WikiLeaks Posts Mysterious 'Insurance' File

Originally posted by qualitygossip
Wikileaks to hold news conference tomorrow at 10am GMT in London.

Could be quite interesting, surely they will ask him about the insurance file?

Edit - changed 9am in error to 10am.

[edit on 8-8-2010 by qualitygossip]

This should be very interesting. Who knows, he might even give out HINTS to what the password is.

Originally posted by dominicus
we need to make sure at least a few hundred ATS members have this file downloaded in case Assange does release the password.

He is being threatened by US Gov and is saying he may release it

I think you can rest assured, mate.
and many have it in allot more than one place.

Ive already said it before,
but everyones best bet,
is to transfer the file, off of your PC, and onto external media.
Don't even have it in your PC after you acquire it. ,
Just store it somewhere else completely.

@tokyodynamite~
No, hints wont do.
because it wont be a "password".

[edit on 8-8-2010 by Ahmose]

What would like to know is, if a password is ever to be released is it at all possible for the everyday average internet user such as myself who has absolutely no programming or coding knowledge, or programs or ideas where to get and use the programs.. to gain access as well? i have everything backed up on three different hard drives because i do believe that like the one user posted... this is our insurance so that if the government does shut down wiki and all is lost we will have the guts on our persons and will either have to wait 10-15 years for the computers to totall go out of date and hackers can pick it no problem, or just wait until whatever.. i'm ready willing and able. and as far as the afghan papers, im like close to 700 pages into the 77000 and will give up eventually but theres more hush hush stuff in there than the medias taken hold of jsyk

My thought is a side attack on this would work. The password would not be heavily encrypted like the file itself or no program could decrypt the password to match it to one entered. The password is stored in the file so that multiple programs can open it. The pass word would not be salted or keyed just basic encrypted. At the worst the password is aes256cbc encrypted with no salt no key. The path to the password in the file is in the top header but I found out the password is not its hidden in a center header or bottom header hidden within the file but only has basic encryption. To find the headers you must run the file through a program to open it such as aescrypt that gives you a enter password box. Then monitor that program aescrypt to see where it breaks when you enter a wrong password. The line breaks should show you what line the central and bottom headers are on. Then you can try to decrypt the headers for the key,password and salt. The program breaks I believe are a problem with these programs they should be breaking away from the headers but they are breaking on the headers themselves. Thats something for companies to think about in there future encryption programs. Break the programs in different location then the headers or the headers will be found.

[edit on 8-8-2010 by JBA2848]

Originally posted by JBA2848
My thought is a side attack on this would work.

No.

Originally posted by JBA2848
The password would not be heavily encrypted like the file itself or no program could decrypt the password to match it to one entered.

The password isn't even IN the file.

Originally posted by JBA2848
The password is stored in the file

The password is not in the file.

Originally posted by JBA2848
so that multiple programs can open it.

What the # does that even mean?

Look. This is how the process works: Using OpenSSL, YOU enter a password, which is then TRANSFORMED into an encryption key. This key is then used to decrypt THE WHOLE FILE. The ONLY way of knowing if you got it correct is if the decryption worked and produced sensible data.

[edit on 8-8-2010 by ymgve]

reply to post by ymgve


Yeah,
but no one listens. lol

You can even give them links that teach them,
and show them that they have no chance,
but why pay attention and learn something.

I give up.
Have at it, people.



[edit on 8-8-2010 by Ahmose]

Originally posted by the.krio
Basic four char brute turned up nothing, but here are intermediate results for someone who knows what he's looking at in case I missed something:
livzi.net...
Five chars underway.

Are you using the script that you posted earlier? Be aware that if you're only decrypting the first blocks of a file, OpenSSL will most likely give an error even on the correct password since you're then missing the expected padding bytes at the end.

reply to post by ymgve

Here winzip lets out some secrets.
www.winzip.com...-data

AES extra data field
A file encrypted with AES encryption will have a special "extra data" field associated with it. This extra data field is stored in both the local header and central directory entry for the file.
Note: see the Zip file format document referenced above for general information on the format and use of extra data fields.

The extra data header ID for AES encryption is 0x9901. The fields are all stored in Intel low-byte/high-byte order. The extra data field currently has a length of 11: seven data bytes plus two bytes for the header ID and two bytes for the data size. Therefore, the extra data overhead for each file in the archive is 22 bytes (11 bytes in the central header plus 11 bytes in the local header).
The format of the data in the AES extra data field is as follows. See the notes below for additional information. Offset Size(bytes) Content
0 2 Extra field header ID (0x9901)
2 2 Data size (currently 7, but subject to possible increase in the future)
4 2 Integer version number specific to the zip vendor
6 2 2-character vendor ID
8 1 Integer mode value indicating AES encryption strength
9 2 The actual compression method used to compress the file

File format
Additional overhead data required for decryption is stored with the encrypted file itself (i.e., not in the headers). The actual format of the stored file is as follows; additional information about these fields is below. All fields are byte-aligned.

