It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
By default, under the spec, DKIM doesn't sign or check signatures on most parts of the envelope (i.e. message header elements like these), but the sender can specify that they are signed with (for example) an 'h=From:;' in the DKIM-Signatures header. Consider this scrap of message header:
Date: Thu, 8 Aug 2013 21:44:28 -0700 (PDT)
From: Barack Obama
From: Random Spammer
Reply-To: Random Spammer
Subject: Awarded a Pulizer for "DKIM is Harmful"
To: "Joseph Shmoe"
Note the two From: fields. If such a message is sent to DKIM with 'h=From:', both fields may be included in the signature (the standard isn't clear on the matter), and the end user may see the first one. In other words, the recipient (Joe Shmoe) may see a DKIM-verified message coming from firstname.lastname@example.org. Incidentally, you can also insert multiple To: or Subject: fields and these may also result in misleading behavior.
But it's worse than that. Because DKIM only signs the specified parts of the message, the message can be forwarded on by an intermediary that inserts the extra fields, and the signature will still match. This is called a replay attack.
"If the password is ever released ("Whatever happens, even if there's video; it was murder"), the files are encrypted via OpenSSL file encryption. "
The Great Wizard of Leaks had been exposing the corruption of the Kings and Rulers for a long time. But one day after exposing their treasonous actions in foreign lands, they decided that he had gone too far. As a result, The Great Wizard was forced to take refuge in a castle that the Kings and Rulers did not control. The Great Wizard resided here for five years and continued to cast spells that upset the people's tyrannic rulers.
However, on October 15th in the Current Year, the Rulers had had enough and decided to unplug the source of the Great Wizard's power (the Internet), thereby preventing him from interfering with their rigged election which favored the Great Witch of the West (aka: The #). Despite this, The # still lost to the Almighty Knight Sir Trumpador Maximus Decimus Meridius III, who claimed he had plans to bring peace to the Lands and "drain the swamp" that gave The # and her cronies their power. Although sensible people were not all trusting of Trumpador, most of them realized that he still represented their best hope.
Things started looking better in the West, but there were still some problems.
Well known and generally despised Gargoyle $oros was trying to sow seeds of division amongst the people in order to regain control. He had managed to split the people of the land broadly into two opposing groups, The Left and The Right, exploiting their fears by exaggerating everything unkosher that Knight Sir Trumpador Maximus Decimus Meridius III had said. The Gargoyle even went so far as to fund civil rebellions, using the same techniques of subversion that were used in other lands to the East to overthrow Governments that the Gargoyle did not like. "Divide and conquer!" he had told The # and her cronies. "It is far easier to conquer a land if the citizens are divided and cannot put up a unified resistance!"
Meanwhile, The Great Wizard may have had his own woes. Since his source of mana (Internet) was cut, the people had not heard from him and his group of apprentice wizards (belonging to a noble order known as WizardLeaks). They had become seemingly incommunicado. Rumor has it that their order was infiltrated by treasonous goons working on behalf of The # and the Gargoyle and it was entirely possible that the Great Wizard himself had been captured.
The King and his Alphabet Stooges may have been clever here though. Instead of letting the people know that the Great Wizard had been illegally abducted, they may have chopped previously unreleased interview footage to make it appear as though the Great Wizard was still alive and well. This is not confirmed, but the people have good reason to speculate.
The Great Wizard always knew that his capture was a possibility and thus dispersed gold to the people which could only be unlocked with a key that would automatically release if his Wizardly Magic was to cease.
On October 22nd in the Current Year, this may have occurred. The well-established MagiRealm known as Readit and the sensitive town of Twithurt were attacked and brought down while the keys were allegedly getting dispersed. Most mentions of the alleged keys on Readit and Twithurt were also removed.
Some citizens that frequented the horrible lair known as Forchan, believed to be the dwelling place of the notorious hacker known as Forchan, also reported that The King's Alphabet Stooges were even removing the alleged keys from there.
They started wondering where else The Great Wizard may have hidden the keys to this gold. A place where the Alphabet Stooges would have a hard time removing it.
After much thought, some citizens agreed that the most likely place was in a thing called the "Blockchain" that resided in the MagiRealm. This would be hard to for the Evil Alphabet Wizard's to censor as it is mostly controlled and determined by the people themselves.
The question is: Are you a bad enough dude to help rescue The Great Wizard?
A completely fictional timeline of events follows below.
the files are encrypted via OpenSSL file encryption
You're correct on a Hash being different on different files, but that is not what they are talking about when they say that the archives do not match.
A lot of people are asking about the PGP key on twitter, and there seems to be a lot of misconception about what it does and what's it for. The key is used for secure communication with the WikiLeaks editorial office, it is not personal to Assange or anyone else.
0x92318DBA 2015-04-10 WikiLeaks Editorial Office High Security Communication Key (You can contact WikiLeaks at wlchatc3pjwpli5r.onion... and h ttps://__._/talk) This one is controlled by Editorial Office. PGP message signed by it doesnt mean Assange signed it. It might even been compromised if servers and assets were taken over. This key matches https://__._/#submit_wlkey (that is only public proof that this key is owned by WikiLeaks or current admin of __._)
This odd key...
0x73C81E1B 2015-04-10 WikiLeaks High Security Signing Key (The key is available to view at h ttps://__._/wl-high-security-signing-key. You can contact WikiLeaks at h ttps://wlchatc3pjwpli5r.onion and h ttps://__._/talk.) For this one we have no proof it was ever used by Assange or WL. I havent found any mention of it on internet. Its also not signed WL Editorial Office key, so they havent show they trust it. This key should not be trusted.
But because https://__._/wl-high-security-signing-key is 404, there is no way to tell which fingerprint is legit.
I imagine you see this in the same light.
Why have WikiLeakS.org abandoned the use of PGP Encryption ?
If they had been using Public Key Cryptography last year, to encrypt correspondence or documents or files using their recipients' individual Public Keys, then there would have been no password for the incompetent WikiLeakS.org activists to re-use .
Every copy of the controversial cables.csv file could have been encrypted with a different recipient's Public Key and would have had a different symmetric encryption key (which no human would could have been capable of revealing, even under torture).
Not even WikiLeakS.org / Julian Assange could have decrypted a seized or intercepted or publicly leaked copy of such an encrypted file, only the recipient with access to his or her own private decryption key could have done so.
Either Julian Assange is ignorant of how to use Public Key Cryptography (hardly likely for someone who has tried to write cryptographic software himself) or he and the #wikileaks twitter feed are lying again:
Every copy of the controversial cables.csv file could have been encrypted with a different recipient's Public Key and would have had a different symmetric encryption key