WikiLeaks Posts Mysterious 'Insurance' File

reply to post by the.krio


Nice optimization. I still think the problem is approaching impossible for a single machine with present technology, though, provided that it really is encrypted with AES-256. I see no reason not to take their extension at its word.

In my opinion, the mere suggestion that the file is encrypted with AES-256 should be notice enough that we won't crack it any time soon. I'd measure "soon" in years. Recall that it took distributed.net five years to crack RC5-64 between 1997 and 2002. AES is a much stronger cipher with a keysize that is 4 times larger.

I see no compelling evidence to suggest that a weak key was chosen (certainly not in that email), but I do admit that it is a possibility. In my opinion, it is however a possibility that doesn't really make sense. High encryption should use a strong key, or there really isn't a point in it. If they just wanted to have a pointlessly simple challenge, then they might as well have XORed the file against something silly and obvious like "FAUCET" and called it a day.

Edited to correct typo.

[edit on 6-8-2010 by bikeshedding]

I see today on the cryptome site, it says that if Wikileaks is taken down, the 'insurance' file, as well as an archive of all of the Wikileaks documents so far, will be available there. Well done cryptome!!

Can't believe the gung-ho demands of the USA for Assange to delete/hand back the war diary files. A bit like trying to shut the stable door after the horse has bolted. Trying now, to exert some kind of power over this is not going to do the USA any good. They are probably better just admitting that this war is wrong and they'd get a lot more respect for that, than banding about all of these thinly veiled threats.

Also, at the end of the day, this is not just an American problem....as we know, lots of countries have so far been exposed by Wikileaks for wrongdoing. I see it as more of a world-wide issue where attitudes and Government practices everywhere need to be looked at and changed as applicable. Tomorrow it could be France or Australia, Thailand (who knows, name any country?) on the end of scandalous leaks. Someone said earlier that if there was nothing to hide, there would be no Wikileaks and that is so true.

It seems like far too many people support this cause for open information, for it to go away. It is going to be very interesting to see how all of this unfolds and I really hope that it gives way to more open communications between Governments and the public in the future. (wishful thinking)

You never know what kind of information the government might find interesting.

Remember we had that challenge to find 10 balloons that were distributed geographically in different areas of the united states.

Maybe this large encrypted file was put up as a similar challenge? A single AES256 bit key is not that large considering the amount of data that it is charged with protecting. Some people have suggested it might be crackable using a distributed dictionary attack.

Another approach would be to just wait till some pro hacker breaks the key with an optical code cracker. We are not going to get very far using sequential algotrithms, but there must be hackers out there that have broken AES 256 using home built parallel processing optical techniques. De scramble a few blocks on the PC then project the results through a hash filter.

Granted the original pass phrase may not be returned due to the trap door nature of hash functions but at least we should be able to decrypt the archive.

[edit on 6-8-2010 by Bordon81]

I think its funny the way that you people are looking at this. If they wanted this encryption cracked by us regular joes they wouldn't put up such a strong encryption.

It's purely meant so that the US and maybe other country's governments to open it up and truly appreciate what wikileaks is capable of. I'm pretty sure that the FBI, NSA, and Al-Qaeda in America (CIA) already know what's in there.

[edit on 6-8-2010 by Tnewguy]

Originally posted by bikeshedding
reply to post by depth om

 

I don't see the value as an intelligence tool. What is it really proving in that scenario? That person X is potentially interested in secrets and has a gig and a half of free space and the patience to wait on those secrets? Aside from the hard drive space, that's pretty much everyone. If it's a tool, it seems like a dull and costly tool with little viable use other than to suggest that certain parties might be interesting to spy on. To then spy on those parties takes resources like manpower, time, and most importantly: money. Is it worth allocating those resources to keep an eye on Joe Blow in Nowhere, Kansas because he decided to download a file that he can't read? I don't buy it.

I don't know that I would lean toward this being primarily an intelligence tool either, but it's certainly feasible data collected on it could be used that way, and there is no doubt data is being carefully collected (no logical doubt, anyway - this is an assumption on my part, and assumptions by default...nevermind). But it could be useful not only as a government intelligence tool - but as a 'whistle blower's' or watchdog intelligence tool, or even a political intelligence tool (though I think that would be stretching it).

For the most part, the infrastructure is already in place for much of tis. It would be little more than additional automated monitoring of select locations, individuals, queries, etc.

