WikiLeaks Posts Mysterious 'Insurance' File

Originally posted by Illusionsaregrander
reply to post by Frakkerface

 

No, I know some do. But I dont think that that group of fanatical Muslim haters out weighs the rest of us at this point. They are a vocal minority. Not the majority. And support for the war is dwindling.

I'm glad to hear that and I hope you are right but it is hard to see sometimes, especially on this forum where you would expect everyone to see through that charade.

Sometimes I think they can pull off whatever stunt they want and it will be accepted, perhaps not by us but we are a minority - someone here has a Frank Zappa quote as their sig about how you can never really change someone's mind - doesn't this sound familiar when you are trying to 'wake someone up'? I'm starting to think that it doesn't matter how much is exposed that they will have a system in place or a backup man/plan to fill the position straight away, they probably don't care because so many people will not accept that their government (or just elements inside it) aren't there, untimately, for the good of the people.

For the people asking, because there's a LOT of misunderstanding about this:

The file is (assumed) an AES-256bit encrypted file. This means that analysis of it is pretty much impossible. AES is a public-key encryption, approved by most governments around the world for "top-secret" data. PKE means that it has one mathematical "key" to encrypt the file (a "private" key) and one to decrypt it (a "public" key). AES-256 is not a "filetype", like EXE, or DOC, or PDF. Inside the file could be ANYTHING, but until someone posts a decrypted version you won't be able to "do" anything with it.

Your computer games etc. don't have "encryption" in their copy-protection. Copy protection is a way to give someone some "encrypted" data AND the info to decrypt it (or else you would not be able to play your games, whether you bought them or not). They are *giving* you the public key with the game. Thus, all copy-protection systems are trivially defeatable by analysing the data you've been given and "decrypting" it using the public key that you have ALSO been given (although it may be hidden deep with the game's copy protection code). This is also why DVD CSS "encryption", XBox signed-key copy-protections etc. are basically useless and have all been defeated. In the DVD CSS case, the "hidden" public key was published on thousands of sites within months of it being used because it has to be in EVERY DVD player. Blu-Ray has a slightly better copy protection that relies on multiple public keys but even so - the "encryption" in the BD copy protection is basically worthless and that's why you can download Blu-Ray-ripped movies.

*REAL* encryption is a one-way process. If you encrypt something with a private key, only the public key can decrypt it. The public key is, in practical terms, linked to the private key. When you encrypt a file, you NEVER disclose the private key - but from it you can derive a public key that you can give the world. Everyone who has the public key can decrypt anything that's encoded with the private key. But NOBODY except the person with the private key can encrypt files that will decrypt using the public key. The connection is deeply mathematical and relies on the fact that it takes an incredible amount of difficult calculations (for which they are virtually ZERO shortcuts, and certainly nothing that makes a big difference) with huge, huge numbers to be able to encrypt, decrypt, or determine the link between the keys.

Mathematicians DESIGNED PKE based on the things that they have NO WAY to shortcut. "Prime factorisation" it's called, and it's one of the toughest mathematical problems in the world and has been for CENTURIES, if not MILLENIA. No-one is going to pop up and find a shortcut just-like-that, in the same manner that DVDCSS was decrypted. We're talking every mathematician in the field for the last 2000 years having worked on the problem all their lives and never making more than 0.1% difference to the outcome.

In this case, we have an encrypted file. We don't have the private key. We don't EVEN have the public key. Thus, the file is a pile of random junk, without any clues, and no amount of "guessing" or "hacking" will reveal anything. We have complete knowledge of the encryption and decryption method - it's still completely useless. We can use any of the several thousand open-source AES decryption routines (PGP is a software version) but without a public key there is nothing we can do to aid decryption. This is the POINT of a public-key encryption algorithm. EVERYONE, from me, to the mathematicians that designed it, to the US military knows HOW to decrypt it. But without the public (or private) key, we can't do a thing. There are, I hesitate to guess but let's hypothesise, "1 with 77 zeroes after it" possible keys. If we analysed a billion billion (1,000,000,000 GHz) a second, it would still take longer than the age of the universe to find the right one - assuming we knew what we were looking for.

Originally posted by ledled
For the people asking, because there's a LOT of misunderstanding about this:...

