US diplomatic cables released

[Siege]

And now the comedy option: Source.

Highlighting the many events surrounding the celebration will be the awarding of the UNESCO Guillermo Cano World Press Freedom Prize at the National Press Club on May 3rd. This prize, determined by an independent jury of international journalists, honors a person, organization or institution that has notably contributed to the defense and/or promotion of press freedom, especially where risks have been undertaken.

It'd be absolutely hysterical if the 'independent jury' determines that WikiLeaks ought to win that prize (it certainly qualifies on all counts). I'd love to see the squirming that'd be going on after that.

[Skgoa]

I am not sure how powerful military computers are meant to be, but they generally don't advertise how powerful they are (ie they aren't ranked in the list of fastest computers). Presumably this must be too difficult for even the most powerful civillian computers to break.

Military computers don't always go for speed, sometimes durability is more important. I've also heard that radiation-hardened computers and those able to resist EMP pulses are actually on the slow side, their chief virtue being able to withstand electronic assaults other computers can't. Of course, I expect the military has access to fast computers as well, my point is that "speed", "power" and other characteristics valued in the civilian world may not be what the military values most.

I'd expect the FBI and the CIA to have superior code-cracking abilities, but I'm no authority on the subject so I, too, am inclined to take the word of professionals over my wild ass guessing.

For a computer scientist, this is getting ever more hilarious.
A couple of facts/background information:
- Ruggedized military computer (as used on airplanes, ships etc.) will never ever be used to break encryption. Thats what the NSA has big buildings with huge computer clusters for. Those ARE built for raw performance.
- While I agree that the NSA might (and probably does) have a considerable amount of computing power to throw at the problem, it can't be orders of magnitude better than what the world's best funded universities and research centers field.
Why? Because the computing power that can be achieved is increasing rapidly as new technologies get developped and fielded as fast as possible. NSA simply can't be to far ahead of the curve, unless they got their tech from an alien spaceship or a transformer found in the arctic ice. Thus I am fairly certain that the semantics of "its just not practical" DO apply to the US government.
- How do I know that its not practical to break the insurence file's encryption? Because its encrypted using state of the art ciphers and seing as this is a case were performance is of a much lower priority than security, they might very well have used a ridiculously long key. While the code breakers might actually get lucky and guess the right key on the first try, this is extremely unlikely. And trying every possible key (this is the only option other than torturing whoever might know the key) will take a very very very long time. And then they might find another (or several more) layer of encryption inside.

[Skgoa]

Someone had mentioned the donation drive... WL actually hasn't used the majority of the donations they got, yet. The system they have is actually quite interesting:
- donations go to the Wau Holland Foundation(Wau-Holland-Stiftung), who are a registered non-profit association. They are connected to the german hacker/civil rights group Chaos Computer Club, who have quite a bit of public and political influence.
- WikiLeaks only gets money, if they can produce proof that they have spend money new servers, hosting, neccessary travel etc.

[mr friendly guy]

Note a 256 key is 10^154 possible combinations which is 10 followed by 154 zeros assuming it's a hexadecimal only code which means over a (looks up name for large number) a duotrigintillion which is 10^99 of possible combinations. Meaning if the hypothetical super computer could try 1 quadrillion attempts per second it would only take it 3.1^131 years to try all possible combinations or far more than a trillion years.

*Edit math errors (I'm sure I'm still wrong but it's close enough)
*Edit changed from trillion attempts per second to quadrillion because we do have as of 2010 petaflop super computers, the top 500 super computers put together get us just 30 odd petaflops a second per Wiki.

Wow. According to your numbers and my rough calcs (of 10^154 possible combinations), the 30 petaflops top 500 computers would still take 1.06e+130 years to crack that. It its 10^99 of possible combinations, presumably it will take 1.06e+75 years to crack.

[Stark]

That's why encryption is generally broken due to flaws in the algrorithm or plaintext attacks rather than brute force.

[Mr Bean]

That's why encryption is generally broken due to flaws in the algrorithm or plaintext attacks rather than brute force.

