I've heard a lot of people on ATS claiming he/wikileaks is a plant.

Could someone who believes this please explain to how they came to this conclusion? With all the press he is getting he seems pretty damn hot for a plant, doesn't make any sense to me at all!

I just wrote a shell script that will iterate through all the known keys and ciphers and save files that openssl returns 0 - no error.

This will probably take a while to complete ...

We'll see if anything valid is output.

Originally posted by crezo
I've heard a lot of people on ATS claiming he/wikileaks is a plant.

Could someone who believes this please explain to how they came to this conclusion? With all the press he is getting he seems pretty damn hot for a plant, doesn't make any sense to me at all!

Just that, he's getting all this press, his partner quit because of their amassing of funds, he doesn't believe 9/11 was a conspiracy, and.. well.. look for yourself, that's how it works, no on can convince you, you must look and find, and assess.

crezo~ he's not a plant,
that's just an accurate representation of the paranoia that is at ATS. lol
i do think i see through most BS,
and i don't feel anything but goodness from him. lol


nah, who knows,
i dont think he is though.

he is still doing lots of good right now, either way.

[edit on 1-8-2010 by Ahmose]

Gah I wish I was good at making scripts period. Freedommusic could you post that script so that everyone can do it, maybe make a collaboration on it?

Here is my script (still running)

--------
#!/bin/sh

pws=(ONION ROUTER Tor ONIONROUTER ONIONROUTERTor);

names=(aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc
aes-256-ecb base64 bf bf-cbc bf-cfb
bf-ecb bf-ofb cast cast-cbc cast5-cbc
cast5-cfb cast5-ecb cast5-ofb des des-cbc
des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb
des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
des-ofb des3 desx rc2 rc2-40-cbc
rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb
rc4 rc4-40 rc5 rc5-cbc rc5-cfb
rc5-ecb rc5-ofb );

mkdir -p outfiles;

for pass in ${pws[@]}
do
for name in ${names[@]}
do
of=outfiles/out_"$pass"_$name.dec;
openssl enc -d -$name -in insurance.aes256 -out $of -pass pass:$pass;
if [ $? -ne 0 ]; then
rm -f $of;
else
echo GOOD: $of;
fi
done
done

exit 0;

> Can anyone say where or how they found ONION and the other passwords?

Well in this thread someone posted the word "ONION" in quotes.

So I tried it just for the heck of it ...

I didn't get an error.

Then someone else on this thread posted about Tor and how it meant ONION ROUTER. How this is the technology WikiLeaks uses.

So then I tried ROUTER using Blowfish Cipher.

and it worked.

Then we started scratching our heads.

So that's pretty much how we arrived where we are now.

Its going down in a heatr beat, what, all you conspiracy buffs assumed that a minor or isp dependent can take on a single world power. I think it's time that posters re evaluated the term "deny Ignorance"

Hello.

People read up on your cryptography before getting all excited, all it means when openssl barfs at a key you give it is that it has issues processing the padding (look up PKCS#5 padding on google) the odds of getting an error when decrypting with a wrong key is slightly above 1 in 256. Thats why there are so many keys 'that work' (if you don't belive me fetch the source code of openssl and look for your self)

Open ssl doesn't (want to) know when you enter the 'correct' key its just running the input though an algorhitm and therefore not getting an error doesn't mean your key is 'good' it just means the last byte in the file is probably a 0x00 not making the padding code unhappy.

as for bruteforcing this (problem 1 ofcourse is how do you know when you have the correct key, since we have no idea about the plaintext) distributed.net has been going at an rc5-72 key (which is a significant faster algorhitm then aes) for 2799 days (done 0.947% of the keyspace) and predicts it needs atmost 47,429 days (about 133 years) to search the complete keyspace. Now lets for the sake of argument lets assume aes and rc5 as just as fast (which they are not) for every bit above 72 (thats 184) multiply those 133 years by 2.
Giving us 133 * (2^184) = 3261150510962611490586562473775857942740676852006705430528 *YEARS*

Even if computing power 100.000 folds in the next few years the odds of bruteforcing this before the universe ends are still virtually *ZERO*

If you don't belive any of what I tell you and still convinced you guessed the correct key since you are not getting an error, do your on research, encrypt a picture of your dog or cat with openssl then try random passwords to see how many don't produce an error and how many of those actually reproduce your orginal picture of your adorable pet.

sorry to crush your hopes and dreams but a little reality check was needed in this thread.

Seriously know, people within 2010 assume they are able to hide....it does not happen but its allowed for obvious reasons. Whats the term for disclosing national security...life perhaps ?

> The password is not ONION or ROUTER or any of the suggested alternatives.
> OpenSSL only does very basic validity checking - it only checks the padding of the
> decrypted data. What this means in practice is that one in every 256 wrong
> passwords will seem valid to OpenSSL and not produce any error message.

Yup, makes sense to me ...

I knew something wasn't right when different keys would not return an error code.

Can someone point me to some documentation that explains this behavior in opessl?

Thanks for the info!

Originally posted by IAMNOTWHOITSAYSIAM

Even if computing power 100.000 folds in the next few years the odds of bruteforcing this before the universe ends are still virtually *ZERO*

If you don't belive any of what I tell you and still convinced you guessed the correct key since you are not getting an error, do your on research, encrypt a picture of your dog or cat with openssl then try random passwords to see how many don't produce an error and how many of those actually reproduce your orginal picture of your adorable pet.

sorry to crush your hopes and dreams but a little reality check was needed in this thread.

I'm with ya, homie. lol
it is pointless to even attempt this.
I will just hold the file, in numerous locations until/if the key is ever given. lol

but if this file is for what i think it's for..
it would be best for all of us if the key is not given.

if the key is not given..
then everything worked how it should have. lol

[edit to remove]
Re-read thread and found dups earlier



[edit on 1-8-2010 by LookingIn]