It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Originally posted by qualitygossip
Wikileaks to hold news conference tomorrow at 10am GMT in London.
Could be quite interesting, surely they will ask him about the insurance file?
Edit - changed 9am in error to 10am.
[edit on 8-8-2010 by qualitygossip]
Originally posted by dominicus
we need to make sure at least a few hundred ATS members have this file downloaded in case Assange does release the password.
He is being threatened by US Gov and is saying he may release it
Originally posted by JBA2848
My thought is a side attack on this would work.
Originally posted by JBA2848
The password would not be heavily encrypted like the file itself or no program could decrypt the password to match it to one entered.
Originally posted by JBA2848
The password is stored in the file
Originally posted by JBA2848
so that multiple programs can open it.
Originally posted by the.krio
Basic four char brute turned up nothing, but here are intermediate results for someone who knows what he's looking at in case I missed something:
livzi.net...
Five chars underway.
AES extra data field
A file encrypted with AES encryption will have a special "extra data" field associated with it. This extra data field is stored in both the local header and central directory entry for the file.
Note: see the Zip file format document referenced above for general information on the format and use of extra data fields.
The extra data header ID for AES encryption is 0x9901. The fields are all stored in Intel low-byte/high-byte order. The extra data field currently has a length of 11: seven data bytes plus two bytes for the header ID and two bytes for the data size. Therefore, the extra data overhead for each file in the archive is 22 bytes (11 bytes in the central header plus 11 bytes in the local header).
The format of the data in the AES extra data field is as follows. See the notes below for additional information. Offset Size(bytes) Content
0 2 Extra field header ID (0x9901)
2 2 Data size (currently 7, but subject to possible increase in the future)
4 2 Integer version number specific to the zip vendor
6 2 2-character vendor ID
8 1 Integer mode value indicating AES encryption strength
9 2 The actual compression method used to compress the file
File format
Additional overhead data required for decryption is stored with the encrypted file itself (i.e., not in the headers). The actual format of the stored file is as follows; additional information about these fields is below. All fields are byte-aligned.
Size
(bytes) Content
Variable Salt value
2 Password verification value
Variable Encrypted file data
10 Authentication code
Note that the value in the "compressed size" fields of the local file header and the central directory entry is the total size of all the items listed above. In other words, it is the total size of the salt value, password verification value, encrypted data, and authentication code.
Why is there an authentication code?
The purpose of the authentication code is to insure that, once a file's data has been compressed and encrypted, any accidental corruption of the encrypted data, and any deliberate attempts to modify the encrypted data by an attacker who does not know the password, can be detected.
The current consensus in the cryptographic community is that associating a message authentication code (or MAC) with encrypted data has strong security value because it makes a number of attacks more difficult to engineer. For AES CTR mode encryption in particular, a MAC is especially important because a number of trivial attacks are possible in its absence. The MAC used with WinZip's AES encryption is based on HMAC-SHA1-80, a mature and widely respected authentication algorithm.
The MAC is calculated after the file data has been compressed and encrypted. This order of calculation is referred to as Encrypt-then-MAC, and is preferred by many cryptographers to the alternative order of MAC-then-Encrypt because Encrypt-then-MAC is immune to some known attacks on MAC-then-Encrypt.
Originally posted by JBA2848
reply to post by ymgve
Here winzip lets out some secrets.
--- SNIP ---
Originally posted by JBA2848
reply to post by ymgve
Your talking about the simple encryption built into computers now and not talking about aftermarket encryption systems. Aftermarket encryption systems operate a little different.
All the block ciphers normally use PKCS#5 padding also known as standard block padding: this allows a rudimentary integrity or password check to be performed. However since the chance of random data passing the test is better than 1 in 256 it isn't a very good test.
Secure your documents with 128- or 256-bit AES encryption
Choosing encryption while using WinZip will give you a way to protect sensitive documents contained in your Zip files using the advanced AES encryption technique. AES is the Advanced Encryption Standard, the result of a three-year competition sponsored by the U.S. Government's National Institute of Standards (NIST). This encryption method, also known as Rijndael, has been adopted by NIST as a Federal Information Processing Standard.
The contents of the files that you want to protect are encrypted by WinZip based on a password that you specify. In order for WinZip to later extract the original contents of the encrypted files, the correct password must again be supplied.