Perry E. Metzger wrote:
Earlier this weeks, Wikileaks released of video of an incident involving
an Apache helicopter which killed two Reuters reporters and a number of
bystanders in Iraq.
A number of the reports surrounding the release claim that the video was
"decrypted" by Wikileaks. Indeed, Wikileaks requested "supercomputer
time" via twitter and other means to "decrypt" a video, see:
http://twitter.com/wikileaks/status/7530875613
The video was apparently intentionally given to Wikileaks, so one can't
imagine that the releasing parties would have wanted it to be unreadable
by them (or that any reasonable modern cryptosystem would have be
crackable). What, then, does the "decryption" claim mean here. Does
anyone know?
As the adage goes, "Those who know don't speak. Those who speak don't
know." I am in the latter category.
I guess we can use the simplest explanation from the available clues.
(A) The video file was encrypted when it circulated within the "victim"
organization (e.g. encrypted .zip file attached to an e-mail). (Granted
"victim" of the breach is an euphemism when consideration is given to
civilian deaths.)
(B.1) Someone not having the decryption key had a personal motivation
for the leak.
(B.2) Or someone having the decryption key feared that release in
decrypted form would allow to trace the source of the leak. Don't forget
that many more people would have legitimate access to the ciphertext.
(C) Wikileaks analysts understood the brute force key cracking (and/or
dictionary attack for a password-derived encryption key) and deemed it
was useful in this case due to the significance of the video.
From these simple explanations, the lesson would be the irony of the
situation where brute force attack success (respectively dictionary
attack success) can be attributed to the restrictions in cipher strength
(respectively impediments to sensible key management schemes) that the
government officials promoted for civilian use crypto.
My 0.00002 worth of wisdom (Friday afternoon special promotion!).
- Thierry Moreau
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