Correct, at 256 bit encryption brute force is not an option and does not look to be an option anytime soon. There are noises about quantum computers re-enabling brute force hacking but considering the level of encryption don't be surprised if they just don't move to 1024 level where even brute force becomes a distant dream unless you have a calculating planet at your disposal.

Algorithm flaws are becoming increasingly rare because random number generation is starting to come from incredibly random sources like radiation decay or quantum particle creation. Plaintext attacks and the other great option, machine compromise(Hello Key-loggers) are the current only methods to break a 256 bit password. Even 128 bit password is impossible to crack in a sane amount of time.

[LaCroix]

Also, given the fact that he probably hasn't used an off the shelf system, but multiple self-written encrypters in layers (I would have done if I were him.) So they can't just bully software companies into giving them the used algorithm (in secret, of course), which is needed if you want to break a code of modern complexity.

But even IF they manage to crack the code - what will they do? It's not as if that file isn't distributed to all over the planet. Knowing what's in it won't help them one bit if it's really a bombshell. And I doubt that this is just a bluff, I predict that they have put all the documents that would create havoc in there - those they couldn't leak because of their volatile content.

[folti78]

Also, given the fact that he probably hasn't used an off the shelf system, but multiple self-written encrypters in layers (I would have done if I were him.) So they can't just bully software companies into giving them the used algorithm (in secret, of course), which is needed if you want to break a code of modern complexity.

Doubtful, homegrown solutions have the problem that you have only limited resources to test their viability and security, which will result in exploitable flaws in the algorithm and/or implementation errors in the cypher application.

Also, if you made your own algorithm and wrote your own cypher app, you have to distribute your own application so people could decrypt it too. At that point you can be sure, that fuckton of government hackers, security freaks and other bithunters will pore over your released app with a fine comb to see how it works and whether it'll contain exploitable bugs(it'll unless you had a army of programmers and testers to test the fuck out of it). It's not easy, can be made difficult with programming tricks, but it can be done.

Meanwhile, tried and tested algorithms implemented in tried and tested crypto libraries and apps already used widely. Especially if they are open source apps, hosted on servers not under US jurisdiction. You can be sure that people went through the code of OpenSSL, GnuTLS or GnuPG many times to make sure they are as secure, error and backdoor free as it's possible(and found more than a few vulnerabilities, even if some of them are theoretical)

Encrypting the content multiple times, with multiple strong cyphers (with no known vulnerabilities) is still a more viable solution, because even if the outside encryption is brute forced, now you have to start the whole cracking process again, with a different cypher...

But even IF they manage to crack the code - what will they do? It's not as if that file isn't distributed to all over the planet. Knowing what's in it won't help them one bit if it's really a bombshell. And I doubt that this is just a bluff, I predict that they have put all the documents that would create havoc in there - those they couldn't leak because of their volatile content.

They can still check whether it's content is credible threat and start damage control or it's something only the WikiLeaks people thought as damning evidence but in reality it's harmless.

[Skgoa]

One little correction to what was written in the posts above: Advanced Encryption Standard (AES) is not susceptible to plaintext attacks.


Actually, while watching this discussion I more and more wondered if wikileaks would even want the NSA to be unable to break the enrcyption. They have encrypted that file so that it can be distributed without the people who have it being able to know what is contained. Why would it matter is the US government knew what is in there?

[folti78]

Actually, while watching this discussion I more and more wondered if wikileaks would even want the NSA to be unable to break the enrcyption. They have encrypted that file so that it can be distributed without the people who have it being able to know what is contained. Why would it matter is the US government knew what is in there?

Damage control for example? As long as it's remains encrypted, it's a huge Damocles' sword over the US's head, because nobody except the people who made it know whats inside it. It could be anything from random garbage to the backup of /b/'s content to some major skeleton from the US' large closet. Once it's fully decrypted by the US, the government could decide what steps it needs to take to mitigate the damage. Until then, they have to assume that all their skeletons that have been leaked by Pvt Manning or others must be taken care of. Or at least has to prepare for their eventual release.

