I won't be getting into a discussion of my feelings on Wikileaks or the media circus surrounding them and Julian Assange. What I will put here is some simple but important information which several people have been looking for or wondering about this past week, namely how to get the insurance file and confirm that you got a legitimate copy.

First: getting the file. This is the tricky part because many of the wikileaks mirror sites don't have copies of the file or if they do it's a partial placeholder. Once the file has downloaded it should be 1.4 GiB (1,491,834,576 bytes). You should then confirm that the file is not only complete but untampered with, to help with this Wikileaks has helpfully posted sha1 hashes for almost every file they had made available for download. According to http://mirror.wikileaks.info/wiki/Afghan_War_Diary,_2004-2010/(the one of the only mirrors that had made this page available and confirmed by checking an archived copy of the same page on the original Wikileaks site) the hash for the file insurance.aes256 is cce54d3a8af370213d23fcbfe8cddc8619a0734c. On most Unix-like systems you should be able simply issue the command sha1sum insurance.aes256 in the directory you have stored the file in, users of other OSs will have to find and download a checksum utility.

Second: Once (or rather if) Wikileaks releases the password for the insurance file, they reccomend using 7zip (p7zip (available on sourceforge and many distro repositories) for Unix and Linux, 7-zip from 7-zip.org for Windows, and EZ7z (available from macupdate.com) for Mac OS) to decrypt and open the file.

I have heard a few people speculate about attempting to brute force the password(and I found at least one person running a googledocs listing of passwords people have tried). I have mixed feelings about attempting that though. It seems to me that this file is a bit like the envelope the hero in a conspiracy thriller leaves with a lawyer (or someone else they trust) before they go confront the villain; in that case someone opening it early and spilling the secret might just take away the primary bargaining chip Wikileaks has to stave off their more desperate and less cautious adversaries, revealing the secret might well cause whoever is targeted by the contents of that file might just feel that they have nothing left to loose while anyone who had felt threatened by the unknown contents of the file but aren't actually affected by it would likely feel that they have no barriers to retaliating against Wikileaks.
On the other hand, like many hackers, I don't like not knowing something, especially when someone has claimed that it is something important with significant impact on the world.

And please, don't mention the word "football" for a while.

No comments:

Post a Comment