I know one-liner responses are discouraged, but I just wanted to say

that is an awesome post -

concise, thoughtful, in English, and very informative.

Definitely appreciated!

I thought it was found out that ''ONION" was the pass key and ROUTER was the next? I read this somewhere, thought it was this thread.

-Al

Nope. It was a mistake. Basically, random words as the passphrase don't necessarily give you an error when decrypting using certain common decryption programs, whether correct or not. They don't actually DECRYPT anything, they just don't say whether or not they succeeded, so people were assuming they succeeded. Basically, the whole ONION/ROUTER thing was nonsense of the highest order, caused by not understanding how a particular AES program works.

> Just like I really think the symbolism of straw glass and bottle to FIASCO in my last post is somehow relevant

I just want to send a note that any ideas for a key posted here I try out.

For example I tried FIASCO, fiasco, F1@sC0, etc ...

Different permutations.

I tried "Keep it safe, keep it secret. (didn't try "one ring" though)

I also try things like reversing the potential keys, also base64 encoding the strings, etc.

I admit it is a pointless to try to brute force the key, but trying different keys that come up via logical investigation can't hurt ...

> somebody did get past the first encryption but there was another one after it

No, we never got past the first encryption. What happened is certain keys like ONION didn't return an error in openssl. So when that happened, I had mistakenly thought that it worked because no error was returned, but it turns out that you can pass many different keys and no error will appear.

The way it stands now is if someone was to guess the correct key, the only way they could know is to then look at the decrypted file header and see if it is a known file type.

My guess is that it will be a 7zip file but no one really knows for sure ...

reply to post by ledled


Thank you for putting this to bed. I've tried in my own rough way to explain the futility of trying to crack this file, but you've laid it out plainly. After all, we're talking about Assange here. Assange is no slouch. His "insurance" must be uncrackable or it is of little use to him.

On another note... Suppose someone were to crack it. Would you really want to have top secret material on your PC ? What would you do with it? Do you think you'd live very long if you released it? The goons that run the show do not play games. They would probably bury you, your family and anyone that knew you.

At this point it is just a guessing game.

If someone compiled a list of well thought out "potential" keys, then I can run them in a script and then any potential files decrypted by those keys that didn't generate an error, I can then run another script to check the headers for a known file type.

I also have a script that will iterate through every known encryption type, but that might be overkill.

www.democracynow.org...

Assange just said about the file:

it might be important assuring that important part of the history do not disappear

reply to post by ledled


Well done ledled!
You did that far better than my silly ass could have. lol :p

and whoever said something about "we are dealing with Assange, here"...
That is very true.... and as another member mentioned a day or two ago (BIGFATFURRYTEXAN) I believe it was...

said something to the effect of " either Assange is one of the most gifted cryptologists on Earth".. or...

well, it is true ~ He IS one of the best on Earth! lol
Im pretty sure no one would ever get it open unless he absolutely wanted it to be.

reply to post by freedommusic


No. It is not a guessing game. As has been explained previously - YOU are not going to be able to crack this!

How do you suppose you are going to guess a password like:

mQHhBEs+lZgBDqDCRLjttyCHvIOIcfc9Nv0zV
BFlJ0zhlFv92jYQ2cUcUZ76OXASMjWU0YNY9L9
WzNvk10yl2EuTS/YK5V8O9l6Rtpw8RS0owoJ2 5dQv/jaf9OektahxXpSNiw9YsAyFTShi4pWMehs/zAXKJmmEQ1+3oCpJl7ATohriIorN9M9uuydHR
ZgyroQOQNHTm7E2lIPZysPf9t8Sn6S0zx3MgDi
4+FnIzEEgUlOlCn4gbWxNhD8FoV6mfEFrac2N6
gbbxcC3Wi49XuOfT5dLHtOCGv05VlROKkJarb8
gsktdQurwMhU3REA2eqrgyT8I+eriuKLO+zQm
xrzlNsmsgDtDIpYGE5L3r78C/Lla6HqzZL3qfr7dr
xIqETG/kU7RdTRasmkKBGC6kOpyTu+4+3lky
ghlszzgo7PrNlTqGCrTkYIOPCuKUnJk1rpoHZEX
v0JjdHcetMYz2q8aTEtZZo8xGOn+vHBXcFofJXe
Q0op/77vdO0crqWME5EaxUmLRjGrufQ5kc1o6i
WmHF/BUiJG5T0VBWE2jshreAFn4NcuA8CFcrO
XDG8qlsOl+zWLrEyiJQK1DXAF0dUzj8AEQEAAb

And that isn't even half of it. I didn't want to spam the page.

