Slashdot Mirror

Schneier on Security
A blog covering security and security technology.
April 1, 2006
Announcing: Movie-Plot Threat Contest

For a while now, I have been writing about our penchant for "movie-plot threats": terrorist fears based on very specific attack scenarios. Terrorists with crop dusters, terrorists exploding baby carriages in subways, terrorists filling school buses with explosives -- these are all movie-plot threats. They're good for scaring people, but it's just silly to build national security policy around them.

But if we're going to worry about unlikely attacks, why can't they be exciting and innovative ones? If Americans are going to be scared, shouldn't they be scared of things that are really scary? "Blowing up the Super Bowl" is a movie plot to be sure, but it's not a very good movie. Let's kick this up a notch.

It is in this spirit I announce the (possibly First) Movie-Plot Threat Contest. Entrants are invited to submit the most unlikely, yet still plausible, terrorist attack scenarios they can come up with.

Your goal: cause terror. Make the American people notice. Inflict lasting damage on the U.S. economy. Change the political landscape, or the culture. The more grandiose the goal, the better.

Assume an attacker profile on the order of 9/11: 20 to 30 unskilled people, and about $500,000 with which to buy skills, equipment, etc.

http://www.schneier.com/blog/archives/2006/04/announcing_movi.html
http://www.schneier.com/blog/archives/2006/06/movieplot_threa_1.html

This photographer doesn't just assert his right to take panoramic photos - he also asserts the right to completely override a person's wishes.

If someone registers NOT to have their home photographed, and he goes there taking photos and publishing them either way, is that the right way to deal with people?

We have here two opposite wishes, one of the photographer to make legal pictures in public places and the other of the owner of controlling photographers taking pictures. In Germany, the matter is pretty clear, the wish of not having the pictures taken is secondary to the one taking pictures as long as it's from eye level. Wanting greater control from the house owners is simply rude and impinges unreasonably on the photographer's freedom. The freedom of the house owner starts two foot higher, where the photographer will respect the wishes of the house owner. Google didn't.

Why does he do it? Probably because he's fed up as most photographers with the War on Photgraphy where their profession or hobby is made nearly impossible by random idiots illegally restricting their granted rights.

Naturally, I couldn't even glance at this headline without thinking of Bruce Schneier. He has written a post on his blog disclaiming responsibility. On the other hand, if there's anyone at all who can hunt down the perpetrators... this will easily be the most epic cyber-battle ever!

(From the "don't explain the joke" department: Schneier is a well-respected and, some say, godlike security expert. He has a tradition or running joke of "Friday Squid Blogging" where he posts something squid-related every Friday. I couldn't turn up an explanation of it, but I assume it's because he likes squids.)

Actually it's quite impossible. Bruce Schneier wrote some nice stuff about it http://www.schneier.com/blog/archives/2009/09/the_doghouse_cr.html Search for the phrase "One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information." and read from there.

Summary: assume we have an ideal computer that requires the smallest possible amount of energy to change a bit, then by using ALL the energy released by a supernova, we could count to 2^219.

We won't be able to count to 2^256 for the forseeable future, so there won't be any brute-forcing AES for the forseeabel future either.

So... I still dont see the problem. I'm in no hurry... ;-)

Actually it's quite impossible. Bruce Schneier wrote some nice stuff about it http://www.schneier.com/blog/archives/2009/09/the_doghouse_cr.html Search for the phrase "One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information." and read from there.

Summary: assume we have an ideal computer that requires the smallest possible amount of energy to change a bit, then by using ALL the energy released by a supernova, we could count to 2^219.

We won't be able to count to 2^256 for the forseeable future, so there won't be any brute-forcing AES for the forseeabel future either.

There are several articles on the topic, but I'll just link Schneier: http://www.schneier.com/blog/archives/2008/07/truecrypts_deni.html

Have you ever tried to explain the issue to an average citizen?

Well, I did try it, and most of the time they just tell you "I have nothing to hide". And if you try to explain them why privacy isn't just about that, they either don't listen to you or they just can't understand you.

