I won't be getting into a discussion of my feelings on Wikileaks or the media circus surrounding them and Julian Assange. What I will put here is some simple but important information which several people have been looking for or wondering about this past week, namely how to get the insurance file and confirm that you got a legitimate copy.
First: getting the file. This is the tricky part because many of the wikileaks mirror sites don't have copies of the file or if they do it's a partial placeholder. Once the file has downloaded it should be 1.4 GiB (1,491,834,576 bytes). You should then confirm that the file is not only complete but untampered with, to help with this Wikileaks has helpfully posted sha1 hashes for almost every file they had made available for download. According to http://mirror.wikileaks.info/wiki/Afghan_War_Diary,_2004-2010/(the one of the only mirrors that had made this page available and confirmed by checking an archived copy of the same page on the original Wikileaks site) the hash for the file insurance.aes256 is cce54d3a8af370213d23fcbfe8cddc8619a0734c. On most Unix-like systems you should be able simply issue the command sha1sum insurance.aes256 in the directory you have stored the file in, users of other OSs will have to find and download a checksum utility.
Second: Once (or rather if) Wikileaks releases the password for the insurance file, they reccomend using 7zip (p7zip (available on sourceforge and many distro repositories) for Unix and Linux, 7-zip from 7-zip.org for Windows, and EZ7z (available from macupdate.com) for Mac OS) to decrypt and open the file.
I have heard a few people speculate about attempting to brute force the password(and I found at least one person running a googledocs listing of passwords people have tried). I have mixed feelings about attempting that though. It seems to me that this file is a bit like the envelope the hero in a conspiracy thriller leaves with a lawyer (or someone else they trust) before they go confront the villain; in that case someone opening it early and spilling the secret might just take away the primary bargaining chip Wikileaks has to stave off their more desperate and less cautious adversaries, revealing the secret might well cause whoever is targeted by the contents of that file might just feel that they have nothing left to loose while anyone who had felt threatened by the unknown contents of the file but aren't actually affected by it would likely feel that they have no barriers to retaliating against Wikileaks.
On the other hand, like many hackers, I don't like not knowing something, especially when someone has claimed that it is something important with significant impact on the world.
And please, don't mention the word "football" for a while.
Logo
FSF Badge image
[FSF Associate Member]
LinuxCounter user
LinuxCounter user #476129
About Me
- Nite 0wl
- Before you ask I’m not, to use Voltair’s phrasing, “that kind of hacker”. I’m not a scripter or skiddie or what ever you want to call those sorts of idiots; nor am I “that kind of hacker“, I’m not a black hat, cracker or any of the other names you might have for the people who give hackers and hacking a bad name. What I am is a reasonably knowledgeable, talented and opinionated child of the ‘information’ or ‘computer’ age. I am an infovore with a desire to learn and know and do. I am a technologist (and have been since I was allowed to use my parents’ computer back in the 80’s. I am an explorer, a researcher and a student of the electronic world. If you don’t like what I have to say, there is the rest of the Web for you to go to; if you disagree with me, at least try to mount a half-way decent argument based on facts. If you believe that any content on this blog infringes on your copyright or if you are included on a posted image and wish to be removed or have the image taken down, contact the owner at blog-owner@nite0wl.net