You can guess until the end of the universe.
Sorry but it has been explained and people just don't understand what is involved.

Wikileaks just tweeted:-

'Crack it open for Bradley Manning'

does he purely mean our wallets for legal defence, or the file, or both?

www.antiwar.com...

seems to me it is the larger, maybe more embarrassing section of the cables anyway.

> How do you suppose you are going to guess a password like

Er, let me clarify. This can only be cracked/guessed IF it was the intent of the author for it to be guessed.

We don't know that is NOT the case.

It is more LIKELY he didn't want it guessed if it is really an insurance file as the name states.

Originally posted by Faiol
www.democracynow.org...

Assange just said about the file:

it might be important assuring that important part of the history do not disappear

wow, great link! thank you!
nice long listen with Assange and D.N.
many thanks!

reply to post by ledled


It was me that initially stated:

Julian Assange is recognized as a brilliant cryptographer - But even without being such, I could produce an encrypted file that would be a complete an utter waster of your time to attempt to open. But, please, don't let logic deter... Carry on...

However, who are we deter the efforts of peoples attempting to theorize on a conspiracy? Part of this theorizing includes postulating that perhaps, just perhaps, a man whose stated sole legacy is to share the unbiased truth - is attempting to do just that - cryptically spread some truth - no matter what truth that may be.

I say, let the theorizing continue...

Edit to clarify

[edit on 3-8-2010 by misinformational]

There was a small part of a song playing during the break, of this video...
www.democracynow.org...
So I searched it, check out the words... very cool!

Very fitting for this thread. lol

link, the song is here to.. frontalot.com...

Secrets From The Future~ by MC Frontalot

Get your most closely kept personal thought:
put it in the Word .doc with a password lock.
Stock it deep in the .rar with extraction precluded
by the ludicrous length and the strength of a reputedly
dictionary-attack-proof string of characters
(this, imperative to thwart all the disparagers
of privacy: the NSA and Homeland S).
You better PGP the .rar because so far they ain’t impressed.
You better take the .pgp and print the hex of it out,
scan that into a TIFF. Then, if you seek redoubt
for your data, scramble up the order of the pixels
with a one-time pad that describes the fun time had by the thick-soled-
boot-wearing stomper who danced to produce random
claptrap, all the intervals in between which, set in tandem
with the stomps themselves, begat a seed of math unguessable.
Ain’t no complaint about this cipher that’s redressable!
Best of all, your secret: nothing extant could extract it.
By 2025 a children’s Speak & Spell could crack it.

You can’t hide secrets from the future with math.
You can try, but I bet that in the future they laugh
at the half-assed schemes and algorithms amassed
to enforce cryptographs in the past.

And future people do not give a damn about your shopping,
your Visa number SSL’d to Cherry-Popping
Hot Grampa Action websites that you visit,
nor password-protected partitions, no matter how illicit.
And this, it would seem, is your saving grace:
the amazing haste of people to forget your name, your face,
your litanous* list of indefensible indiscretions.
In fact, the only way that you could pray to make impression
on the era ahead is if, instead of being notable,
you make the data describing you undecodable
for script kiddies sifting in that relic called the internet
(seeking latches on treasure chests that they could wreck in seconds but didn’t yet
get a chance to cue up for disassembly)
to discover and crack the cover like a crème brûlée.
They’ll glance you over, I guess, and then for a bare moment
you’ll persist to exist; almost seems like you’re there, don’t it?
But you’re not. You’re here. Your name will fade as Front’s will,
‘less in the future they don’t know our cryptovariables still.