I still like the earlier post (I wish I could remember the author's name - I should go find it...) about assessing value based on the resources thrown at it.

reply to post by bikeshedding

I see no compelling evidence to suggest that a weak key was chosen (certainly not in that email), but I do admit that it is a possibility.

By merely still disputing this the chances of it being true is increased, it is a matter of 1 minute for Wikileaks to clear that up. So the further we publicly push it with cracking with Wikileaks avoiding straight answers, the higher the probability that we'll crack it sooner rather than later. See my point? Even if this is not true and WL is just toying with us, it's still a good exercise. And if it is true but you're afraid of consequences - it's already too late to stop it. So I don't see why we shouldn't do this in public.

Originally posted by the.krio
... The quoted email by Wikileaks suggests that they've used a weak key on purpose. Otherwise I see no reason for them to add fuel to this fire and frustrate a lot of people in the process. As matter of public relations, they've should have out right stated that we won't crack it and that they don't want us to.

OK - I have what my be a stupid question (see disclaimer in earlier post somewhere), but - is it even possible to use a so-called "weak key" with this kind to crypto-mojo? The idea of a weak key/password has been mentioned a lot - but discussion relative to HOW this encryption is accomplished seems to negate a 'weak key' theory

And regarding the email and PR - my two cents: The email reply probably included sarcasms. Imagine how many emails they must be receiving from people with all different levels of experience (though probably fewer from those with the most experience, as they generally seem to believe cracking is impossible). It probably wasn't a nice thing to do, but nevertheless.

Since we don't really know what the situation is, we can't really speculate as to the best PR method, but I don't think Wikileaks is concerned much with PR. They obviously DON'T want to provide press releases regarding this. I'm assuming their actions are strategically carried out to best serve whatever the ultimate goal is (even if the goal is a hoax as some have suggested).

Also, I'm interested in what you (the.krio) meant with your last comment:

So it looks like that this file is too hot even for them to release so they are using us to shift some blame away.

misinformational started some discussion earlier about legal liabilities and such, but it hasn't been expanded on yet. I was wondering if your comment was relevant to that or if you meant something else entirely.

reply to post by the.krio


I'm not saying that it can't or shouldn't be brute forced. It certainly can. Given a long enough time line, of course the probability of success increases with an operation like this. But I do think people should be aware that it is no simple task if the key isn't insanely weak. I noticed several posts however that seemed to think that dictionary attacks ought to be a breeze, and so I wanted to underscore that.

Even if a weak key was not chosen any password/passphrase is hashed. That probably means a 64 bit collision will exist. The government likes to keep the cost of their code breaking equipment to a minimum after all.

There has to be an optical hack out there that someone has developed to crack this stuff. It would work on the principle that the incorrect hash values superpose out leaving the *correct* hash value to unlock the archive. When you change your code breaking algorithm from a sequential pc based process to an optical parallel based process the math changes. 2^64 brute force sequential trials becomes only 2*64 projected possibilities. Think about it.

reply to post by Bordon81


To my knowledge, the only identifiable exploits for AES are academic/theoretical. I could be incorrect about that, and as always, research on the matter is encouraged. If anyone can offer a correction, please do. Note that this is not to say there are no known attacks against AES (there are, and the Wikipedia page on AES does a decent job of summarizing them).

In other words, we in the private sector have some ideas of what we could do, but they are technically impossible or highly improbable at this time. I cannot attest to what the NSA can do, but as far as the public domain is concerned, there are no documented attacks that can be readily exploited at the moment. If there is an individual out there with a successful optical attack on AES-256, then that individual has done a heck of a job at keeping it quiet.

Edited for clarity.


[edit on 6-8-2010 by bikeshedding]

reply to post by sjrily

The idea of a weak key/password has been mentioned a lot - but discussion relative to HOW this encryption is accomplished seems to negate a 'weak key' theory

And regarding the email and PR - my two cents: The email reply probably included sarcasms.

As I'm trying to say, our estimation of that probability is influenced by what we do and post here.

misinformational started some discussion earlier about legal liabilities and such, but it hasn't been expanded on yet. I was wondering if your comment was relevant to that or if you meant something else entirely.

The blame MSM would be able to pin on them.

reply to post by sjrily


It's certainly feasible that any collection of data could be used for intelligence purposes. I don't dispute that; however, I think that this particular data is not as meaningful as we tend to imagine it is. If the government has the power to plant an encrypted file on Wikileaks, then the government effectively runs Wikileaks. In that case, submissions of documents to Wikileaks itself would be the most useful intelligence insofar as whistle-blowing is concerned.

