Wikileaks have just released three insurance files

Insurance could just be redirection - could just be that putting that label on it, makes us THINK it is for one purpose, when it is for another - this could be their way of getting information TO a journalist or someone where it is needed. You put it out to everyone and the feds have a harder time seeing how got it that might have the key already.

You take them at their word and help them, and it's just an encrypted file anyway- or you don't care and you don't even seed it.

reply to post by ForteanOrg


AES is a cut and fold algorithm. But you don't have to decrypt it, and probably can't with normal resources, to recover the contents. So, AES is not secure is correct but not for the reason given. It is also correct that it would take an inordinate amount of resources to break the encryption. But it takes a lot less effort to recover the contents. You just have to understand cut and fold properties and try a different angle. Don't try decryption -- rather, just continue encrypting. It's not lossy and it hurts nothing in the contents. Oh -- and I don't mean to continue encrypting until the cycle loops -- that's not necessary either.

You just keep going until you have enough pieces to identify enough of the contents. Different word fragments will reappear as an encryption continues. It's a statistical thing -- you can calculate probable run times to recover a percentage of the contents. In this case, you can get away with recovering less because you can compare to known documents. Duh.

Yeah, even layered encryption should be fully recoverable unless the original encryption was lossy -- then you have to find the missing pieces. Layering means nothing and adds no difficulty to recovery, but does add difficulty to decryption.

Originally posted by MindBodySpiritComplex
This seems to be only the third time they are (publicly) releasing insurance files:

On 29 July 2010 WikiLeaks added a 1.4 GB "Insurance file" to the Afghan War Diary page.

On 22 February 2012, there was another insurance file release, this time 65 GB in size

On 17 August 2013, WikiLeaks released another three insurance files, this time 3.6 GB, 49 GB and 349 GB in size.[96] Like previous insurance files, the contents of these three insurance files are still unknown.

link

And as far as I remember they never released the key to the files. So its just more hype.

reply to post by Maxatoria


If you think that breaking a "Key" is such a big deal, I point you to these respectable "Main Frames"

Tianhe-I - Jaguar - Nebulae - Tsubame 2.0 - Cielo

Any of these could shred the encription and WHO do you think has access to this type of computing power........The CIA, Military, and of course The NSA!!!

(Tianhe-I is Chinese but, for the sake of "National Security" it would be made available)

Originally posted by pistolerooo
reply to post by Maxatoria

 

If you think that breaking a "Key" is such a big deal, I point you to these respectable "Main Frames"

Tianhe-I - Jaguar - Nebulae - Tsubame 2.0 - Cielo

Any of these could shred the encription and WHO do you think has access to this type of computing power........The CIA, Military, and of course The NSA!!!

(Tianhe-I is Chinese but, for the sake of "National Security" it would be made available)

edit on 18-8-2013 by pistolerooo because: A sentence missing when I posted

Those machines are what people are talking about when they say you would need 400 times the entire duration of the universe to break one. The most likely outcome is that AES256 will remain unbroken until quantum computers become a thing. It's going to be a very bad day for every government in the world but one the day a working quantum computer is built. Having exclusivity on that technology is a bigger deal than having exclusivity on nuclear weapons.

If you think that breaking a "Key" is such a big deal, I point you to these respectable "Main Frames"

Tianhe-I - Jaguar - Nebulae - Tsubame 2.0 - Cielo

Those are more properly termed super computers than mainframes.

They are not hiding the contents from the NSA or even the skilled crypto teams at larger companies like Google - both of which probably can trace the material to it's origin.

They are hiding it from individuals lacking state sponsored budgets to crack the encryption.

Wikileaks has done a lot more than what most give them credit for, and by most I mean people who have done nothing at all about fighting TPTB

The "insurance files" will probably contain more top secret documents, which is most likely something on the line of reports about operations in theater and the like. No big relevations. Or maybe its even nothing at all.

NSA has access to an incredibly powerful quantum system that could most likely break such encryption.

Nearly all forms of encryption currently in use by the mainstream is allowed to be in such due to the fact that certain governmental factions have a master key to access such things. Any type of encryption that tends to be circumvent this, is usually quickly removed and/or hidden from the public. Those who receive the blessing of mainstream adoption are those who are vulnerable to this.

The directorates that have a need to know in regards to what is in these insurance files, KNOW what is in these files. The purpose of the INSURANCE file is that they realize that civilians have copies of this file and if they do release the key then what is in these files will be made public.

The debate is not if they can or can't decrypt it (They easily can). The debate is that the contents must be of some interest, as those who stand behind them are still alive and relatively free.

reply to post by DJM8507


And of course there is nothing to back up those statements.

Originally posted by BayesLike
reply to post by ForteanOrg

 

Yeah, even layered encryption should be fully recoverable unless the original encryption was lossy -- then you have to find the missing pieces. Layering means nothing and adds no difficulty to recovery, but does add difficulty to decryption.

You don't know what you're talking about, I'm sorry to say.

Let me prove it to you.

You are, of course, aware that there are many algorithms that can be used to encrypt text. Creative souls might even think of a technique that uses more than one algorithm and more than one key per message, for example key1 and algorithm1 for even blocks, key2 and algorithm2 for odd blocks, or even more complex scheme's.

Now then, say I hand you a stream of bits that do not have any discernible meaning and tell you they are the result of applying one or more encryption algorithms and one or more keys - would you not agree that you would not be able to detect what algorithm / which algorithms were used (on which part of the message) for the encryption, and of course not which key(s)?

The only way I can think of to find the message would be to use each possible algorithm and apply all known keys for that algorithm to each block (of the proper size, of course). You could be sure that at one point you would decode the encrypted text, though that may cost you hundreds of times the age of the Universe. However, maybe you are lucky and succeed on first try. But to see that you succeeded you should be able to detect this. Now say that the message looked like random bytes, would you not agree that you will never be able to detect you found the proper key?

So, then, tell me: if I present you a stream, encrypted with AES256 - I even will tell you this - and when by sheer luck you would 'crack the key' - and the result would be the aforementioned stream of bits (the result of more encryption, using perhaps an unknown algorithm, intermixed algorithms, various keys or a one time pad - YMMV ... - would that not render your attempts to crack my code totally infeasible, regardless the computing power you have? Quantum computers won't do you much good either, don't we agree?

Hence, layered encryption is a very useful method to prevent others to detect your code.

Originally posted by DJM8507
The debate is not if they can or can't decrypt it (They easily can).

They wished they could - but they can't. Your 'backdoor' statement is ridiculous: the algorithms are public and under very much scrutiny by the entire community that has any proper knowledge of encryption and related mathematics. Though the community is not THAT big, it is totally impossible that the NSA has bought all of them - including Chinese, Russian and North-Korean scientists. Also, the simple one time pad proves that there ARE algorithms that can be used to encrypt a message without any chance to recover it with certainty unless you have the key. I am aware of the subsequent key management problems if we would be using one-time pads, but please refrain from absurd statements that it is easy for secret services (or whomever) with plenty of computing power to decrypt any message. It's utter nonsense.

Originally posted by ForteanOrg

Originally posted by BayesLike
reply to post by ForteanOrg

 

Yeah, even layered encryption should be fully recoverable unless the original encryption was lossy -- then you have to find the missing pieces. Layering means nothing and adds no difficulty to recovery, but does add difficulty to decryption.

Now then, say I hand you a stream of bits that do not have any discernible meaning and tell you they are the result of applying one or more encryption algorithms and one or more keys - would you not agree that you would not be able to detect what algorithm / which algorithms were used (on which part of the message) for the encryption, and of course not which key(s)?

Ah, but you keep missing the point. I only want to recover the encrypted information, not crack the key. Trying to crack the code by determining the key is a) stupid and b) completely unnecessary.

Reread what I've posted and quit inserting your concept of breaking the code or finding the key. I don't need to know the algorithm. I don't need the key. I don't need to know much at all in fact to recover the information beyond how many bits are used to encrypt a character. In fact, we can state how long it will take to have 80% of the recovery completed with 99% confidence given a rate of attempts.

Layering and multiple algorithms do nothing of value except waste the time of the person doing the encryption. Random is already random. Duh. No one needs the key. The contents comes back in coherent but short pieces.

What you think you know is mostly very clever misdirection, 1944 linear thinking, totally within the box you have been told to look within. You need to get out more -- outside that tiny box that is.

Originally posted by BayesLike
Ah, but you keep missing the point.

I'm curious how that is. You tend to say that you have superiour knowledge but I still haven't seen a shread of evidence of it. I am absolutely willing and able to learn from anybody, but require some logic that fits my model, or if the model is incorrect, need some proof that it is. You fail to provide any. Sir, you seem to be either a complete idiot or a genius. The latter requires proof or you will by default be seen as the former.

I only want to recover the encrypted information, not crack the key. Trying to crack the code by determining the key is a) stupid and b) completely unnecessary.

