WikiLeaks Posts Mysterious 'Insurance' File

statsman, no it should be:

pws=('cat superpasswordarchive.txt');

where superpasswordarchive.txt is list of words delimited by spaces.

eg: one two three four

> he just painted a target on his head for the US's enemies. Not smart.

Well I guess that means the US needs to protect him then ...

Originally posted by freedommusic
> he just painted a target on his head for the US's enemies. Not smart.

Well I guess that means the US needs to protect him then ...

Heh Heh - Exactly! - right?



However - at this point - I am pretty convinced this is little more than security theater...

Perhaps - at one point - Assange was not in the CIA's pocket - but I feel it is way too likely that now - like Bin Laden and Hussein before him - he's THEIR goto man now.

We should definitely keep a healthy skepticism on any/all information coming out of wikileaks these days...

If WL replied to freedomusic's email, "you almost got it!", then we should take into account that what they said could be sarcasm or they are actually telling him that he almost cracked it which means that they're probably waiting for the file to be cracked. Out of all the intelligient individuals in this world, there must be one person that can take into account the "Assange" mentality and find out the password.

It's just a matter of time.

Originally posted by The Ghost Who Walks
For F-Sake! There is no hidden agenda, no virus, no world domination, no (whatever your tiny little mind conjures up) The insurance file is pure and simply a backup file ( that hopefully most of the world has downloaded) to ensure that history will not be glossed over should the internet/Wikileakes ever be wiped-out. If the US government have their way, their atrocities would be swept under the carpet. Never to see the light of day again.
I apologise to my American friends in advance but you have been spun a load of bull#e for most of your lives and now is the time to stand up and be counted. Your government has plunged your country into the depths of hell and you really need to drag it out before it is too late. You used to be respected but now, sadly, you are hated with a passion. You have allowed Bush (Snr and Jnr) to devalue your credibility through-out the world. No-one respects you and no-one trusts you. Get your FN act together. Piss these Ar$eholes off that "rule" your country and start taking control. (When I say "piss" I mean "get rid of" )
Your military and government are doing a number on you. How much longer are you going to bend over and take it up the ar$e?

Don't you just hate it when you make one of the most relevant points and it gets lost at the end of the previous page.

I agree with everything you said, but would add: I still think that the insurance file is new information or atleast contains some.

> If WL replied to freedomusic's email, "you almost got it!", then we should take into account that what they said could be sarcasm


Heh, my take is they were just kidding around. They probably got a kick out of the fact that people are trying to guess the key.

No link yet, but the US Government are calling for Wikileaks to hand over 15,000 documents not yet released relating to Afghanistan. Are these the docs on the "Insurance" file?

Heard on BBC World Service.

reply to post by mirageofdeceit


I heard something similar on msnbc today too. Something about the Pentagon wanting Wikileaks to fork over documents.

reply to post by mirageofdeceit


YIKES!


Yours was the 666th post on this thread.


Hey everyone, I think I found the Anti-Christ!

Lets see, we have 1.4 gigabytes of information being protected by a 32 byte password. Even discounting the hashing that is about 99.9999968 % pure data. Should be easier than corn syrup for someone to view..

Originally posted by Bordon81
Lets see, we have 1.4 gigabytes of information being protected by a 32 byte password. Even discounting the hashing that is about 99.9999968 % pure data. Should be easier than corn syrup for someone to view..

You are kidding, right?

Originally posted by Myendica
Sounds like it could be exactly what it says, Insurance. Incase Wikileaks gets attacked or affiliates go missing or get murdered, or commit suicide.

Perhaps it will just decrypt itself and display to all some damaging stuff. Perhaps Wikileaks has info so damaging to individuals, but keep it locked away as bargaining chips. They may have even had contact and came to an agreement that Wikileaks is trying to do something else, and not take that perticular individual down.

Quoted from re-directed thread.

Originally posted by _R4t_
Its total genius tho... he knows a TONS of people will download this and wait patiently... all he needs to do is give the keys to a bunch of people and have them release it if anything happens to him... He could even set one of those "message after death" site with the key to send emails to certain people if he pass way he can count on it being released...

Anybody read Daemon?

reply to post by didact


LOVED Daemon.

Highly recommended read for everyone enjoying this thread.

I can't shake the thought that it's just an intelligence tool. It's too classic of a scenario, see who downloads it, and why.

oh... wait so it needs to like like in file like so?
ex:A B C D E F... ETC.?
If so I am going to hate life. Could it be like
Ex:A
B
C

reply to post by Staatsman


If you want to use new lines instead of spaces and the shell is not properly parsing your file into an array, then transform your input file, either in your shell script or prior to running your script on the file. The quickest way I can imagine is to change the line in question in your script to something like this:

pws=(`cat superpasswordarchive.txt | tr "\n" " "`)

Nevertheless, either we'll all be dead or WikiLeaks will have released the key long before you crack it. I don't see why they'd bother encrypting this file if they were going to pick a password that could be easily cracked with a dictionary and brute force. We're talking about a serious mathematical/engineering problem here that isn't going to be knocked out by a few lines of code. Good luck, though.

Edited to clarify first paragraph.

[edit on 6-8-2010 by bikeshedding]

reply to post by depth om


I don't see the value as an intelligence tool. What is it really proving in that scenario? That person X is potentially interested in secrets and has a gig and a half of free space and the patience to wait on those secrets? Aside from the hard drive space, that's pretty much everyone. If it's a tool, it seems like a dull and costly tool with little viable use other than to suggest that certain parties might be interesting to spy on. To then spy on those parties takes resources like manpower, time, and most importantly: money. Is it worth allocating those resources to keep an eye on Joe Blow in Nowhere, Kansas because he decided to download a file that he can't read? I don't buy it.

The facts is this file has been release... END OF STORY

Imagine 10 years ago trying to crack 40bit encryption with your old 486 pc... It was close to impossible.

So all you do is download the file, wait about 5-10 years and our computers will be strong enough to crack the file with some piece of software that has been developed.

The truth will come out.... even if it is nothing in the file


[edit on 6-8-2010 by bluedrake]

If this is AES, you don't have to bruteforce the whole 1.4 GB file..
Bruteforce the first two blocks.
Use 'file' utility to determine the likely file type by those blocks.
In this particular case 1.4 GB file is most likely an archive.
Then weed out everything coincidental. For example, by increasing the number of blocks and then fully decrypting and catching the errors.

Sample file type tester:

#!/bin/sh
ISIT=`openssl enc -d -aes256 -in ./insurance.aes256 -pass pass:$1 2>/dev/null | head -c32 | file - | grep -c "/dev/stdin: data"`
if [ $ISIT -eq 0 ]; then
echo Interesting. $1 `openssl enc -d -aes256 -in ./insurance.aes256 -pass pass:$1 2>/dev/null | head -c1024 | file -k - `
openssl enc -d -aes256 -in ./insurance.aes256 -pass pass:$1 2>/dev/null | head -c64 | hexdump -C
fi

Usage:
./test.sh password
Output:
Nothing if it looks like garbage, something if not so.

Check it out on some sample encrypted files with known keys.
Should save you tons of cpu cycles, have fun.

The quoted email by Wikileaks suggests that they've used a weak key on purpose. Otherwise I see no reason for them to add fuel to this fire and frustrate a lot of people in the process. As matter of public relations, they've should have out right stated that we won't crack it and that they don't want us to. So it looks like that this file is too hot even for them to release so they are using us to shift some blame away.
If so, the cat is out the bag and it will be cracked no matter what, it's a question of time.