It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
WikiLeaks Posts Mysterious 'Insurance' File
page: 43share:
Heres something I found about md5-collisions. I noticed Jacob Appelbaum of TOR was involed in writing it. Seems its based on Wang Xiaoyun attack on
md5 hashes back in 2004. With md5 brute force or birthday attack. They say 1-2 days on a cluster of 200 PlayStation 3’s is Equivalent to 8000
desktop CPU cores. And they even have the picture of the ps3s tied together?
www.win.tue.nl...
www.win.tue.nl...
reply to post by JBA2848
I don't understand why you're going on about MD5. The hash you mentioned earlier has nothing to do with anything. See this post.
As a side note, pretty much everyone is switching or has already switched to SHA-based hash functions now, because the sorts of MD5 issues you mention are widely known.
[edit on 11-8-2010 by bikeshedding]
I don't understand why you're going on about MD5. The hash you mentioned earlier has nothing to do with anything. See this post.
As a side note, pretty much everyone is switching or has already switched to SHA-based hash functions now, because the sorts of MD5 issues you mention are widely known.
[edit on 11-8-2010 by bikeshedding]
reply to post by bikeshedding
This is from the file.
MD5 Hash: 94a032849b1f446e3a1ed06cf4867a56
This is also.
SHA1: cce54d3a8af370213d23fcbfe8cddc8619a0734c
So the reason I mention the MD5 is because there is a md5.
This is from the file.
MD5 Hash: 94a032849b1f446e3a1ed06cf4867a56
This is also.
SHA1: cce54d3a8af370213d23fcbfe8cddc8619a0734c
So the reason I mention the MD5 is because there is a md5.
reply to post by JBA2848
Those ash values are only to confirm that the downloaded file is the same as the one they have on the server, they are not related to MD5 ash values used to create digital certificates as in your previous post.
Those ash values are only to confirm that the downloaded file is the same as the one they have on the server, they are not related to MD5 ash values used to create digital certificates as in your previous post.
reply to post by ArMaP
en.wikipedia.org...
MD5 is widely used to store passwords.[28][29][30] To mitigate against the vulnerabilities mentioned above, one can add a salt to the passwords before hashing them. Some implementations may apply the hashing function more than once—see key strengthening
en.wikipedia.org...
reply to post by JBA2848
You are confusing checksums for files and how they are used/determined versus how the same cryptographic hash functions often used to generate checksums are used by encryption software. There is a distinction. Anyone should be able to compute a checksum for a file, but that has no value in regards to how the file is encrypted. That is how you verify that the file you downloaded from a source is exactly the file that the source expected you to get. When WikiLeaks puts a SHA1-generated checksum next to a file name, what that means is that you should be able to generate the exact same checksum against the file after you download it. If you do, then you have the correct file, no data was corrupted during the download process.
To be painfully clear, the values that you supplied are checksums. They have no value in decrypting this file. There is no way that you can leverage them to crack the file. They simply aren't related. They have nothing to do with the encryption of the file.
Edited several times for clarity
[edit on 11-8-2010 by bikeshedding]
[edit on 11-8-2010 by bikeshedding]
You are confusing checksums for files and how they are used/determined versus how the same cryptographic hash functions often used to generate checksums are used by encryption software. There is a distinction. Anyone should be able to compute a checksum for a file, but that has no value in regards to how the file is encrypted. That is how you verify that the file you downloaded from a source is exactly the file that the source expected you to get. When WikiLeaks puts a SHA1-generated checksum next to a file name, what that means is that you should be able to generate the exact same checksum against the file after you download it. If you do, then you have the correct file, no data was corrupted during the download process.
To be painfully clear, the values that you supplied are checksums. They have no value in decrypting this file. There is no way that you can leverage them to crack the file. They simply aren't related. They have nothing to do with the encryption of the file.
Edited several times for clarity
[edit on 11-8-2010 by bikeshedding]
[edit on 11-8-2010 by bikeshedding]
Anyway, are there any AS gurus to write a banner in Flash that cracks this?
As far as i can see, transferring data from the client to server might be done with jscript + iframe. Flash may target that iframe to an url containing the encoded data. Or flash might be just a carrier of jscript that does the whole thing.
It looks like there are multiple other ways to do that but those have security constraints which limit the distribution schemes.
As far as i can see, transferring data from the client to server might be done with jscript + iframe. Flash may target that iframe to an url containing the encoded data. Or flash might be just a carrier of jscript that does the whole thing.
It looks like there are multiple other ways to do that but those have security constraints which limit the distribution schemes.
I found this news article and I'm wondering if it is related to the insurance file.
www.huffingtonpost.com...
if it is, it implies the file's content would be war related. In fact, most of the other news sources around the net all assume it is war related (and not alien or any other crazy info). What does everyone think?
www.huffingtonpost.com...
if it is, it implies the file's content would be war related. In fact, most of the other news sources around the net all assume it is war related (and not alien or any other crazy info). What does everyone think?
reply to post by johnnyg5646
Considering that the file is on the "Afghan War Diary, 2004-2010", what do you think?
Considering that the file is on the "Afghan War Diary, 2004-2010", what do you think?