People tend not to value privacy until they have completely lost it.

(I am serious here. I would be happy if you could give me some advice on how to convince people not to give up their privacy, because I failed at it so far.)

In this day and age of online banking there's no excuse not to check your accounts once a week minimum.

I can't log in to my Target credit card account anymore. Once I enter my username and password, the site prompts me to set up self-service password reset by choosing five distinct "personal security questions" and entering their answers. This wouldn't be a problem, except all the available questions are things that one might find on someone's public Facebook profile. Examples:

• What was the name of your first pet?
• What is your nickname?
• What is the first foreign country you visited?

Even a telephone representative wasn't able to put in an exception for me after I explained the issue. See Bruce Schneier's take on this.

Or even better, use a cryptographically secure secret sharing scheme, and use the shared secret as a symmetric key to encrypt whatever other data if necessary. Then (if I'm interpreting your post correctly) you wouldn't have to worry about which parties got which segment of the key. In fact, I believe that's just what they're doing. Bruce Schneier had a post on it the other day.

Oracle's pet linux is branded "Unbreakable"...

Oracle always claims that. They once claimed that their database was unbreakable. It broke:

http://www.schneier.com/crypto-gram-0202.html#6
   

Ken Thompson would show you how you'd fail in this anyway.

The Trusting Trust attack as Ken Thompson described it can be worked around using "diverse double compilation". To defeat this, a compiler virus would have to know how to infect GCC, TCC, Clang, and every other popular Free compiler for a given language, including non-self-hosting compilers (those written in another language entirely). Bruce Schneier explains, as does David A. Wheeler. Likewise, in the case of writing firmware to a flash memory, the would have to know how to infect a Willem programmer, a Wellon programmer, and every other popular flash programmer.

memorize with as much precision as you want your key's profile. Now, try to open the door without a key.

1. Memorize the spec.
2. Go to a shop and cut a key with this spec.
3. Open the door.

But note you still *need* the token, so it's not a "something you know" device.

And you still need the keypad connected to the door (and not an empty PS/2 socket to which nobody has yet connected a keypad) in order to input a PIN, so a PIN is not a pure "something you know" either. I'm not saying that either is less valid, only that the distinction between have and know is artificial because one can be transformed into the other.

Thus making a fingerprint not the perfect "something you are" test, not throwing any logical fault to the premise.

I think Bruce Schneier's thesis is that there exists no perfect "something you are" test.

Thus making the testing device buggy

Like all testing devices.

Would you consider a theoretical flaw in the login/password concept the fact that some login software has a bug such as password "42" always matching?

A biometric identification measure is only as good as its best implementation. To take your analogy, it would be as if nobody had yet produced correct login software.

I've posted this as a potential answer on /. before though the original page on my site is no longer available. It's also been discussed here: http://www.schneier.com/blog/archives/2009/05/secret_question.html (find cipher.php) I found my old page on the wayback machine...perhaps I'll move it back where it goes http://web.archive.org/web/20060715223129/http://levii.com/cipher.php I'd appreciate input on the method. You have your random card, your own ez phrase and you end up with properly complex passwords. I've implemented this in numerous business environements, and people seem very happy with the result. Every 60 days they choose a new ez passprase and/or get a new dynamically generated card.

Ever tried putting your camera equipment in a gun case?

Sometime before August 16, 2006 at 12:16 PM. Why do you ask? ;-)

Someone find out if http://www.schneier.com is blocked there !

Mr. Schneier is a security consultant who has been an outspoken critic of many of the TSA's policies, calling them "security theatre". I'd bet ten bucks that the TSA has censored his blog for their employees.

They probably thought Bruce Schneier was becoming too well known inside the organization:
http://www.schneier.com/blog/archives/2010/05/scene_from_an_a.html
http://www.schneier.com/blog/archives/2010/05/another_scene_f.html

They probably thought Bruce Schneier was becoming too well known inside the organization:
http://www.schneier.com/blog/archives/2010/05/scene_from_an_a.html
http://www.schneier.com/blog/archives/2010/05/another_scene_f.html

El Al has air marshals on every flight. That's a real deterrent, against what (as you note) is a much more significant risk.

