leftmiddlefinger | 135 points | Nov 15 2016 22:50:03

Wikileaks latest insurance files don't match hashes

https://np.reddit.com/r/crypto/comments/5cz1fz/wikileaks_latest_insurance_files_dont_match_hashes/

https://www.reddit.com/r/bestof/comments/5d37lj/wikileaks_latest_insurance_files_dont_match_hashes/

permalink

GodSaveRCountry | 22 points | Nov 15 2016 23:07:15

I have no idea what that means! I am really worried about JA! Very basic stuff being tweeted. I'm not getting a good feeling!

permalink

lillhobojoe | 20 points | Nov 16 2016 01:04:02

Hashes are randomly (not actually random) generated strings that are used to identify/verify files, if there is any difference (I mean like even a single letter being different) between two files, the hashes will be different. The hashes would only match if both files are identical. Which means the files have been altered or are not the same files.

For a much more detailed answer I would watch this, https://www.youtube.com/watch?v=b4b8ktEV4Bg

permalink

DudeBroBrahBossChief | 20 points | Nov 16 2016 03:16:26

They fucking killed him

permalink

HAESisAMyth | 5 points | Nov 16 2016 08:48:13

His name was Julian Assange.

permalink

bernitallup | 4 points | Nov 16 2016 05:20:20

http://survivalacres.com/blog/julian-assange-is-probably-dead-captured-or-escaped/

This blog also lays it out well.

permalink

firen777 | 15 points | Nov 16 2016 04:33:14

For an explanation about what it means to WikiLeak itself, I will quote u/KageJittai 's explanation :

Wikileaks has an insurance file, which is just a giant data dump of all the information they have, published or not. Wikileaks does screen hold back some of the most damning things as 'Insurance' which, if their operation were ever compromised, they would release the decryption key which opens the massive data dump file. Think of it as a dead man switch. Before they release their insurance file, they release a hash of it; a hash is a kind of like a checksum. It doesn't contain the data, but it is a way of ensuring the data hasn't been altered. Think of it this way: if I took all the paint from an image, mix up all the paint to make a new color, that new color contains elements from the original image. I could then do that with a copy of a picture to see if the new color matched the color from the original image. If it didn't match, I could conclude that the copy wasn't the original. What has happened, is the hash they released last month doesn't match the hash for the insurance file. This could have happed for many reasons, either when they uploaded the insurance file, there was a transmission error, or the original hash wasn't correct. It's also possible that Wikileaks has been compromised and to keep up appearances to prevent the release of the decryption key the responsible party released a fake insurance file.

For further explanation about Hashing, Tom Scott's Video linked by u/lillhobojoe did a pretty good job explaining it.

You can also try hash something yourself using SHA-256 . For example:

a quick brown fox jumps over the lazy dog

If you try to hash this sentence, you should get:

8f1ad6dfff1a460eb4ab78a5a7c3576209628ea200c1dbc70bda69938b401309

It should be the same result no matter what machine, browser, etc. you are using.

However, if I slightly change the sentence, say, replace the last character 'g' -> 'h', essentially changing one bit for that sentence:

a quick brown fox jumps over the lazy doh

It should give you a massively different hash:

4bd2d6f6956ab59f2a171519da2d95be61043f71876127d9b0a9afdf563b39ec

It essentially means that it is almost impossible to tamper a file without getting noticed. For this reason, hashing are always used as "signature" to uniquely identify files.

permalink

pepe_silvia67 | 5 points | Nov 16 2016 05:13:47

As a computer illiterate (in terms of the complicated stuff) your color mixing analogy was by far the best i've read. Thank you.

permalink

firen777 | 4 points | Nov 16 2016 05:17:45

Oh, I was just quoting someone else's explanation.

permalink

pepe_silvia67 | 3 points | Nov 16 2016 05:27:56

Your honesty is appreciated. Just the same, thanks for posting.

permalink

Stratovaried | 2 points | Nov 16 2016 08:15:37

Some people pointed out that the hashes could've been for the decrypted files, and now that we have the encrypted ones, it differs. Either a mistake by wikileaks, or they are really compromised. Seems to be too many "mistakes" and coincidences right now, to think that they're not :S.

permalink

GodSaveRCountry | 1 points | Nov 16 2016 11:51:39

Thank you! Great explanation! It reminds me of the end if the dnc weird emails about food that looks like advertisements. At the end it has that string. One has something like bestbuy and swiftcake

permalink

CentiPetra | 1 points | Nov 16 2016 17:00:08

This seriously calls into question whether or not we can trust any of Wikileaks dumps following October 17th.

I think Wikileaks was compromised when Assange's internet was shut off, and is now being run by outside forces, possibly the U.S. Government. Their Twitter feed got strange after that. I think the AMA was also bullshit. Why couldn't Sarah upload a selfie to verify that she was conducting the AMA? Their only "proof" was a link on Twitter.

permalink