I guess what I'm saying is that in this case I think logs of downloads of the file constitutes trash data compared to the other places on the internet that could be mined for intelligence instead.

reply to post by Tnewguy


This is what I personally speculate has happened -- emphasis on speculate.

I feel like the message is not targeted at us per se, though we may be allowed to know its contents. But ultimately our role is to serve as a check against the receiving party, should it decide to shoot the messenger.


[edit on 6-8-2010 by bikeshedding]

reply to post by Bordon81


Even if someone has a parallel optical computer in their basement and can brute force this file, how can he know that he was successful?

The resulting file may be something that cannot be recognised, so even if the password is "ONION" how can it be verified as the original?

I have come to the conclusion you will not be able to crack this file without the original hard drive or a hard drive of the exact same make with the encrypted key inside. This file is a image file of there hard drive. The hard drive used is similar to this.link The hard drive has a key or digital signature. The computer connected to this hard drive also has a key plus password. that is hashed with the digital signature added. The file searches for the password picks up the key matches it to the hash then verifies with a digital signature. A backup of the hard drive can be made into a digital image or burned on a dvd. But that copy must be placed in a hard drive of the same make with the same internal key for it to work.

The hard drive also has a built in self destruct after 10 failed passwords. When wikileaks was attacked in January of 2008 linkthey said there was a fire related to there dns attack by the US government. I say there system was hacked someone got to the hard drive and entered the wrong password 11 times and destroyed there hard drive. They had a backup copy of the disk but had to replace the hard drives with the same ones that caused the problem in the first place. So this file is just a taunt that they can restart any time any where.

To break this file you have to have the same hard drive they use. (The wikileaks insider could help with that.)You have to have the key for that hard drive. (Secret im sure) Or you can mount this file in a image drive and spoof the hard drives digital signature.(Difficult but Daemon tools does similar joblinkVirus software will delet it) This file is mountable in a image drive as is now but a computer does not recognize the format. The digital signature is a unix string. I found this out by running the file through Aescryptlink and then running that as its working through another program Ollydbglink and find the failed points.

The hash can be cracked theres rumors that some one broke aes256 with a rainbow chart link but no one knows for sure or atleast there not talking. Good luck to those who are still trying!

Has anybody tryed programs like mathmatica for reverse engneering a hash? link

Also heres Assanges pgp key.
gpg-keyserver.de...
gpg-keyserver.de...
But I believe that is for his tor security links.

Found this web siteand they claim to crack hashes quickly.lasecwww.epfl.ch...

[edit on 6-8-2010 by JBA2848]

reply to post by ArMaP


Thats a good point, a hacked optical parallel processing computer might break the code without revealing the original pass phrase. I'm guessing the more advanced government computers use a polarized light approach that would reveal the hash value of the successful key. Of course I've never seen a decrypted AES message but there are probably header or footer characteristics that are used to identify a successful decrypt. The pros could also use color characteristics since random white noise is going to look different then most objects even if they have been compressed.

If a hacker does recover a hash value that will unlock the archive they can post a useable key here on ATS.

reply to post by Bordon81


The decrypted message is the same byte stream that was fed to the encryption system, so if you encrypt a PDF file you will get the same file when decrypted.

So, if the original file was already something that cannot be directly recognised it will undistinguishable from a file decrypted with the wrong password.

reply to post by JBA2848


From what you wrote it makes me think that you are implying that the password is somehow embedded in the encrypted file, is that it?

reply to post by the.krio


No, I meant my question literally (again, I know nothing about data encryption). Would the encryption process (assumed to be AES) even ALLOW you to create a weak key/password - similar to when you create passwords - sometimes the programming is such that you are forced to meet certain criteria. Does that make sense?

reply to post by ArMaP


I think the password (hashed) follows the salt which is (hashed) in the file but theres also the problem of the digital signature (hashed) from the drive to.
salt-password-digital signature are in the header of the file.

digital signature is in the hard drive itself not in the computer.
salt or key is in the computer.
password comes from typing on keyboard.

hidden key.
Salted__Þsïó^9ÚúHS[mÂ?4b /
4b sizeof salt. Þused to mark begining of salt. ? ends salt.

Passsword.
ŽÿŠ5àÅJ?fníÈ?
? ends password.

I think this is the digital signature from hard drive.
I$?Eäóx?TÓŠa




[edit on 6-8-2010 by JBA2848]

[edit on 6-8-2010 by JBA2848]