But, like many Israeli security measures, there is no way to scale it to the U.S. without completely destroying air travel as we know it.

El Al has air marshals on every flight. That's a real deterrent, against what (as you note) is a much more significant risk.

But, like many Israeli security measures, there is no way to scale it to the U.S. without completely destroying air travel as we know it.

Cost-effective?
More air marshals have been arrested than the number of people arrested by air marshals.

Of course, the rules are a bit different when you're a spy :)

An alternate partition is not a bad idea, but you must be able to prove that the partition you bring up when a gun is being pointed to your head is the partition you actually use. http://en.wikipedia.org/wiki/Deniable_encryption http://www.schneier.com/blog/archives/2008/07/truecrypts_deni.html

Agree. If they have the capability they're not going to reveal this for a relatively uninteresting financial crime. There is some question regarding the NSA and one of the standards to generate random numbers: http://www.schneier.com/blog/archives/2007/11/the_strange_sto.html

If we can crack 128 bit encryption then AES 256 should be easily breakable, http://www.schneier.com/blog/archives/2009/07/new_attack_on_a.html there's several attacks on the flawed key schedule in that reduce the search space to something like 2^110.5 instead of the 256bits that AES 256 implies. (this means that AES 128 is actually more secure in this regard, at least as currently understood).

When people do that there is a strong tendency for the company to come in around stage three, find a compliant judge and police group and have the security researcher's computers confiscated to avoid stage 4 and beyond. Whilst this is effectively illegal behaviour by the company and shouldn't happen, it's common enough that I really think it rules out your (otherwise theoretically wise) advice. Have a look at CISCO's attempts to surpress vulnerability information or the Massachusetts Bay Transportation Authority for example. Ormandy has actually come out of this quite well considering. Basically you either go fully "responsible" or you come out with the full info with no warning so that it's too late to sue. There is no reasonable middle ground.

Too many times have I said this. There is no silver bullet.

Security is not an option, it's inherent in the system or not all.

Nothing fixes bad code. Nothing can. Now there are things you can do to prevent writing bad code, like scream when your code goes and screws up stuff. You can automate the things you might do wrong, use a garbage collector, use prepared statements, use a filter to check for input. And it's hard work, but that's why you get paid. Now management can help you too (my boss gives me work that "needs to be done right, first time") by ensuring they don't make you cut corners. Most of us want to do the best job we can, but we're not allowed to - "Just Ship it and put a patch next month", because security is not really a feature that sells, it's assumed to be present and cannot be monetized properly. Bruce Schenier explained it brilliantly in - Market for Lemons.

But there's no silver bullet, in fact there's not even a silver band-aid. And sometimes the bug is in the shield itself. My usual policy is to have as little code as possible, so that I can read and verify it all the time. Smaller the chunks I build, the easier it is to test it apart. Easier it is to tear it apart, to replace a part or just anything. Code in ADA will be more auditable than code in PHP (trust me, I work with php all day). But eventually, you can't really write bad code, push it production and slap security over it.

So tell me, how will you fix this bug that was there in your security tool, Recursive Ventures? :)

Part of the issue is that police officers rely on their intimidation as a tool, and being filmed makes that a lot harder to use.

Police regularly deal with unsavory characters who lie easily, sometimes know the relevant law, or have nothing to lose, and the threatening presence of a police officer (physically imposing, assertive, suspicious and armed) is a useful tool to put the people they're talking to at a disadvantage.

If police are filmed routinely (e.g. we all carry a Schneier Life Recorder) - setting aside outright murder, corruption and cover-ups, even standard practice becomes potentially embarrassing ("YouTube: Cops harass my 17 year-old daughter!"), and anything borderline could easily turn into a career-limiting stink.

No doubt this would make police uncomfortable.

Hmm - let's for a minute imagine that you are the person in charge of an essential utility (say an electrical retailer with the new "smart meters" installed) and you are under attack. You are not coping, your countermeasures are not working. Bit by bit, your network fall under the control of your attacker and people are slowly but surely getting their power turned off.