I'm watching the live news conference here with Julian Assange. They will probably have it on there
as a download afterwards. If so, I will try and transcribe exactly what he said, but.....
A journalist just asked him about the insurance file. He said something to the effect that he has gathered information that has not been released, to do with many countries, and that he has made sure that information cannot be lost. He also said that he would only have to release the password for anyone to access it.
This is the first time that he has actually properly addressed the question and answered it to any degree. So, basically, we all knew that, but it's the first time he has confirmed it, and he seemed to hint that there is information contained within the file from many sources and involving many countries.
The plot thickens.
Oh yeah, and Assange has died his hair, to blend in maybe?
A journalist just asked him about the insurance file. He said something to the effect that he has gathered information that has not been released, to do with many countries, and that he has made sure that information cannot be lost. He also said that he would only have to release the password for anyone to access it.
This is the first time that he has actually properly addressed the question and answered it to any degree. So, basically, we all knew that, but it's the first time he has confirmed it, and he seemed to hint that there is information contained within the file from many sources and involving many countries.
The plot thickens.
Oh yeah, and Assange has died his hair, to blend in maybe?
It seems very unlikely that this file will be decrypted in the near future by crackers/hackers.
Assange has a pretty good knowledge of encryption. In the past he worked personally on a special encrypted filesystem:
en.wikipedia.org...
Someone at that level of knowledge knows better than to use a simple dictionary word or short phrase as a password. To paraphrase Bruce Schneier, an "epic pass poem" will likely be more in order here.
Assange knows enough to not make any basic mistakes which would enable a quick break. He may have slipped up, but it seems unlikely.
That's not to say this can't be broken, but AES-256 is pretty heavy duty. With current computing power, it should be pretty safe for quite some time yet.
The only people I see having a chance are very large scientific institutions or governments. This requires crypto experts, and a lot of power.
There may be a weakness in the cipher that is not public knowledge yet, which would enable groups of this type to break it.
For example;
en.wikipedia.org...
It appears people have been looking for this kind of attacks on AES, but I couldn't find any "silver bullet", and some ideas have been discredited as unworkable.
Assange has a pretty good knowledge of encryption. In the past he worked personally on a special encrypted filesystem:
en.wikipedia.org...
Someone at that level of knowledge knows better than to use a simple dictionary word or short phrase as a password. To paraphrase Bruce Schneier, an "epic pass poem" will likely be more in order here.
Assange knows enough to not make any basic mistakes which would enable a quick break. He may have slipped up, but it seems unlikely.
That's not to say this can't be broken, but AES-256 is pretty heavy duty. With current computing power, it should be pretty safe for quite some time yet.
The only people I see having a chance are very large scientific institutions or governments. This requires crypto experts, and a lot of power.
There may be a weakness in the cipher that is not public knowledge yet, which would enable groups of this type to break it.
For example;
In 1994, a member of the original IBM DES team, Don Coppersmith, published a paper stating that differential cryptanalysis was known to IBM as early as 1974, and that defending against differential cryptanalysis had been a design goal.[1] According to author Steven Levy, IBM had discovered differential cryptanalysis on its own, and the NSA was apparently well aware of the technique.[2] IBM kept some secrets, as Coppersmith explains: "After discussions with NSA, it was decided that disclosure of the design considerations would reveal the technique of differential cryptanalysis, a powerful technique that could be used against many ciphers. This in turn would weaken the competitive advantage the United States enjoyed over other countries in the field of cryptography."
en.wikipedia.org...
It appears people have been looking for this kind of attacks on AES, but I couldn't find any "silver bullet", and some ideas have been discredited as unworkable.
reply to post by qualitygossip
Well, what do you know, it's not a porno movie after all.
Indeed, a leak from inside the Wikileaks would be very ironic.
Well, what do you know, it's not a porno movie after all.
Indeed, a leak from inside the Wikileaks would be very ironic.
reply to post by harpsounds
Unfortunately, some of us consider 'impossible' to be a worthy challenge.
Please stop teasing us
Unfortunately, some of us consider 'impossible' to be a worthy challenge.
Please stop teasing us
Originally posted by the.krio
reply to post by harpsounds
Unfortunately, some of us consider 'impossible' to be a worthy challenge.
Please stop teasing us
Hehe, I don't really mean to discourage people as such. I recently embarked on a little codebreaking mission myself, albeit a much simpler one. At a certain point I really didn't think it would be possible, I gave up for about a day I think, then suddenly a new idea came to me, and I broke the code.
I wish anyone trying to break this good luck, but I won't be trying myself, I consider this way way way above my paygrade, and normally I'm up for these kind of challenges.
I am thinking it has more to do with the 260,000 classified diplomatic cables. If it is this and the NSA is able to decrypt the file with either a
backdoor or just able to crack the key with one of their many super computers. I am sure that would make for a very strong insurance policy. I am sure
there is some rather dirty laundry in those if in fact there really was such a leak.
reply to post by netxshare
If the point is for the NSA to read it, why wouldn't they simply send the NSA the key? It would accomplish the same thing and they'd be certain that the message was received.