You seem to refer to statistical analysis of the text. That can be done but only when the "algorithms" for encoding and decoding are very, very weak. As an example of this: say you'd use a simple conversion table (lookup table) like this one:

ABCDEFGHIJKLMNOPQRSTUVWXYZ
THEQUICKBROWNFXJMPSVLAZYDG

and the encryption algorithm would be "find the letter in the lower row and use the letter above it" and the decryption algorithm would be "find the letter in the upper row and the the letter below it" than surely we agree that the resulting 'ciphertext' for the text "THE DOOR IS GREEN" would be "ABC YKKJ FS ZJCCF".

Say we were not given the conversion table but we knew the message was an english text than yes, you're right: every child would be able to do what you say should be done and figure out what the original text was without having the key. But my example is the simplest of cases, and the 'covertime' is typically a few seconds to a few hours at best, given that only one person looks at it.

Now, I will present another example of a ciphertext. I will give you 1000 euro's if you can tell me the message that is hidden in here:

ALWEDDEWIDGEHASFIDDLESTICKSTHATDANCEAROUNDTHEHOUSE

You may _think_ you know what this message is, but you are mistaken. You don't believe me, of course, as your superiour knowledge and ability to think outside the box ensures that you have the answer before I even tell you what algorithm was used, right? Nevertheless, for the convenience of other less gifted readers, I will reveal the algorithm I used (but not the key, of course). I have converted the message into bits and XORed them with the key of the same lenght using a simple XOR.

Now, Sir, please show me how your 'out of the box thinking' would allow you to crack that message of mine. You don't even have to do it for real - though that would be VERY impressive and would earn you a nomination for a Nobel prize - simply say how you think to solve the puzzle in a clear and understandable way and I will stand corrected, humbly and gratefully.

What you think you know is mostly very clever misdirection, 1944 linear thinking, totally within the box you have been told to look within. You need to get out more -- outside that tiny box that is.

Go on than and prove it.

Originally posted by ForteanOrg

Originally posted by DJM8507
The debate is not if they can or can't decrypt it (They easily can).

They wished they could - but they can't. Your 'backdoor' statement is ridiculous: the algorithms are public and under very much scrutiny by the entire community that has any proper knowledge of encryption and related mathematics. Though the community is not THAT big, it is totally impossible that the NSA has bought all of them - including Chinese, Russian and North-Korean scientists. Also, the simple one time pad proves that there ARE algorithms that can be used to encrypt a message without any chance to recover it with certainty unless you have the key. I am aware of the subsequent key management problems if we would be using one-time pads, but please refrain from absurd statements that it is easy for secret services (or whomever) with plenty of computing power to decrypt any message. It's utter nonsense.

edit on 19-8-2013 by ForteanOrg because: (no reason given)

I perhaps misspoke, there is not a "BACK DOOR" but there are vulnerabilities that are unknown to the public at large and will remain such for quite some time. Once it is discovered the industry will once again shift to a "new" more "secure" system.

As for their computing power, the technology they posses, regardless of any vulnerability in encryption standards, could quite easily, and within a reasonable time, decrypt.

But as it has been said, without evidence this is all hearsay, and evidence cannot be provided without risk of personal, and national harm.

Originally posted by DJM8507
I perhaps misspoke, there is not a "BACK DOOR" but there are vulnerabilities that are unknown to the public at large and will remain such for quite some time. Once it is discovered the industry will once again shift to a "new" more "secure" system.

Surely any system may have vulnerabilities that are not yet discovered. But I don't see any reason to believe that there are planned vulnerabilities in say the AES algorithm.

But of course, if you think there are, you might use one of the other (publicly available) cryptosystems, like Twofish, Blowfish, IDEA or even 3DES. Or delve into ECC, that allows much shorter keylengths - or better security with the same keylengths. Or do some trickery yourself: either think out your own algorithm, or use other's to inspire you. Or use layered encryption; both vertically (one block uses another algorithm/key than the next) and horizontally (you encrypt with one, decrypt with the next, encrypt with the third, using any algorithm and key or set of keys you'd like). In short: if you really have information that needs to be kept secure AND needs to be transported over a public network, you have plenty options. The NSA will probably know that you sent an encrypted message. They will know to who(m). They may visit you. But they will NOT be able to decrypt your message, unless they had access to your computer and managed a side attack or you were sloppy with the keys.

But as it has been said, without evidence this is all hearsay, and evidence cannot be provided without risk of personal, and national harm.

I don't think that's the reason. I think the evidence is just not there. Hearsay, indeed, and hearsay that serves some secret services well, as it suggests they are manned with a special breed of human beings, that have access to technology that is not available to others. I can assure you that is not the case. Intelligence is still the most useful tool for any .. er.. intelligence service. They will simply ask you what message you received instead of trying to decode it. Cheaper and much faster. It are the blabbering fools that give away secrets, not the encryption algorithms..

That 349 gig file.....videos! Aliens! Or at least I can hope.