Ah, you're looking for Bruce Schneier's essay on the dangers of worst-case thinking. Are smart meters actually going to be able to shut off power remotely? Are power systems actually going to be that vulnerable to a wide-scale attack? Maybe, maybe not, but imagining a worst-case scenario and then creating policy based on it is still just creating policy based on something imaginary. Would you give the president the power to order all adults under 5 feet to a volcano just because I can imagine Sauron's armies attacking the Pentagon?

Lets add to that scenario that it is the middle of winter in one of the northern states, so people are starting to freeze to death.

So in this fantasy future, all blankets, coats, and things-which-can-be-burnt-to-generate-heat have been lost to the mists of time? I'm sorry, but I don't buy that this scenario is actually realistic.

And that's not even taking into account the fact that this will be abused should it pass.

School bans gummi bears

Did they not honestly believe that a disaster could occur? Did the right people not talk to each other? Or was the urge to cut corners simply so great that people ignored the risk?

From the ABC interview with one of the survivors, the BP people were arguing with the Transocean people, insisting that it would be ok to skip some phases of sealing the well because they wanted to move the schedule up. I wonder what that BP manager was thinking.

As someone who has found himself on both sides of this thought process, it is actually very easy to fall into the trap of making bad assumptions. People inherently underestimate risks. This leads to the common belief that cutting a few corners once in a while is acceptable. 60%-80% of Americans use a cell phone while driving on a regular basis, in spite of the fact that almost everyone agrees that this is a dangerous habit, and study after study has shown that it overwhelmingly increases your chances of being in an accident. The root of the problem isn't this particular set of people making the decisions, the problem is that people have any say in the process at all. Decisions at this level should be made by following a rigorous procedure without exception. When safety is concerned, no exceptions should ever be made. If exceptions can be necessary to proceed, then either the situation is unsafe, or the procedure was inadequate to begin with.

-=Geoskd

After a google search (oh the irony) I went to this site (while using Wifi) http://whatismyipaddress.com/ and guess what, google (or any other visited website) doesn't need to get lucky with Wifi data to know what city I am in, when I am using my WiFi connection.

to a specific computer (MAC address) and even to a specific house number.

not really, mostly wifi is used by "laptops" If they have a cookie already, and a plenty of unique information on your computer, knowing a rough estimation of where your laptop was in a 5 minute window, isn't vary valuable (IMHO). Then again google as a company is making millions fractions of a penny at a time from us, so who knows maybe my data may be worth $.0001 more valuable knowing a probability of my location 2* better.
All of this value and more is likely coming to google soon, or already without the scraped data. Sounds like google is going to be using wifi mac addresses as locations anyway. So they will be constantly refining a map of all public facing IP addresses, and by extension computers using them, that is more reliable anyway.

Not at all. You first encrypt the message, then you 'encode' it in such a way that it then has english like properties. Your message length of course bloats but it should evade any sort of automated scanning setup. It's basically a form of stenography.

http://www.schneier.com/blog/archives/2010/03/natural_languag.html

This is just the first link I found, but if you look around a bit you'll find more. Technically this is about disguising code as english, but the concept is very similar. IIRC that paper actually references some other (more relevant) papers itself. It's actually a pretty well established concept.

I study done a few months ago showed how one can easily deduce searches by looking at the size of the AJAX requests. http://www.schneier.com/blog/archives/2010/03/side-channel_at.html Yes, https should have been available a long time ago, and still isn't available for www.google.com.hk.

Schneier nailed this one recently. Worst case thinking is paralyzing and harmful. It does little but draw attention to the speaker.

http://www.schneier.com/blog/archives/2010/05/worst-case_thin.html

I don't doubt that espionage is going on, but this article is way light on statistics and proof, and way heavy on FUD.

Yeah, Schneier just had a post on worst-case thinking

The rest of that question is so far off topic it is not even worth discussing.

Well, no it's not off topic. The topic is about liability vs sharing, the form of the technology is just window dressing.