If the point is for the NSA to read it, why wouldn't they simply send the NSA the key? It would accomplish the same thing and they'd be certain that the message was received.
I am new here. Please feel free to overlook my thought on this.
Ok so Assange says that he will release any and all classified data that has been varified right? I do not think that he would hold anything for insurance the way you guys are stating it.
Insure can also mean to make certain by taking action and precautions.
www.ehow.com...
Being logical, I believe that he either needs more sources to release this or he needs to find a way to make his sources more secure before releasing it. May sound dumb to some of you but considering how he wants his webpage to be precieved, I doubt he would have a file and not release it unless something happened to him.
Ok so Assange says that he will release any and all classified data that has been varified right? I do not think that he would hold anything for insurance the way you guys are stating it.
Insure can also mean to make certain by taking action and precautions.
www.ehow.com...
Being logical, I believe that he either needs more sources to release this or he needs to find a way to make his sources more secure before releasing it. May sound dumb to some of you but considering how he wants his webpage to be precieved, I doubt he would have a file and not release it unless something happened to him.
reply to post by hiltonxyz
He didn't say in the conference last night whether the material had been verified or previously released or not. I sort of presumed that because cryptome has said that they will present the information that is already on Wikilleaks on their site if Wikileaks is taken down, that the information in the insurance file, is information that has not been released before.
Plus, the leaks on there already have been widely downloaded and in the public eye for a while, so that is another thing that tends to make me think the insurance file is stuff we haven't seen before.
I am going to try and transcribe what was said last night to see if there are any further clues there.
He didn't say in the conference last night whether the material had been verified or previously released or not. I sort of presumed that because cryptome has said that they will present the information that is already on Wikilleaks on their site if Wikileaks is taken down, that the information in the insurance file, is information that has not been released before.
Plus, the leaks on there already have been widely downloaded and in the public eye for a while, so that is another thing that tends to make me think the insurance file is stuff we haven't seen before.
I am going to try and transcribe what was said last night to see if there are any further clues there.
I was not saying that it was material we had seen before... I was saying that maybe he just needed to secure his sources better before he could
release this file that we have NOT yet seen. OR that he may not have had enough sources to release the file. sorry for the misunderstanding.
new topics
-
Any one suspicious of fever promotions events, card only.
The Gray Area: 6 seconds ago -
God's Righteousness is Greater than Our Wrath
Religion, Faith, And Theology: 4 hours ago -
Electrical tricks for saving money
Education and Media: 7 hours ago -
VP's Secret Service agent brawls with other agents at Andrews
Mainstream News: 8 hours ago -
Sunak spinning the sickness figures
Other Current Events: 9 hours ago -
Nearly 70% Of Americans Want Talks To End War In Ukraine
Political Issues: 9 hours ago -
Late Night with the Devil - a really good unusual modern horror film.
Movies: 11 hours ago
top topics
-
VP's Secret Service agent brawls with other agents at Andrews
Mainstream News: 8 hours ago, 9 flags -
Cats Used as Live Bait to Train Ferocious Pitbulls in Illegal NYC Dogfighting
Social Issues and Civil Unrest: 12 hours ago, 8 flags -
Electrical tricks for saving money
Education and Media: 7 hours ago, 4 flags -
HORRIBLE !! Russian Soldier Drinking Own Urine To Survive In Battle
World War Three: 16 hours ago, 3 flags -
Sunak spinning the sickness figures
Other Current Events: 9 hours ago, 3 flags -
Nearly 70% Of Americans Want Talks To End War In Ukraine
Political Issues: 9 hours ago, 3 flags -
Late Night with the Devil - a really good unusual modern horror film.
Movies: 11 hours ago, 2 flags -
The Good News According to Jesus - Episode 1
Religion, Faith, And Theology: 14 hours ago, 1 flags -
God's Righteousness is Greater than Our Wrath
Religion, Faith, And Theology: 4 hours ago, 0 flags -
Any one suspicious of fever promotions events, card only.
The Gray Area: 6 seconds ago, 0 flags
active topics
-
Any one suspicious of fever promotions events, card only.
The Gray Area • 0 • : Cavemannick -
SETI chief says US has no evidence for alien technology. 'And we never have'
Aliens and UFOs • 46 • : yuppa -
God's Righteousness is Greater than Our Wrath
Religion, Faith, And Theology • 1 • : andy06shake -
Sunak spinning the sickness figures
Other Current Events • 7 • : xWorldxGonexMadx -
HORRIBLE !! Russian Soldier Drinking Own Urine To Survive In Battle
World War Three • 33 • : Degradation33 -
How ageing is" immune deficiency"
Medical Issues & Conspiracies • 34 • : angelchemuel -
Nearly 70% Of Americans Want Talks To End War In Ukraine
Political Issues • 13 • : Freeborn -
Mood Music Part VI
Music • 3101 • : ThatSmellsStrange -
VP's Secret Service agent brawls with other agents at Andrews
Mainstream News • 41 • : ThatSmellsStrange -
New whistleblower Jason Sands speaks on Twitter Spaces last night.
Aliens and UFOs • 55 • : baablacksheep1