Re: Wikileaks video crypto.
On Apr 9, 2010, at 3:06 PM, Perry E. Metzger wrote: Earlier this weeks, Wikileaks released of video of an incident involving an Apache helicopter which killed two Reuters reporters and a number of bystanders in Iraq. A number of the reports surrounding the release claim that the video was decrypted by Wikileaks. Indeed, Wikileaks requested supercomputer time via twitter and other means to decrypt a video, see: http://twitter.com/wikileaks/status/7530875613 The video was apparently intentionally given to Wikileaks, so one can't imagine that the releasing parties would have wanted it to be unreadable by them (or that any reasonable modern cryptosystem would have be crackable). What, then, does the decryption claim mean here. Does anyone know? According to an interview with Julian Assange (one of the Wikileaks founders) at http://www.sueddeutsche.de/politik/740/507892/text/ , the decryption was essentially passphrase guessing. From Google Translate: He and a team of cryptographers had then worked for about three months out. The aim was to find among a few million of the most likely the correct passwords. See also http://www.youtube.com/watch?v=7QEdAykXxoM around the 1:22 mark. For what it's worth, the original encrypted file (encrypted with OpenSSL's 'enc' tool it seems) is claimed to be at http://leaks.telecomix.org/cm.rda. They do not provide the passphrase that managed to decrypt it. David - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Wikileaks video crypto.
On Fri, Apr 9, 2010 at 13:06, Perry E. Metzger pe...@piermont.com wrote: The video was apparently intentionally given to Wikileaks, so one can't imagine that the releasing parties would have wanted it to be unreadable by them (or that any reasonable modern cryptosystem would have be crackable). What, then, does the decryption claim mean here. Does anyone know? majord...@metzdowd.com This site http://leaks.telecomix.org/ claims to have the original, unencrypted video. It appears to have been encrypted with OpenSSL given the Salted__ prefix. -- Thomas Coppi - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Wikileaks video crypto.
Perry E. Metzger wrote: Earlier this weeks, Wikileaks released of video of an incident involving an Apache helicopter which killed two Reuters reporters and a number of bystanders in Iraq. A number of the reports surrounding the release claim that the video was decrypted by Wikileaks. Indeed, Wikileaks requested supercomputer time via twitter and other means to decrypt a video, see: http://twitter.com/wikileaks/status/7530875613 The video was apparently intentionally given to Wikileaks, so one can't imagine that the releasing parties would have wanted it to be unreadable by them (or that any reasonable modern cryptosystem would have be crackable). What, then, does the decryption claim mean here. Does anyone know? As the adage goes, Those who know don't speak. Those who speak don't know. I am in the latter category. I guess we can use the simplest explanation from the available clues. (A) The video file was encrypted when it circulated within the victim organization (e.g. encrypted .zip file attached to an e-mail). (Granted victim of the breach is an euphemism when consideration is given to civilian deaths.) (B.1) Someone not having the decryption key had a personal motivation for the leak. (B.2) Or someone having the decryption key feared that release in decrypted form would allow to trace the source of the leak. Don't forget that many more people would have legitimate access to the ciphertext. (C) Wikileaks analysts understood the brute force key cracking (and/or dictionary attack for a password-derived encryption key) and deemed it was useful in this case due to the significance of the video. From these simple explanations, the lesson would be the irony of the situation where brute force attack success (respectively dictionary attack success) can be attributed to the restrictions in cipher strength (respectively impediments to sensible key management schemes) that the government officials promoted for civilian use crypto. My 0.2 worth of wisdom (Friday afternoon special promotion!). - Thierry Moreau - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Wikileaks video crypto.
There were some speculations around which crypto may have been broken over at Bruce Schneiers Facebook page. Apart from some DES suggestions I think the following comment was interesting: Pete Grounds I would suggest that it was originally an encrypted DVB stream, similar to what is used for pay tv. There is a history of the mil using this tech, in fact the unencrypted feeds from those uavs was DVB with no encryption. I would imagine that the crack was a brute forcing of the key used for the CSA (common scrambling algo) bulk DVB cipher. Yesterday at 10:45am http://en.wikipedia.org/wiki/Common_Scrambling_Algorithm The cryptanalysis blurb is quoted out of context, as it only applies to the stream cipher component. The cipher also has a block cipher component used in CBC mode, which in combination with the aforementioned stream cipher frustrates analysis quite a bit. The major weakness seems to be that the key only has 48 bits of effective entropy. So the major challenge in beraking CSA may very well be to locate sufficient known plain text in the mpeg stream. Frank On Fri, 2010-04-09 at 15:06 -0400, Perry E. Metzger wrote: Earlier this weeks, Wikileaks released of video of an incident involving an Apache helicopter which killed two Reuters reporters and a number of bystanders in Iraq. A number of the reports surrounding the release claim that the video was decrypted by Wikileaks. Indeed, Wikileaks requested supercomputer time via twitter and other means to decrypt a video, see: http://twitter.com/wikileaks/status/7530875613 The video was apparently intentionally given to Wikileaks, so one can't imagine that the releasing parties would have wanted it to be unreadable by them (or that any reasonable modern cryptosystem would have be crackable). What, then, does the decryption claim mean here. Does anyone know? Perry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Interesting blog post from Matt Blaze
Matt has an interesting blog post up about the afterward he wrote for Applied Cryptography 15 years ago, and how little has changed in the interim: http://www.crypto.com/blog/afterword/ Perry -- Perry E. Metzgerpe...@piermont.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
