Snowden Files Cracked, Surprised?
#1
Apparently the Snowden archives have been decrypted. Despite that the guy seemed to have a decent grasp on security I felt like this was a strong possibility. When he said "Assume your adversary is capable of trillion guesses per second" I was thinking he was probably low by factors of 1,000s at least depending on the algorithm...

Clearly the algorithm plays a big role in just how many guesses, but we are talking about nation states with virtually unlimited resources and the ability to produce massive compute clusters or ASICs for a single task like this.

But watching the doc where he is trying to explain to a reporter who doesn't even know how encryption works how to access and protect the files I assumed they would be the softest target because it would likely not continue to be properly secured if those who wanted it could get their hands on the devices or data.

But from the reporting it sounds like it was Snowden's copy that they obtained and have cracked it, revealing 1M docs. It sounds like it was just a single archive or disk encryption, making it a one shot deal from the sound of it... not individually salted files (ie: creating a complex algorithm based on meta data to create a hash plus a strong key mixed in).

Or, for all we know maybe they just beat the key out of him. I wish we knew more about the specifics on how it was encrypted and how it was decrypted since it would tell a lot about the realistic strength of certain encryption for the most sensitive data, assuming it wasn't "socially engineered" .
#2
Since the journalist(s) that posted this over the news did not present any proof, it's just their theories and opinions, not facts.
#3
Just some numbers:
Cracking AES-128 at a speed of 10^18 tries per second (which is probably much faster than even the NSA can afford) takes an awful lot of time:
2**128/1000000000000000000/60/60/24/365
10790283070806.016

The result is in years.

Now assuming not AES but the password was cracked. Bruteforcing a 16 character random alphanumeric password still would take over one million years at a speed of 10^18 (which is again, an extremely high number):
95**16/1000000000000000000/60/60/24/365
1395632.5109454773

Besides that, the NSA which is arguably the best funded organization out there is probably the last organization that's actually interested in cracking those files. They know they don't like the content, no matter what exactly it is. They gain nothing from cracking those files.
#4
No doubt a strictly brute force attack on AES appears impossible, and *if* the archive was cold cracked it would either imply a weak password or a collision, side channel, weak/vulnerable implementation, backdoor... something, but clearly not brute forcing an entire key space let alone a 16 char keyspace. A weak password is one thing, but if we can assume the password was strong it then it would be a tell as to what is not still secure based on time.

At this point it is all speculation, so I suppose maybe this is more water cooler talk until some facts come out. However, from the best I can gather he was likely using TrueCrypt to encrypt the disks. I read this in an article about how the reporter's copy of the archive (on an external drive) was confiscated in Heathrow and was denying they had recovered anything from it. I think it would be safe to assume they were using cascading algorithms, which use different keys, so it makes it tough to imagine being cracked at all outside of implementation or backdoor.

Perhaps we'll get more details or perhaps not, and like Rolf mentioned, maybe they were not really cracked at all since there is no proof... it very well could just be disinformation being spread.
#5
If anyone ever thinks of launching brute force attacks on AES, they should take a look at these guys first.