Wikileaks video "crypto".
thierry.moreau at connotech.com
Fri Apr 9 16:16:57 EDT 2010
Perry E. Metzger wrote:
> Earlier this weeks, Wikileaks released of video of an incident involving
> an Apache helicopter which killed two Reuters reporters and a number of
> bystanders in Iraq.
> A number of the reports surrounding the release claim that the video was
> "decrypted" by Wikileaks. Indeed, Wikileaks requested "supercomputer
> time" via twitter and other means to "decrypt" a video, see:
> The video was apparently intentionally given to Wikileaks, so one can't
> imagine that the releasing parties would have wanted it to be unreadable
> by them (or that any reasonable modern cryptosystem would have be
> crackable). What, then, does the "decryption" claim mean here. Does
> anyone know?
As the adage goes, "Those who know don't speak. Those who speak don't
know." I am in the latter category.
I guess we can use the simplest explanation from the available clues.
(A) The video file was encrypted when it circulated within the "victim"
organization (e.g. encrypted .zip file attached to an e-mail). (Granted
"victim" of the breach is an euphemism when consideration is given to
(B.1) Someone not having the decryption key had a personal motivation
for the leak.
(B.2) Or someone having the decryption key feared that release in
decrypted form would allow to trace the source of the leak. Don't forget
that many more people would have legitimate access to the ciphertext.
(C) Wikileaks analysts understood the brute force key cracking (and/or
dictionary attack for a password-derived encryption key) and deemed it
was useful in this case due to the significance of the video.
From these simple explanations, the lesson would be the irony of the
situation where brute force attack success (respectively dictionary
attack success) can be attributed to the restrictions in cipher strength
(respectively impediments to sensible key management schemes) that the
government officials promoted for civilian use crypto.
My 0.00002 worth of wisdom (Friday afternoon special promotion!).
- Thierry Moreau
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography