

WikiLeaks Posts Mysterious ‘Insurance’ File - mixmax
http://www.wired.com/threatlevel/2010/07/wikileaks-insurance-file/

======
dlytle
It feels like I'm watching someone try to act out the part of a character in a
spy novel. Big encrypted files called Insurance, twittering about being
followed by government agents, sensationalizing the things they post...

I think they have good reasons for what they're doing (or at least good
intentions), and I do like the concept behind WikiLeaks.

I just think they're getting a bit caught up in the whole drama/mystique, and
their credibility and ethical standing is suffering as a result, which could
be dangerous for the "open leak repository" movement.

~~~
riffer
A couple of years ago Julian and his colleagues released information that
swung the national election in Kenya. This must have gotten the attention of
every government with something to hide (all of them). Since then, he claims
to have released more confidential information than the rest of the worldwide
media. Combined. The stakes are enormous. And the reality is that that puts a
target on your back.

Go Julian, go.

------
NathanKP
Is anyone else getting just a little bit sick of WikiLeaks? The basic concept
of providing transparency is good, but I think they are taking things way too
far.

I hadn't even thought of the issue of the Taliban being able to read the
records themselves to find out who the informants are.

Just because something is a secret doesn't mean it has to be exposed, and I
think that is the fundamental problem with Wikileaks. Some things do more harm
out in the open than they would locked away.

~~~
riffer
What Julian appears to me to be trying to do is to reduce the ability of large
bureaucratic militarized organizations to dominate innocent individuals.

Secrets exist for many purposes, but their primary impact on history is to
permit groups of people to organize in order to persecute other less organized
groups of people. Ultimately, it was the combination of industrialization and
secrets that made it possible for nation states to directly the cause the
death of 160 million people in the 20th century. In these situations, the
ability of individuals to influence the course of events is essentially nil.
That's why you and I have not stopped the millions of murders in Darfur, the
same as our parents did not stop them in Rwanda 17 years ago, and so on.

In this context, it really is not reasonable to argue that we would all be
much safer if nobody was revealing the secrets of those who have too many
secrets.

~~~
philwelch
Sixty to seventy years ago, the following information was kept secret by
Western governments:

-How to build an atom bomb

-How to build effective radar systems to detect incoming bombers

-The fact that German and Japanese encryption codes had been compromised

-The US Navy's awareness of Japan's intention to attack Midway Island

-The fact that Patton was actually removed from command, and that his travels around Italy and north Africa were a ruse to misdirect German defenses away from Normandy

Need I go on? If some idealist decided to leak these secrets, a lot _more_
innocent individuals would be dominated by certain nation states. State
secrets are no different from any other power of the state--they can be used
for good or for ill, and it's careful to ensure they're used for good, but
it's foolish and suicidal to try and keep them from being used at all.

~~~
Rod
Both Ellsberg and Assange have claimed that they do believe that there are
legitimate secrets (e.g., cyphers, nuclear technology, and the like). Your
argument is based on the assumption that WL sees all secrets as being born
equal, which is utter nonsense. Do you honestly believe that:

\- the Afghan war diaries contain secrets of the same magnitude as, say, U.S.
radar tech 70 years ago?

\- Pakistan does not know that the U.S. knows that elements of the Pakistani
intelligence are collaborating with the Taliban? (of course they are, they
know the Taliban will most likely win, and they want to ensure tranquility
after the U.S. gets tired, declares "victory", and leaves)

\- the enemy does not know it's using heat-seeking missiles against U.S.
choppers?

\- the enemy does not know the attacks on U.S. forces? They were the ones who
carried the attacks out!

Think about it. The release of the documents contains very little the enemy
does not know about. Therefore, your entire argument is invalidated. Apples
and oranges. The secrets you alluded to do compromise national security. The
secrets exposed last weekend by WL only compromise the politicians who lied to
the world about how the war was going in order to avoid losing popular
support.

~~~
gaius
_the release of the documents contains very little the enemy does not know
about_

They didn't know about this: <http://news.ycombinator.com/item?id=1560565>

~~~
Rod
The burden of proof lies on the accuser's shoulders. How do you know it's not
disinformation? From now on, the Pentagon will blame WikiLeaks for every
civilian death. WikiLeaks had no incentive to put innocents at risk, but the
Pentagon has all the incentives to discredit WikiLeaks.

~~~
joshuacc
While it may be true that WikiLeaks had no incentive to put innocents at risk,
it's also beside the point. It's entirely reasonable to believe that
laziness/stupidity/lack of resources caused them to leak informants names even
if that wasn't their intention.

~~~
parallax7d
I accept the concept that Wikileaks puts informants at additional risk. I also
accept that the government is lying through their teeth about the activities
on the ground in Afghanistan.

Is it more important for a the taxpaying population to be informed of what the
military is doing in their name? Or is it more important to hide all
information that may have any connection to the activities of informants?

I would suggest, that as an informant you make a direct choice to act, which
effectively stakes your claim to a large majority of the repercussions. No
such choice is offered to the public, and even if it were, a large
heterogeneous group of people cannot be saddled with the same responsibility
that an individual chooses for them self.