Now it’s an Enigma machine, a code yelled out at top volume
through a tin can with a thin string, and that ain’t all you
do to broadcast cleartext of your intentions.
Send an email to the government pledging your abstention
from vote fraud this time (next time: can’t promise).
See you don’t get a visit from the department of piranhas.
Be honest; you ain’t hacking those. It’d be too easy,
setting up the next president, pretending that you were through freezing
when you’re nothing but warming up: ‘to do’ list in your diary
(better keep for a long time — and the long time better be tiring
to the distribution of electrical brains
that are guessing every unsalted hash that ever came).
They got alien technology to make the rainbow tables with,
then in an afternoon of glancing at ‘em, secrets don’t resist
the loving coax of the mathematical calculation,
heart of your mystery sent free-fall into palpitations.
Computron will rise up in the dawn, a free agent.
Nobody knows the future now; gonna find out — be patient.

*litanous: adj., comprising a litany or litanies

[edit on 3-8-2010 by Ahmose]

Originally posted by Faiol
www.democracynow.org...

Assange just said about the file:

it might be important assuring that important part of the history do not disappear

I was thinking something along those lines earlier - disseminate it to the point that attempts to "retrieve" all "evidence" would be like trying to mercury back into a tube - or something - my simile function isn't working.

That's already the case with previously published documents. Could be Iraq documents soon to be released - I imagine TPTB (I'm gettin the hang of this, uh? *lol*) are watching very closely and may be prepared (attempt to) strategically shut down sites, networks, whatever. This would be exactly what Assange describes in his Manifesto/Essay on.. - whatever it was I was trying to connect to this earlier - cut the link, split the conspiracy...

HOLY MOLY! I knew there was a connection!! I'll bet this IS a split/link thing - but not because of what's found when it's opened, but because of what will be published before it's opened - it's insurance that TPTB don't cut ASSANGE'S link!!

Maybe - what do you think?

'Course, just a "Hey, Everybody! Download this for safe keeping!" seems more practical - though again, not nearly as much fun....

...OCD typo correction

[edit on 8/3/10 by sjrily]

Originally posted by mryanbrown

Originally posted by muzzleflash
And NO, FOX did NOT ADMIT that NATO funds the Taliban secretly to keep the war going on perpetually and justify a continued presence there.

The US pharmaceutical addiction to opiates is what truly funds the war.

We send over US soldiers to fight the Taliban in Afghanistan.
In turn, warlords sell opium to the official government of Afghanistan.
Who in turn, then legally sell the opium to US pharmaceutical companies with a legal paper trail. Sustaining the American addiction to opiates. Which in turn, funds the warlords paying the Taliban who fight our soldiers.

This is the Military Industrial Complex, simple, and at it's finest.

Americans are supplying the soldiers fighting our own soldiers via proxy.

Good 'ol UCC, Trade Agreements, etc.

Wow, could you possible bring any cold hard facts to support this hypothesis?

Why do people try to talk as if their highly intelligent, but the content itself is pointless banter?

All your preconceived notions on the government, the military and the world in general keep you blind to the real truth. Being a hard core conspiracy buff with no proof of claims is nothing to be proud of, its something to ridicule. I sincerely doubt you have any proof of this statement, matter of fact, i think you made it all up based on other peoples assumptions about government, military and the world.

People like this make it difficult to find the truth because they dilute places like this with pointless, factless conspiracy banter.

As for this insurance file, it is exactly that. Insurance. We can all debate about what it is, but it will lead nowhere. All we can do is wait for the key, or for the cracked version to be leaked.
This is quite the game wikileaks is playing, a very dangerous one too boot. I look forward to more developments.

Originally posted by ledled
For the people asking, because there's a LOT of misunderstanding about this:

And you're not helping by talking about things you only know halfway.

AES is a public-key encryption

AES is NOT a public-key encryption algorithm. It is a symmetric-key encryption algorithm, which means the same key is used both for encryption and decryption. You're probably thinking about RSA, which is the most common PKI algorithm in use.

*REAL* encryption is a one-way process.

No, it's not. If it was, you wouldn't be able to decrypt the data afterwards. Hash functions are one-way, and while hashing is used as a component in most encryption framework, it is not in itself encryption.

The rest is mostly correct, but please, study a bit more so you don't spread fundamental misconceptions like these.

That being said, with the filename being what it is and the text "Salted__" in the header, it is 99.9% certain that the file is encrypted with AES256 through OpenSSL. I am also quite certain they've picked a password that is impossible to brute force with today's hardware - if not, the whole point of the file being "insurance" goes away.