WikiLeaks insurance password (possibly) incoming!

Originally posted by randomer
reply to post by ImaginaryReality1984

 

Then i would explain where i dowloaded the file from and explain that nobody knows the password. I think this would stand well in court and its not like they have to take my word for it they could easily check for themselves.

Sadly no, an encrypted file is by it's very nature ambiguous. You could explain sure but they don't know the contents and your refusal would mean you end up in prison. Think about it, lets say i have something to hide. I merely have to make sure the encrypted file container is the same size as the wikileaks one and claim it's wikileak data, they don't know if it is or isn't so if the password isn't released then by law i can be imprisoned for witholding the key to encrypted data as maybe i'm just hiding something.

Oh and funny thing, if the encryption key is released and they crack it on your hard drive then you are still in trouble. If any of ths data is classified then you will be imprisoned because by law anyone without clearance who harbours classified data can be imprisoned.

reply to post by Enthropy

'Old' insurance file:
- md5sum check -

94a032849b1f446e3a1ed06cf4867a56 insurance.aes256

- sha1sum check -

cce54d3a8af370213d23fcbfe8cddc8619a0734c insurance.aes256 (matches the one on the wikileaks website)

'New' insurance file: (from twitter torrent link)

- md5sum check -

94a032849b1f446e3a1ed06cf4867a56 insurance.aes256

- sha1sum check -

cce54d3a8af370213d23fcbfe8cddc8619a0734c insurance.aes256


So i think you did sth wrong i have both files on 3 seperate machines, 2x debian lenny, 1x debian hurd (modded) - checked them all

reply to post by Enthropy


The hash you are referring to is different from the sha1 hash of the encrypted file.
You want to do this

$sha1sum insurance.aes256

to check your file.

Here are some alternative download places for the file just in case...

Piratebay:
thepiratebay.org...


Where it started:
www.torrentdownloads.net...

Originally posted by Enthropy

Originally posted by fraterormus
This file which I downloaded last night gives the following hash/sha1sum:

SHA1(insurance.aes256)= cce54d3a8af370213d23fcbfe8cddc8619a0734c

This matches the hash/sha1sum of the original file released on 29 July 2010, meaning it is the precise same file. If one character had been changed it wouldn't match.

How come the hash of the torrent I'm downloading is different from what you posted?
So they changed the file?

It's:
76A36F1D11C72EB5663EEB4CF31E351321EFA3A3

now..

What you just listed (76A....) is the info hash of the torrent. Once the file is downloaded, obtain a sha1 sum of the file, and it will match (cce54...). I am seeding that same torrent (same info hash) and can confirm that the sha1 of the file contained within matches what was originally posted by wikileaks.

If this is viral on every known forum and site that would be discussing this topic,

then have you considered it may

be a defence tactic to try and catch or discover

any potential individuals who may have the ability to

become a problem for them in the future?

reply to post by fraterormus


There is just one flaw in your theory. Let's say a super hacker guy cracks the aes256 encryption, and the contents of the file are useless, lets say rip of kung fu panda (gotta love that film) do you think the gut is going to go around bragging that he cracked the encryption now he know that he can do it, and if he is not to dumb knows that that knowledge can take him along way.
Anyways all that to say that for your theory to work there must be someting important in the file or the super duper geek cracker will not say a word about his exploit... and that also works if something important is in the file (the guy may also keep it to himself, god he's just cracked the impossible!)

reply to post by TheDeader


The hash he is looking at is used by the torrent to check each file segment received.

reply to post by Vandalour


Both of those torrents appear to lead to the same trackers. I could be wrong of course.

Look in the end if you're downloading torrents like this i suggest you use an encrypted VPN server, preferably utilizing Open VPN. Try and use VPN's in countries that value freedom and prvacy (sweden, iceland etc).

There are alternatives to this but they're not legal and i don't think ATS will allow the details.

Originally posted by Enthropy
How come the hash of the torrent I'm downloading is different from what you posted?
So they changed the file?

It's:
76A36F1D11C72EB5663EEB4CF31E351321EFA3A3
now..

The Hash you posted is not the SHA1 Hash of the digest of the encrypted file. That is the Torrent Hash. Similar concepts, but they are entirely different.

The Torrent Hash is located in the .torrent file that the client uses to verify the right data that is being transferred. It contains information like the file list, sizes, pieces, etc. Every piece received is first checked against the hash. If it fails verification, the data is discarded and requested again.

Whereas the actual file itself, has a SHA1 Hash to verify that the encryption is intacta and unaltered.

In order to get the SHA1 Hash of a file you have to have OpenSSL installed and run the following command:

"openssl dgst -sha1 insurance.aes256"

That command will read the digest of the encrypted file and determine it's SHA1 Hash which should match what I posted if it is intacta and unaltered from the original.

EDIT: I guess several others beat me to it and explained it already. Doh!

reply to post by mrahab

you can confirm ???
I find it very suspicious
that this is your very first
post on this web site
and it comes in this thread.
Is something smelly here
Mr Ahab???

Originally posted by Blaine91555
Wikileaks is following an obvious pattern. This long drawn out advertising campaign (lets call it what it is!) is to increase revenue. Should be obvious to everyone as the pattern repeats. Oh, the drama of it all

Yep.

Think about it. Why would they release a big file without password? If they are in troubles they would release the password, right?

Why 2 steps?

They would only need to release the whole file without encryption and password in case of troubles.

Unnecessary step, obvious advertising campaign.

Got to raise awareness some how.
what ever it takes

or is this all a diversion
of something else we
need to be paying attention to???

Im going to avoid downloading this insurance file untill its confirmed that it isnt a massive virus. i have a feeling it is.
2nd line

There's a new update on their twitter feed suggesting that their communications infrastructure is under attack, along with some possibly coded words.

reply to post by IamCorrect


www.abovetopsecret.com...

its pretty interesting....

Originally posted by Esger
Think about it. Why would they release a big file without password? If they are in troubles they would release the password, right?
Why 2 steps?
They would only need to release the whole file without encryption and password in case of troubles.
Unnecessary step, obvious advertising campaign.

Without the 2 steps you have to choose between dissemination and insurance.

When you have dirt it that the government doesn't want out it can be used as leverage, as a form of insurance, by saying "If something happens to me, I already mailed off a copy to 10 friends to hold who will go to the press with it." Well, if the secret is that big, it's not that hard to round up where you sent a copy, especially in today's information age.

So, you want to disseminate that information to as many people as possible. The government can't round up millions of people around the world. However, if you disseminate that information in the clear (meaning without encryption), then you no longer have any leverage or insurance. You folded your hand instead of holding to see if the government you are playing poker with was bluffing or not.

By encrypting it, he was able to disseminate that information while still retaining leverage.

However, that doesn't mean it still couldn't be a variation upon a Viral Media Campaign or just plain old showboating by a media-whore to keep the attention and spotlight on him.

Originally posted by boondock-saint
or is this all a diversion
of something else we
need to be paying attention to???

Im going with you on this one. What ever it is it seems to be working, look at how many threads on this topic alone.
And it seems to be growing by the hour.

Latest tweet from WIKILEAKS:

"WikiLeaks communications infrastructure is currently under attack. Project BO move to coms channel S. Activate Reston5."

This just got REAL...... didn't it?