Size
(bytes) Content
Variable Salt value
2 Password verification value
Variable Encrypted file data
10 Authentication code

Note that the value in the "compressed size" fields of the local file header and the central directory entry is the total size of all the items listed above. In other words, it is the total size of the salt value, password verification value, encrypted data, and authentication code.

The process is the same.

Why is there an authentication code?
The purpose of the authentication code is to insure that, once a file's data has been compressed and encrypted, any accidental corruption of the encrypted data, and any deliberate attempts to modify the encrypted data by an attacker who does not know the password, can be detected.

The current consensus in the cryptographic community is that associating a message authentication code (or MAC) with encrypted data has strong security value because it makes a number of attacks more difficult to engineer. For AES CTR mode encryption in particular, a MAC is especially important because a number of trivial attacks are possible in its absence. The MAC used with WinZip's AES encryption is based on HMAC-SHA1-80, a mature and widely respected authentication algorithm.

The MAC is calculated after the file data has been compressed and encrypted. This order of calculation is referred to as Encrypt-then-MAC, and is preferred by many cryptographers to the alternative order of MAC-then-Encrypt because Encrypt-then-MAC is immune to some known attacks on MAC-then-Encrypt.

Originally posted by JBA2848
reply to post by ymgve

 

Here winzip lets out some secrets.

--- SNIP ---

Congratulations on finding something totally irrelevant. The file is NOT a ZIP file encrypted with a password, which is easy to tell since the first two bytes of it isn't "PK".

Just because PKZIP uses verification bytes doesn't mean anything else using AES does. Verification is not part of the AES algorithm.

reply to post by ymgve


Your talking about the simple encryption built into computers now and not talking about aftermarket encryption systems. Aftermarket encryption systems operate a little different.

reply to post by dudez


When we're feeding it pseudo-randomness, sure it won't be reliable. What we get is a high amount false positives and irrelevant false negatives. That still narrows the search field by several orders of magnitude without further manipulations. But I'm hunting for archives, tgz/rar/7z to be specific. That's why I've uploaded the log, if you think it might be something else - check those hits out.

reply to post by Ahmose

Your assumption of "looong key" I guess is based on that you think they didn't want us to crack this, my assumption of an easy to crack pass phrase is based on mostly on the opposite or neutral plus the quoted email and the PR issue plus the fact that it would be easier to do and from my experience people usually follow the easy path. Or care to elaborate?

reply to post by ymgve


Many of us have tried to tell JBA2848 that he doesn't know what he is talking about,
but he persists all the same. He'll come back after a little google'ing and post about
how teh l33t hax0rs crack warez, use some key words, tricky phrases, some obscure
hardware encryption device, a snippet of code, or some random guess that is not even close.

I've given up and don't even address his posts any more...

Originally posted by JBA2848
reply to post by ymgve

 

Your talking about the simple encryption built into computers now and not talking about aftermarket encryption systems. Aftermarket encryption systems operate a little different.

Look. The file starts with the text "Salted__" which is a clear indicator that OpenSSL has been used to encrypt the file.

Furthermore, this is the extent of OpenSSL's file verification:

All the block ciphers normally use PKCS#5 padding also known as standard block padding: this allows a rudimentary integrity or password check to be performed. However since the chance of random data passing the test is better than 1 in 256 it isn't a very good test.

(Emphasis mine)

reply to post by the.krio


I found those different filles your looking for by mounting the file in a image drive and then using cd roller on the file. Im not sure if they were true files though. It came back with a folder type set up folders inside of folders plus zip files and script files. The names and contents were still encrypted.

reply to post by ymgve

Secure your documents with 128- or 256-bit AES encryption
Choosing encryption while using WinZip will give you a way to protect sensitive documents contained in your Zip files using the advanced AES encryption technique. AES is the Advanced Encryption Standard, the result of a three-year competition sponsored by the U.S. Government's National Institute of Standards (NIST). This encryption method, also known as Rijndael, has been adopted by NIST as a Federal Information Processing Standard.

The contents of the files that you want to protect are encrypted by WinZip based on a password that you specify. In order for WinZip to later extract the original contents of the encrypted files, the correct password must again be supplied.

It is aes 256 that winzip is speaking of and not zipping.

And heres a simple question for those who are determined that this program must be ran in open ssl. Wikileaks releases to the world multiplatforms. Why would that pick a limited platform only. Meaning they are useing a software program for encryption that is not platform limited.

reply to post by JBA2848


Detailed instructions with screenshots please. Better yet, upload a video to youtube.
Otherwise what you're writing looks bunk to many people.

I'm not even going to pretend to be an expert on any of this...

BUT any updates on this yet?

reply to post by JBA2848


How is OpenSSL platform limited?

reply to post by ArMaP


IMO, that slip-up doesn't matter.
Let him elaborate on mounting the file with reproducible details or ban him for hoaxing.