And your analogy isn't an analogy at all: child porn and copyright infringement are both aggressively pursued to absurd extremes, criminally in the former case and civilly/criminally in the latter. The only way to salvage your analogy would be to say the unknown guest downloaded child porn, copied it to a USB stick, and erased their tracks off your computer (perfectly - nothing in history, deleted space, etc.). The police show up and find ZERO evidence that you ever had child porn in your possession. Then what?

Let's move to older technology: phones. Loaning someone your phone doesn't make you liable for what they do on the call without your knowledge, but loaning them a phone right after they told you it was to call a drug dealer is obviously wrong. We accept phones as "default share", why not wifi too? I'm having a hard time disagreeing with people like Bruce Schneier who don't see any real harm in open access points.

Unless you're an idiot, you already have these things for your home network.

An idiot, or Bruce Schneier

Anytime you write something down, it is less secure than simply memorizing. How on earth do you jump to the thought that memorization is insecure?

That's utter Nonsense. The process of memorizing is not insecure, it's the fact that human memory is so limited that anything actually secure is incapable of being memorized by the average person.

He didn't literally say "The US is safer because of 9/11", but he did make the comments that post-9/11 terrorism is all about scale, and that it's harder to pull off a large scale terrorist act because of the threat of being caught.

Yes... that's the premise of Jennings' article. But is that the same thing as being safer?

First - you have to look at context. Schneier wasn't talking about a factor of safety. He was answering the self-imposed question "Why Aren't There More Terrorist Attacks?" From Schneier's article:

As the details of the Times Square car bomb attempt emerge in the wake of Faisal Shahzad's arrest Monday night, one thing has already been made clear: Terrorism is fairly easy. All you need is a gun or a bomb, and a crowded target. Guns are easy to buy. Bombs are easy to make. Crowded targets -- not only in New York, but all over the country -- are easy to come by. If you're willing to die in the aftermath of your attack, you could launch a pretty effective terrorist attack with a few days of planning, maybe less.

But if it's so easy, why aren't there more terrorist attacks like the failed car bomb in New York's Times Square? Or the terrorist shootings in Mumbai? Or the Moscow subway bombings? After the enormous horror and tragedy of 9/11, why have the past eight years been so safe in the U.S.?

Note that he's saying these attacks are easy (arguably no less difficult than before 9/11 - though that's my conjecture, not his). And, in fact, he even lists attacks that happened after 9/11.

The kicker to Jennings' article is that it imposes a conclusion on someone else's work that was never made. If you go back and look at a lot of Schneier's writing, he often notes that terrorism is not and has never been a major threat. And certainly not the threat that the current crop of fear-mongers make it out to be. To take Scheier's article and conclude that there has been a drastic change in the environment is a step away from claiming that everything done in the name of combating terrorism has been effective. Something else that Scheier is constantly critical of in his writings.

the only way I can conceive this to be hacked ...
Always a dangerous statement - just because you can't think of an attack doesn't mean there isn't one.

You are correct that no one is going to guess the next one-time password. Instead, they are going to attack your machine, and piggyback on your session after you have logged in. This is happening in the wild today, although it's mostly aimed at larger commercial accounts.

Those keypads are more secure because they can be used to enter unique data for each transaction, like the amount of a transfer. Plus, they aren't connected to a network, so remote hacks are blocked. The keypad's generated code will definitively prove that the holder of the device entered the transaction data(*).

Obligatory Schneier reading: http://www.schneier.com/blog/archives/2009/09/hacking_two-fac.html

(*) The most likely attack against devices like this: the key stored on the bank's server. But it's just a single target, so it is easier to harden.

Bruce Schneier: Secrecy, Security, and Obscurity

Same thing happens in the US.

http://www.schneier.com/blog/archives/2010/02/another_debit_c.html

Never, never, EVER punch your PIN into a pad that is not attached to an ATM machine that is owned by your financial institution. And even then, pay close attention.

http://www.krebsonsecurity.com/2010/03/would-you-have-spotted-this-atm-fraud/

Cash is looking better all the time.