[Broomstick]

Was it stated that "Insurance" was just US documents... or could there be stuff from all over in there?

[General Zod]

Was it stated that "Insurance" was just US documents... or could there be stuff from all over in there?

"US documents" is a very broad term. I doubt it just means "documents internal to the US that don't affect anyone else".

[Alyeska]

Joe Lieberman is sponsoring a bill to make Wikileaks illegal.

Bill is called SHIELD

What a load of shit. And why can't they get it through their thick fucking skulls that Assange is not a US citizen and not bound to US law? At this rate the US will start to make laws that target foreign critics allowing them to be charged as criminals and then demand their extradition to punish them for citicizing the US. Its fucking bullshit.

[HarrionGreyjoy]

The bill's only somewhat terrible and I don't really expect it to hold up in court if used on journalistic organizations, amusingly. Pentagon Papers blah blah etc.

Probably the most annoying thing about it is the continued attempt to legitimize the Espionage Act, which is a fairly dreadful if infrequently used piece of legislation. It's overbroad, mostly. But the amendment is a fairly innocuous bit of grandstanding that might not be very enforceable.

[Straha]

Was it stated that "Insurance" was just US documents... or could there be stuff from all over in there?

In the article a couple pages back it talks about it including documents from banks and other corporations as well as all the cables Wikileaks has gotten hands on and video of the deaths of civilians.

[General Zod]

Was it stated that "Insurance" was just US documents... or could there be stuff from all over in there?

In the article a couple pages back it talks about it including documents from banks and other corporations as well as all the cables Wikileaks has gotten hands on and video of the deaths of civilians.

Throw in files on Gitmo detainees.

Gitmo disclosures?
WikiLeaks' next assault on Washington may highlight U.S. government reports on suspected militants held at Guantanamo Bay, which some U.S. officials worry could show certain detainees were freed despite intelligence assessments they were still dangerous.

The Guantanamo leaks could be an embarrassment to President Barack Obama's administration, already angered over WikiLeaks document dumps of State Department cables, as it seeks to fulfill a 2-year-old pledge to close the prison and either release the foreign terrorism suspects or move them elsewhere.

Assange has told media contacts he has a large cache of U.S. government reports about inmates at the detention facility at Guantanamo Bay, Cuba, known as Gitmo, the last of four major tranches of U.S. government documents which WikiLeaks had acquired and at some point would make public.

"He's got the personal files of every prisoner in Gitmo," said one person who was in contact with Assange earlier this year.

[Pu-239]

Algorithm flaws are becoming increasingly rare because random number generation is starting to come from incredibly random sources like radiation decay or quantum particle creation.

It's more that flaws have been better understood and keys have been lengthened. On the flip side, government agencies can also have better hidden understanding of flaws. After all, differential analysis was known to the NSA and IBM for a decade before the public crypto community did.

Random numbers are mostly used during key-generation, and frequently keys are generated via just random user behavior, used as the seed to a secure PRNG or fed into a hash function. AFAIK most hardware RNGs come from thermal noise on diodes inside CPUs. Large amounts of good random data is very useful for one-time pads though.

Plaintext attacks and the other great option, machine compromise(Hello Key-loggers) are the current only methods to break a 256 bit password. Even 128 bit password is impossible to crack in a sane amount of time.

Don't forget rubber hose cryptoanalysis

[adam_grif]

The NSA is in the best position to crack the encryption, but they're also in the best position to already know what is inside it anyway. I would think that they are far less interested in cracking the encryption than foreign intelligence agencies would be.

Of course, if dictionary attacks and the like don't work, then they're probably never going to crack the code anyway.

[Guardsman Bass]

The Guardian has a very good round-up of the reaction to the cables in all of the countries discussed, with usually a paragraph or two for each country. I think it might be too long to post here in full, so I've simply placed the link above.

[Talhe]

The military is cracking down rather hard due to the breach:

http://www.wired.com/dangerroom/2010/12 ... new-leaks/

[Thanas]

Link to summary of the most egregious things found out through wikileaks.