Additionally, any government that hides non national security type information
from their population, puts itself at risk by allowing it's informants to be
possibly exposed by leaks. If it wanted to provide protection from possibly
damaging leaks, thus ensuring the anonymity of it's informants, it would
provide a robust channel of accurate information to the public. Such
information would greatly reduce the perceived need for leaks, hold the
government and military more accountable, better serve the public good, and
provide additional protection for informants.

~~~
gaius
_effectively stakes your claim to a large majority of the repercussions_

So what are you saying, that if Wikileaks got access to the data of the
Witness Protection Programme in the US it should publicize that too? Because
all government coverups are bad?

------
Qz
_Mullen was even more direct and said that WikiLeaks "might already have on
their hands the blood of some young soldier"_

Oh, and the government doesn't have that blood on their hands already? Brings
to mind something about a pot and a kettle.

------
maika
By my understanding there are around 12401769434657526912139264 possibilities,
therefore to calculate the time taken in days to brute force a password would
be the application of the following formula:

    
    
      t = n / m / 86400 / P
      
      n: search space (no of possible passwords)
      m: amount of random passwords that can be tested a second
      86400: 60*60*24 (converts units to days)
      P: parallelism (number of crackers)
    

Let

    
    
      n = 12401769434657526912139264
      m = 100
      P = 1,000,000
    

It would only take 143 days to be successful. Is this correct? Second
question, how do we carve up the search space and distribute this to the
internet?

 _Edit:_ n is generated by limiting the key to be a composition of
alphanumeric and related characters. Could be wrong.

~~~
mishmash
According to Schneier[1] n should be closer to
~2600000000000000000000000000000000000000. For each single available core, m
would be smaller, say 20 wouldn't it? On the other side, consider 8 or more
cores a box for the NSA by 500,000 boxes (wildly conservative guess??) for
about P = 4,000,000??

NSA probably has much more compute power than this, though: " _With
supercomputers measured by the acre_ and estimated $70 million annual
electricity bills for its headquarters, the agency has begun browning out,
which is the reason for locating its new data centers in Utah and Texas."[2]

1 -
[http://www.schneier.com/blog/archives/2009/07/new_attack_on_...](http://www.schneier.com/blog/archives/2009/07/new_attack_on_a.html)
2 -
[http://www.schneier.com/blog/archives/2009/10/james_bamford_...](http://www.schneier.com/blog/archives/2009/10/james_bamford_o.html)

~~~
maika
Yeah n would be bigger, but if you limit the key to a composition of
characters (alphabet, letters, funky characters %^&*, etc), would that
drastically reduce the search space?

~~~
mishmash
Oh good point. Would it then be 95 printable ASCII characters by 32 (for the
effective key size in bytes)? If so, that gives a laughably large number:

1937114844585011541643853683619338993862294591963291168212890625

Another question, and I'm way over my head here (also time for bed), but
considering this snippet below, is it possible the NSA or another group would
have an undiscovered attack against it?

"NSA was embroiled in some minor controversy concerning its involvement in the
creation of the Data Encryption Standard (DES), a standard and public block
cipher algorithm used by the U.S. government and banking community. During the
development of DES by IBM in the 1970s, NSA recommended changes to some
details of the design. There was suspicion that these changes had weakened the
algorithm sufficiently to enable the agency to eavesdrop if required,
including speculation that a critical component—the so-called S-boxes—had been
altered to insert a "backdoor" and that the reduction in key length might have
made it feasible for NSA to discover DES keys using massive computing power.
It has since been observed that the S-boxes in DES are particularly resilient
against differential cryptanalysis, a technique which was not publicly
discovered until the late 1980s, but which was known to the IBM DES team. The
United States Senate Select Committee on Intelligence reviewed NSA's
involvement, and concluded that while the agency had provided some assistance,
it had not tampered with the design.[11][12] In late 2009 NSA declassified
information stating that NSA worked closely with IBM to strengthen the
algorithm against all except brute force attacks and to strengthen
substitution tables, called S-boxes. Conversely, NSA tried to convince IBM to
reduce the length of the key from 64 to 48 bits. Ultimately they compromised
on a 56-bit key.[13]"

Source: <http://en.wikipedia.org/wiki/National_Security_Agency>

~~~
gwern
I don't think it matters whether the NSA can decrypt it. The 'insurance' is a
contingency for releasing information to the general public and mainstream
media; there is almost surely nothing of value in it as a weapon against
Wikileaks. Any organization or group which will decrypt it but not release it
doesn't count.

Random bloggers or citizens, on the other hand, might release it if they
decrypted it - but this seems secure against them.

~~~
mishmash
No doubt, I'm sure there's something quite damaging to war effort or
administration in that archive. My interest in the NSA angle was only due to
the technical side.

------
mishmash
Hmm posted this earlier and it got no love. :(

<http://news.ycombinator.com/item?id=1562651>

~~~
Groxx
haha, and the poster of _this_ one is "mixmax"

Talk about a coincidence ( _or is it??!?_ ).

~~~
mishmash
A conspiracy in a thread about conspiracies - I'm hooked. ;)

------
vaksel
it's probably just a video of the wikileaks staff offering the person a job.

------
novon
All institutions are corrupt.

