It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

WikiLeaks Posts Mysterious 'Insurance' File

page: 43
150
<< 40  41  42    44  45  46 >>

log in

join
share:

posted on Aug, 11 2010 @ 08:00 PM
link   
Heres something I found about md5-collisions. I noticed Jacob Appelbaum of TOR was involed in writing it. Seems its based on Wang Xiaoyun attack on md5 hashes back in 2004. With md5 brute force or birthday attack. They say 1-2 days on a cluster of 200 PlayStation 3’s is Equivalent to 8000 desktop CPU cores. And they even have the picture of the ps3s tied together?

www.win.tue.nl...




posted on Aug, 11 2010 @ 08:09 PM
link   
reply to post by JBA2848
 


I don't understand why you're going on about MD5. The hash you mentioned earlier has nothing to do with anything. See this post.

As a side note, pretty much everyone is switching or has already switched to SHA-based hash functions now, because the sorts of MD5 issues you mention are widely known.


[edit on 11-8-2010 by bikeshedding]



posted on Aug, 11 2010 @ 08:16 PM
link   
reply to post by bikeshedding
 

This is from the file.
MD5 Hash: 94a032849b1f446e3a1ed06cf4867a56
This is also.
SHA1: cce54d3a8af370213d23fcbfe8cddc8619a0734c

So the reason I mention the MD5 is because there is a md5.



posted on Aug, 11 2010 @ 08:21 PM
link   
reply to post by JBA2848
 


Those ash values are only to confirm that the downloaded file is the same as the one they have on the server, they are not related to MD5 ash values used to create digital certificates as in your previous post.



posted on Aug, 11 2010 @ 08:27 PM
link   
reply to post by ArMaP
 



MD5 is widely used to store passwords.[28][29][30] To mitigate against the vulnerabilities mentioned above, one can add a salt to the passwords before hashing them. Some implementations may apply the hashing function more than once—see key strengthening


en.wikipedia.org...



posted on Aug, 11 2010 @ 08:29 PM
link   
reply to post by JBA2848
 


You are confusing checksums for files and how they are used/determined versus how the same cryptographic hash functions often used to generate checksums are used by encryption software. There is a distinction. Anyone should be able to compute a checksum for a file, but that has no value in regards to how the file is encrypted. That is how you verify that the file you downloaded from a source is exactly the file that the source expected you to get. When WikiLeaks puts a SHA1-generated checksum next to a file name, what that means is that you should be able to generate the exact same checksum against the file after you download it. If you do, then you have the correct file, no data was corrupted during the download process.

To be painfully clear, the values that you supplied are checksums. They have no value in decrypting this file. There is no way that you can leverage them to crack the file. They simply aren't related. They have nothing to do with the encryption of the file.

Edited several times for clarity


[edit on 11-8-2010 by bikeshedding]

[edit on 11-8-2010 by bikeshedding]



posted on Aug, 12 2010 @ 03:49 AM
link   
Anyway, are there any AS gurus to write a banner in Flash that cracks this?

As far as i can see, transferring data from the client to server might be done with jscript + iframe. Flash may target that iframe to an url containing the encoded data. Or flash might be just a carrier of jscript that does the whole thing.
It looks like there are multiple other ways to do that but those have security constraints which limit the distribution schemes.



posted on Aug, 12 2010 @ 09:40 AM
link   
I found this news article and I'm wondering if it is related to the insurance file.

www.huffingtonpost.com...

if it is, it implies the file's content would be war related. In fact, most of the other news sources around the net all assume it is war related (and not alien or any other crazy info). What does everyone think?



posted on Aug, 12 2010 @ 10:47 AM
link   
reply to post by johnnyg5646
 


Considering that the file is on the "Afghan War Diary, 2004-2010", what do you think?



posted on Aug, 12 2010 @ 02:10 PM
link   
I'm watching the live news conference here with Julian Assange. They will probably have it on there as a download afterwards. If so, I will try and transcribe exactly what he said, but.....

A journalist just asked him about the insurance file. He said something to the effect that he has gathered information that has not been released, to do with many countries, and that he has made sure that information cannot be lost. He also said that he would only have to release the password for anyone to access it.

This is the first time that he has actually properly addressed the question and answered it to any degree. So, basically, we all knew that, but it's the first time he has confirmed it, and he seemed to hint that there is information contained within the file from many sources and involving many countries.

The plot thickens.

Oh yeah, and Assange has died his hair, to blend in maybe?



posted on Aug, 12 2010 @ 05:16 PM
link   
It seems very unlikely that this file will be decrypted in the near future by crackers/hackers.