There is one thing worse than a bad password, and that is one that needs to be written down on a post-it note.

Bruce Schneier* disagrees with you. (About writing down passwords in general, not post-it notes in particular.)

We're all good at securing small pieces of paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet.

This is not true. How useable would Facebook be without requiring a password to log in? Yes it would be easier to get in, but you would lose any trust in the application as anyone could be posting as anyone else. A system should be as secure as the data you are trying to protect within it.

See the following:

• Schneier's article
• Another Schneier reference
• Abstract to Security and Usability by Craner and Garfinkel (what a humorous name)

Balancing usability and security is one of the toughest parts of designing a secure system; anyone that's had to even remotely consider security as a factor knows this. It still holds, however, that usability always suffers as security improves.

Facebook is a great example. Their authentication scheme was originally only passwords. However, they've had problems thwarting bots and other security problems over the years, so now they added CAPTCHAs depending on use. This wasn't too much of a problem (though I'd argue that usability was mitigated in favor of security, even if only slightly)...until Facebook Chat got popular. (Remember when people protested it up and down?) Porting Facebook Chat to anything was possible but difficult, largely due to these new authentication rules. Getting kicked out every couple of hours was the norm while using the Facebook protocols available at the time. It wasn't until they moved it over to Jabber that IMing on Facebook using external clients got easy.

Twitter's ongoing security issues are another great example of this. It's dead easy to use and I'll venture that the API is pretty easy to work with, since there are umpteen Twitter clients out there for every platform there is. However, Twitter made it on the front page here tons of times due to security breaches and the like. It's still used as an easy score for bots.

but most of the time getting a true single sign on requires you replicate password changes to systems that cannot change their authentication source and then you end up with the weakest link (say a messaging client that stores the password as an md5 hash) having the key to accessing your most guarded systems (i.e. payroll systems).

This is true, but there are a few caveats to that:

1. Weak links are non-unique and non-inherent. There are still corporations out there that use applications that accept passwords as plain text. All it takes for a steadfast employee (or outsider, for that matter) to get someone else's password is for them to run a packet sniffer. Wouldn't it be better for a designer to approach the weakest link problem by strengthening the weakest link instead of trying to eliminate it outright?
2. The answer is a budgeting problem. I never said that such a conversion would be easy or even cheap. The cost of replacing software that use weaker authentication/security paradigms for those that conform to the SSO model is probably always non-trivial, but if it provides more overall security than the status quo with minimal impacts to usability, then isn't it still a win?

I don't think single sign-on is a flawed idea; at worst, I believe it's incomplete. In an ideal world, all software would support the most common authentication scenarios available (password, passphrase, card token and smart card). It would be extremely convenient for people to use one key for all of the important systems they interact with on a daily basis, as that would mean there's less for the person to lose and/or remember. However, idealism is hardly representative of reality. Perhaps a hybrid model where smart cards/work IDs are used for Windows authentication and RSA tokens are used for other systems would be a more realistic proposition...

This is not true. How useable would Facebook be without requiring a password to log in? Yes it would be easier to get in, but you would lose any trust in the application as anyone could be posting as anyone else. A system should be as secure as the data you are trying to protect within it.

See the following:

• Schneier's article
• Another Schneier reference
• Abstract to Security and Usability by Craner and Garfinkel (what a humorous name)

Balancing usability and security is one of the toughest parts of designing a secure system; anyone that's had to even remotely consider security as a factor knows this. It still holds, however, that usability always suffers as security improves.

Facebook is a great example. Their authentication scheme was originally only passwords. However, they've had problems thwarting bots and other security problems over the years, so now they added CAPTCHAs depending on use. This wasn't too much of a problem (though I'd argue that usability was mitigated in favor of security, even if only slightly)...until Facebook Chat got popular. (Remember when people protested it up and down?) Porting Facebook Chat to anything was possible but difficult, largely due to these new authentication rules. Getting kicked out every couple of hours was the norm while using the Facebook protocols available at the time. It wasn't until they moved it over to Jabber that IMing on Facebook using external clients got easy.

