How long would it take the NSA..

..to break AES-128 encryption? With regard to the wikileaks insurance file.

Longer than the universal heat death.

If you could check one quintillion keys per second, it would take on average ~390 times the current age of the universe to crack...

There is a physical argument that a 128-bit symmetric key is computationally secure against brute force attack. The so-called Von Neumann-Landauer Limit implied by the laws of physics sets a lower limit on the energy required to perform a computation of ln(2)kT per bit erased in a computation, where T is the temperature of the computing device in kelvins, k is the Boltzmann constant, and the natural logarithm of 2 is about 0.693. No irreversible computing device can use less energy than this, even in principle.[2] Thus, in order to simply flip through the possible values for a 128-bit symmetric key (ignoring doing the actual computing to check it) would theoretically require 2128 − 1 bit flips on a conventional processor. If it is assumed that the calculation occurs near room temperature (~300 K) the Von Neumann-Landauer Limit can be applied to estimate the energy required as ~1018 joules, which is equivalent to consuming 30 gigawatts of power for one year (30×109 W×365×24×3600 s = 9.46×1017 J). The full actual computation—checking each key to see if you have found a solution—would consume many times this amount.

Listen! I made you, and I can break you just as easily.

>>1
They don't need to brute force the encryption at all.
It only takes 72 hours of sleep deprivation for the human mind to crack.
They send in a Company black ops team and pluck his little terrorist  faggot ass out of the .nl (or where ever) and feed him caffeine for a long weekend, he'll spill the password.
I only wish I could help.

>>5

Lol you butthurt?

This is a war against war.

they can factor primes so very fast

>>5
First you're a fucking moron. Second that's not the NSA that does that. NSA are a bunch of scrawny-ass guys with thick glasses who count the floor tiles as they walk down hallways and mutter mathematic sequences to themselves when they're waiting for something. NSA are smart enough to brute force DES in their heads.

>>8

NSA has Sam Fisher and he kills people on a regular basis.

>>9
Who the fuck is Sam Fisher?

>>7
What does that have to do with anything. AES is a symmetric block crypto and it doesn't really have anything to do with primes. I'd imagine some far future (way beyond the current state of the art) quantum computers could speed up the bruteforce, but it would still be a bruteforce, thus slow. The realistic ways of breaking AES is obtaining the key through some other means, for example, if the RNG they used for key generation is faulty or predictable in some way, they could reduce the key size by quite a bit.

As for OP's question, wasn't the whole purpose of that file more like leverage to prevent bad things from happening to their staff (if bad things would happen, they would publish the key). I'd imagine if some agency actually wanted to know the contents of the file, they could just ask them to publish it (and bear the consequences).

>>10

If I told you I'd have to kill you.

>>11
quantum
Super Cool Story, Bro.
Here's my quantum computer, it'll break AES-128 with probability 2^-128.

>>6
Diaper wetting liberal: detected.
Die hippy scum.

>>14
wahahaha eat shit and die faggot

>>11
For most symmetric crypto problems a quantum computer can effectively cut key size in half, which brings a lot of unbreakable codes into the feasibly breakable range.  But of course, all you have to do is double your key size to get the same safety margins back -- it's not really a bother.  And it's not like anyone knows of any quantum computer large enough to perform the task.

But think about it this way.  Suppose that the NSA has a quantum computer which can crack AES-128 in 2⁶⁴ operations, and they think it will be ten years before China builds one.  If that were true, then anything the US government wants to keep secret for more than ten years will be encrypted with something that the NSA's hypothetical quantum computer couldn't crack.  Requirements that satisfy this would show up in public NSA docs, although without the explanation why.

It's like the old story with DES.  In 1975 the NSA modified the S-boxes in the DES algorithm but gave no explanation.  Fifteen years later in 1990, researchers published a new type of attack (differential cryptanalysis) and discovered that the NSA-supplied S-boxes were far more resistant to the attack than one would expect were the S-boxes chosen randomly.  The NSA knew about differential cryptanalysis long before it was published in the literature.

So it's unlikely that the NSA has some secret trick to cracking AES.  If they did, it would be too much of a liability, because anyone else could discover the trick independently or through espionage.

If you are truly paranoid, use some stupid cascade algorithm on your data like AES-Serpent-Twofish.  Make sure your key derivation algorithm is solid (use scrypt) or use randomly generated keys.  But Wikileaks uses the same algorithm that the US government uses for many of its Top Secret documents, so there is little cause for worry about a direct attack.

I know the secret
it's not aes128 actually. WikiLeaks added .aes128 just to mislead wannabe h@x0rs

>>16
Top secret, huh? That's like, AES-256, the one that was recently broken to be less secure than AES-128, right? Nice blind faith you've got in the NSA there.

Spoilers: AES was chosen not because it was the most secure, but because it was the fastest. Now why would you prioritize speed over security in this case is beyond me. It's cool for SSL, SSH, maybe your disks, but for something where speed doesn't matter, yes, do use a fucking cascade.

>>18
Wait what? Are you saying Rijndael(AES) with a doubled key size (256 bits) is less secure (than 128bit key size)? That makes no sense whatsoever.

>>19
http://www.schneier.com/blog/archives/2009/07/another_new_aes.html

>>1
Question is, what possible value would they get from decrypting it? Knowing what is inside just puts them back at square one. Their worry is not what's inside the box, but in preventing the box from ever being opened.

The end goal is to prevent disclosure. Best cause of action for them is to try and stop the key from ever being released...

wtf? nasa doesn't do decryption, OP

>>22
0/10

>>22 didn't read their SICPples.

>>24
stop trolling fag

[spoilers]the encrypted message is "DONGS" repeated a million times; assange is just fucking with the feds[/spoilers]

So why can't we just hook up a bunch of high powered computers to crack the code?

>>27
You clearly don't grasp the idea of orders of magnitude.

>>28
*grasps concept*

*grasps dick*

*grabs concept*

*cannot grasp the true form of Giygas*

*grabs dick*

*grunnur "GRUNNUR"*

>>1

Please fix my printer, some paper is stuck

>>36 lolwat?

*grabs sicp*

I'd say about 1 minute.
select * from echelon_wikileaks_commnications_view;

>>39

Oh god what a fagoot, nobody listen to this guy.

I think >>39 has a point. Why didn't anybody else think of that?

>>14
Good lord, someone on /prog/ took my advice. That was a very rewarding payoff. Thank you.

>>41
fuck off you shit eating faggot

MMMMMMMMMMM SHIT
I LOVE SHIT
SHIT SHIT SHIT
HERE IT GOES DOWN
DOWN IN TO MY BELLY

<-- check em dubz

I ARE BLACK

>>43
pedophile sage quality