the significance of the video.

 From these simple explanations, the lesson would be the irony of the 
situation where brute force attack success (respectively dictionary 
attack success) can be attributed to the restrictions in cipher strength 
(respectively impediments to sensible key management schemes) that the 
government officials promoted for civilian use crypto.

My 0.00002 worth of wisdom (Friday afternoon special promotion!).

- Thierry Moreau

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list