Twitter's ongoing security issues are another great example of this. It's dead easy to use and I'll venture that the API is pretty easy to work with, since there are umpteen Twitter clients out there for every platform there is. However, Twitter made it on the front page here tons of times due to security breaches and the like. It's still used as an easy score for bots.

but most of the time getting a true single sign on requires you replicate password changes to systems that cannot change their authentication source and then you end up with the weakest link (say a messaging client that stores the password as an md5 hash) having the key to accessing your most guarded systems (i.e. payroll systems).

This is true, but there are a few caveats to that:

1. Weak links are non-unique and non-inherent. There are still corporations out there that use applications that accept passwords as plain text. All it takes for a steadfast employee (or outsider, for that matter) to get someone else's password is for them to run a packet sniffer. Wouldn't it be better for a designer to approach the weakest link problem by strengthening the weakest link instead of trying to eliminate it outright?
2. The answer is a budgeting problem. I never said that such a conversion would be easy or even cheap. The cost of replacing software that use weaker authentication/security paradigms for those that conform to the SSO model is probably always non-trivial, but if it provides more overall security than the status quo with minimal impacts to usability, then isn't it still a win?

I don't think single sign-on is a flawed idea; at worst, I believe it's incomplete. In an ideal world, all software would support the most common authentication scenarios available (password, passphrase, card token and smart card). It would be extremely convenient for people to use one key for all of the important systems they interact with on a daily basis, as that would mean there's less for the person to lose and/or remember. However, idealism is hardly representative of reality. Perhaps a hybrid model where smart cards/work IDs are used for Windows authentication and RSA tokens are used for other systems would be a more realistic proposition...

more like AES/OpenSSL: (from comments at Schneier, pondering about the same question: http://www.schneier.com/blog/archives/2010/04/cryptography_br.html)

Supposedly, the original encrypted file is here: http://leaks.telecomix.org/cm.rda

It looks like it was encrypted using OpenSSL's command line utility, which takes a passphrase, so that supports the idea that this was broken via a passphrase guesser.

I wonder what the passphrase was. It would be amusing if it turned out to be "progress" again (a la http://www.metafilter.com/79537/... )

Posted by: Grim at April 7, 2010 4:48 PM
-----
I found the file earlier and analyzed it as an OpenSSL type bare encrypted file.

If it's AES-256, then I guess that qualifies as "Military Grade" suite b.

But I don't see any indication of a classified algorithm.

I would love to see the original cleartext... I wonder if wikileaks would release it?

Posted by: Roger at April 7, 2010 6:14 PM
-----
I wonder why the encrypted vid is about 430 megs and the decrypted one is >600 megs. Maybe recompressed, but that makes little sense unless some really weird codec was used in the original. By releasing the encrypted version, they are giving similar hints to potential attackers than with the unencrypted one.

Posted by: jan at April 7, 2010 6:31 PM
-----
The WikiLeaks editor, Julian Assange, says in this video (around 1:20), "we have a number of cryptographers and other security experts and lots of volunteer computer time, so that's just a matter of going through the most probable passwords that something might be encrypted with, so several millions of passwords to find the one that was used."

He further states that they spent about 3 months working on it.

http://www.youtube.com/watch?v=7QEdAykXxoM

Posted by: Eric S at April 7, 2010 7:34 PM

It's common knowledge that UAV feeds and some gunship video feeds are transmitted unencrypted over the air. I really don't see the point of encrypting plaintext that has been obviously compromised already.

Perhaps Wikileaks ( or the submitter ) simply setup a few receiver stations to capture the video footage over the air.

Now regarding this "encryption" buzzword being thrown around by Wikileak's PR and journalist, I'm guessing they heard something like "the video feed was transmitted as 64QAM over Ku-band 12.8475Ghz" and thinks all those technical jargons means "encryption".

and this has certainly something to do with it

Bruce Schneier is also wondering what cipher they used.

You need to start printing your own boarding passes.
http://www.schneier.com/blog/archives/2006/11/forge_your_own.html