WikiLeaks Posts Mysterious 'Insurance' File

Quite honestly I don't know much at all about encryption.

It is weird that these different keys and cyphers work ...

"onion" "router"

"onion routing"... Tor?

ideas, ideas

[edit on 1-8-2010 by IAMNOTWHOITSAYSIAM]

Uhm.. this also works:

openssl enc -d -aes-256-cfb8 -in insurance.aes256 -out ramdisk/dec -pass pass:ONION

Take into account we are just assuming openssl should give an error if the decryption is wrong, but i've still to read somewhere that this is precisely what openssl will do..

This works also:

# PASSWORD Tor
$ openssl enc -d -cast -in insurance.aes256 > out_Tor_CAST.dec


So I'm not sure if it is expected behavior for openssl to not issue an error sometimes?

Hrm ...

lol, this thread is now on cryptome: cryptome.org...

Nevermind


[edit on 1/8/10 by locster]

I suspect openssl warns just in "gross" cases, but i've not much experience with it.
Anyway, we should be able to create the same situtation by tweaking a simple case:

echo -n 'Hello world' | openssl enc -e -aes256 -a -pass pass:123 | openssl enc -d -aes256 -a -pass pass:123

I'm interested in producing the same behavior: changing decrypting options while not making openssl to NOT produce errors, the output result at this point should be obviously wrong (not 'Hello World') but we would be able to replicate the behavior.. and we could do this for the next 1M years and still nothing

These may shed some light on openssl www.wrgross.com... and ubuntuforums.org...

> lol, this thread is now on cryptome

good maybe we can get some help ...

They will probably laugh at us.

We are "assuming" that because we are not getting any openssl error codes that it is indeed decrypting.

Originally posted by freedommusic
> lol, this thread is now on cryptome

good maybe we can get some help ...

They will probably laugh at us.

.

haha, I thought the same.
Im sure of it. lol

Originally posted by freedommusic

They will probably laugh at us.

We are "assuming" that because we are not getting any openssl error codes that it is indeed decrypting.

Ahah well said, anyway openssl obviously assumes you know cipher and password, so no check will be performed.
It's interesting nonetheless that, so far, both "ONION" and "ROUTER" don't produce any error.

Originally posted by misinformational

More like conjecture.

so complete guesswork as to what the contents of an encrypted file are is tantamount to 'conjecture?'

i wasn't trying to insult anyone. it's quite likely that at least a part of what he guessed is accurate. however, the only person that we can be sure knows the contents of the file is Assange. therefore, i chuckle a bit at imaginative, highly-detailed speculation.

anyway, not trying to derail the topic. just didn't want anyone to take offense.

Below is a shell script that will run openssl on the "insurance.aes256" file and NOT return any errors ...

Just uncomment the openssl line you want to use.

------
#!/bin/sh

# AES ONION
# openssl enc -d -aes256 -in insurance.aes256 -out out_ONION_AES.dec -pass pass:ONION

# AESFB8 ONION
# openssl enc -d -aes-256-cfb8 -in insurance.aes256 -out out_ONION_AESCFB8.dec -pass pass:ONION

# BF ONION
# openssl enc -d -bf -in insurance.aes256 -out out_ONION_BF.dec -pass pass:ONION

# BF ROUTER
# openssl enc -d -bf -in insurance.aes256 -out out_ROUTER_BF.dec -pass pass:ROUTER

# CAST Tor
# openssl enc -d -cast -in insurance.aes256 -out out_Tor_CAST.dec -pass pass:Tor

exit 0;

Originally posted by freedommusic
# openssl enc -d -cast -in insurance.aes256 -out out_Tor_CAST.dec -pass pass:Tor

exit 0;

It gave me error with "Tor", anyway, we have to consider a detail i just simply ignored until now and is this.
Encrypting stuff this way will inherently enlarge the produced file from its original size: i could exploit this fact to encrypt a bunch of bytes 1 million times so to lets people also think the content is huge while in fact i just encrypted 'Hello World'; i still can't connect the fact that openssl doesn't give error because the file has been encrypted 1 million times btw..
So to speak, try the following:

take some text and create a file with it, call it 'in':

echo -n 'blah blah blah.' > in

encrypt one time

openssl enc -e -aes256 -in in -out o.1 -pass pass:1234567890

now let's encrypt it again, say 1000 times

for i in [1..1000]; do let n=$i+1; openssl enc -e -aes256 -in o.$i -out o.$n -pass pass:12345; done

Original input size: 15 bytes
Final encrypted size: 32032 bytes

Take this to the extreme and you can fill-up your disk with an 'Hello World' encrypted million times: i can't say this is what has been done, but it could be sure a possibility.
Twisted and deceptive

[edit on 1-8-2010 by dudez]

Yea, the size might be there also to slow folks down ...

What is also interesting is each of the output files that produce no errors are all unique.

If any were identical they would have the same sha1 stamp.

------
out_ONION_AES.dec: c46d3a66a455888805fb6823e2ec3b941eb2eb8f
out_ONION_AESCFB8.dec: 3bb5d81206a3f61bb9f7f950d22a18c04d8e80e0
out_ONION_BF.dec: 1f1033af779ec0b3aa26b31381ec30279881d7cd
out_ROUTER_BF.dec: 83aa168f4de5e2acc8864d4e20811250ab574c1a
out_Tor_CAST.dec: 2c30c318b5188584a05c66fdc62afdf39a26efbf
------

The file known as "insurance". Is a plant. Its an inflated file full of garbage and a really nasty polymorphic virus-worm that no anti-virus can catch yet, and probably won't. At the cost of two comps it has two levels of encryption. level 1 is 512 bit and 2 is 2048 RSA key. From what I can tell. The "man" is pushing for total internet control, ie "Internet off switch"

> it has two levels of encryption. level 1 is 512 bit and 2 is 2048 RSA key

Prove it ...

If this is true, then just use a machine that is unplugged from a network.

Also a virus is an executable. What platform is the executable for?

If for win32/64, then it wont run on OSX or Linux, etc ...

I'm not buying.

Also, do note that all of the keys and ciphers that DO work, return 0.

All that fail return 1.

When an app returns 0 it has completed w/ no errors.

I'm not calling you a liar but pleas show evidence, This may be one of those things that is remembered by humanity if it is truly important. or if you're right it will also be remembered for being important,. Hopefully for future generations to learn

Originally posted by zeropaxx
The file known as "insurance". Is a plant. Its an inflated file full of garbage and a really nasty polymorphic virus-worm that no anti-virus can catch yet, and probably won't. At the cost of two comps it has two levels of encryption. level 1 is 512 bit and 2 is 2048 RSA key. From what I can tell. The "man" is pushing for total internet control, ie "Internet off switch"

When you post to include the source for this ... well, that'd be cool.