Go Down

Topic: Wikileaks "Insurance" File (Read 4067 times) previous topic - next topic

mrmm314

So last night I torrented the Wikileaks "insurance" file, and I want to hear what everyone has to say about Assange/Wikileaks.

And also if anyone knows how to even guess at the password for decrypting the file.  I can open it in notepad, but that doesn't allow me to enter a password to try and decrypt it.


mrmm314

aes256.  Basically the most intense kind of secure encryption there is.  It is the standard of the US government.  Here is a link describing the intensity of the encryption:
http://www.popsci.com/technology/article/2010-12/how-secure-julian-assanges-thermonuclear-insurance-file.

Coding Badly

Quote
Basically the most intense kind of secure encryption there is

The encryption is only as good as the key.  If Assange's crew chose a good quality key, you will not break it.  If they didn't, a "dictionary attack" will break the encryption in short order.

My understanding is that the key is to be delivered via email.  In this case, it is reasonable to assume the key is long and random (good quality).  

It is also reasonable to assume that various governments and corporations are attempting to decrypt the contents.  And that Assange's crew assumes they will try to decrypt the contents.

In other words, trying to determine what's inside is a fool's errand.

Quote
I want to hear what everyone has to say about Assange

He's a sociopath.

mrmm314

if by "dictionary attack" you mean brute force, it won't crack it anytime soon.  Actually it would take about a bazillion years to do that even with the best super computers today.  But I just want a way to put in a decryption key, and see what I get.

Coding Badly

Quote
If by "dictionary attack" you mean brute force, it won't crack it anytime soon.

No, I don't.

By "dictionary attack" I mean a "dictionary attack"...
http://en.wikipedia.org/wiki/Dictionary_attack

mrmm314

Oh.  I had never heard of that.  I heard the key itself is 256 characters long, so it is literally unhackable.  But do you know what program I could use to enter a key and see what it gives me?

gardner

Quote
256 characters long


Much smaller than that -- 256 bits

Go ahead and try to guess them.

UnaClocker

I think the file is just that, Insurance.. Generally to prevent assassination, or a decade+ visit to Cuba.. Whatever is in it must be HUGELY worse than anything out there, something almost unimaginably bad. Otherwise, it'd contradict his proclaimed values about the freedom of information.
Sadly, if the information in that file really is THAT bad, it's a shame it had to get distributed. Someday, it WILL get cracked. Encrypted files can ALWAYS be brute forced, eventually. Whether we have to wait for Quantum computers or just a couple more iterations of moore's law, one way or another, it'll crack, and it's as good as out there for the public already.
Brian from Tacoma, WA
Arduino evangelist - since Dec, 2010.

mrmm314

I don't think it's as simple as just waiting, because I'm pretty sure that by the time it can be brute forced, all of the people alive right now will be dead.

Coding Badly

Quote
But do you know what program I could use to enter a key and see what it gives me?

I read the article.  Assange did not say how the file was encrypted.  The author assumes the file is encrypted with AES-256 because of the filename.  There's no way to know if the encryption really is AES.  The file could even be random garbage.

Senso

Put the folding@home crew brute forcing it, maybe mere days take to unlock it.

mrmm314

Quote
Put the folding@home crew brute forcing it, maybe mere days take to unlock it.


Haha.  I wish.  But I still have doubts that even folding@home could brute force it within our lifetime.

retrolefty

#13
Dec 10, 2010, 06:27 am Last Edit: Dec 10, 2010, 06:53 pm by retrolefty Reason: 1
No matter what opinion of Wikileaks one has, support or opposition, I think it would be sad to see it be a frequent subject on the Arduino forum, even on Bar Sport. Yes I have a personal opinion but I would rather keep it to myself.

Now talking and sharing about crypto as could be applied with an Arduino system, that is topic I would be happy to see more of. I was in teletype/crypto maintenance in the US Air Force in the late 60s, so the subject has always interested me sense and I had some knowledge and experience of the state of the art in crypto back then. But of course a whole lot has changed that I haven't even tried to keep up with.

 Still the simple one-time pad system is still the only provable unbreakable system in use, but it does have key pad production, distribution and management problems that doesn't lend itself to high volume, high speed modern applications.  It would be cool if someone made say a replica of the WW2 German Enigma machine using a Arduino. An on-line real-time encryption/decryption communications library for the Arduino might be a cool contribution to see.

Lefty  

CowJam

I'm not convinced of the benefit the leaks have.  
I think it's a shame wikileaks is now dedicated to whatever the latest big leak is rather than being a portal for people to leak stuff through, it makes wikileaks look self important rather than providing a service.

The Assange deportation thing is a bit odd.  It's for something that isn't a crime in the UK and the woman involved dropped the charges - or at least that's what a lot of the net is saying.  BBC news listed four crimes the Swedes wanted him for.

Go Up