Assange has a pretty good knowledge of encryption. In the past he worked personally on a special encrypted filesystem:

en.wikipedia.org...

Someone at that level of knowledge knows better than to use a simple dictionary word or short phrase as a password. To paraphrase Bruce Schneier, an "epic pass poem" will likely be more in order here.

Assange knows enough to not make any basic mistakes which would enable a quick break. He may have slipped up, but it seems unlikely.

That's not to say this can't be broken, but AES-256 is pretty heavy duty. With current computing power, it should be pretty safe for quite some time yet.

The only people I see having a chance are very large scientific institutions or governments. This requires crypto experts, and a lot of power.

There may be a weakness in the cipher that is not public knowledge yet, which would enable groups of this type to break it.

For example;



In 1994, a member of the original IBM DES team, Don Coppersmith, published a paper stating that differential cryptanalysis was known to IBM as early as 1974, and that defending against differential cryptanalysis had been a design goal.[1] According to author Steven Levy, IBM had discovered differential cryptanalysis on its own, and the NSA was apparently well aware of the technique.[2] IBM kept some secrets, as Coppersmith explains: "After discussions with NSA, it was decided that disclosure of the design considerations would reveal the technique of differential cryptanalysis, a powerful technique that could be used against many ciphers. This in turn would weaken the competitive advantage the United States enjoyed over other countries in the field of cryptography."


en.wikipedia.org...

It appears people have been looking for this kind of attacks on AES, but I couldn't find any "silver bullet", and some ideas have been discredited as unworkable.



posted on Aug, 12 2010 @ 05:24 PM
link   
What is taking you geniuses so long?
Crack it already!



posted on Aug, 12 2010 @ 05:36 PM
link   
reply to post by qualitygossip
 


Well, what do you know, it's not a porno movie after all.

Indeed, a leak from inside the Wikileaks would be very ironic.



posted on Aug, 12 2010 @ 05:49 PM
link   
reply to post by harpsounds
 


Unfortunately, some of us consider 'impossible' to be a worthy challenge.
Please stop teasing us



posted on Aug, 12 2010 @ 05:57 PM
link   

Originally posted by the.krio
reply to post by harpsounds
 


Unfortunately, some of us consider 'impossible' to be a worthy challenge.
Please stop teasing us



Hehe, I don't really mean to discourage people as such. I recently embarked on a little codebreaking mission myself, albeit a much simpler one. At a certain point I really didn't think it would be possible, I gave up for about a day I think, then suddenly a new idea came to me, and I broke the code.

I wish anyone trying to break this good luck, but I won't be trying myself, I consider this way way way above my paygrade, and normally I'm up for these kind of challenges.



posted on Aug, 12 2010 @ 06:01 PM
link   
I am thinking it has more to do with the 260,000 classified diplomatic cables. If it is this and the NSA is able to decrypt the file with either a backdoor or just able to crack the key with one of their many super computers. I am sure that would make for a very strong insurance policy. I am sure there is some rather dirty laundry in those if in fact there really was such a leak.



posted on Aug, 12 2010 @ 08:53 PM
link   
reply to post by netxshare
 


If the point is for the NSA to read it, why wouldn't they simply send the NSA the key? It would accomplish the same thing and they'd be certain that the message was received.



posted on Aug, 13 2010 @ 01:34 PM
link   
I am new here. Please feel free to overlook my thought on this.

Ok so Assange says that he will release any and all classified data that has been varified right? I do not think that he would hold anything for insurance the way you guys are stating it.


Insure can also mean to make certain by taking action and precautions.
www.ehow.com...

Being logical, I believe that he either needs more sources to release this or he needs to find a way to make his sources more secure before releasing it. May sound dumb to some of you but considering how he wants his webpage to be precieved, I doubt he would have a file and not release it unless something happened to him.



posted on Aug, 13 2010 @ 01:51 PM
link   
reply to post by hiltonxyz
 


He didn't say in the conference last night whether the material had been verified or previously released or not. I sort of presumed that because cryptome has said that they will present the information that is already on Wikilleaks on their site if Wikileaks is taken down, that the information in the insurance file, is information that has not been released before.

Plus, the leaks on there already have been widely downloaded and in the public eye for a while, so that is another thing that tends to make me think the insurance file is stuff we haven't seen before.

I am going to try and transcribe what was said last night to see if there are any further clues there.



posted on Aug, 13 2010 @ 02:08 PM
link   
I was not saying that it was material we had seen before... I was saying that maybe he just needed to secure his sources better before he could release this file that we have NOT yet seen. OR that he may not have had enough sources to release the file. sorry for the misunderstanding.



new topics

top topics



 
150
<< 40  41  42    44  45  46 >>

log in

join