Re: [ubuntu-uk] Insurance.aes256 and OpenSSL
On 4 January 2011 07:45, Rowan Berkeley rowan.berke...@gmail.com wrote: I have the file itself, and the default OpenSSL packages for 10.04, but OpenSSL is a command line application and I wonder if anyone could tell me what to type into the terminal in order to at least inspect the file and gain some information about it. Well, it's encrypted so you'd need to know the encryption key (aka password) to inspect the file... if you don't, you can't Or am I misunderstanding something? Sean -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Insurance.aes256 and OpenSSL
On 04/01/11 07:45, Rowan Berkeley wrote: Hi. AEScrypt say they have looked at WikiLeaks' mysterious 1.4GB 'Insurance.aes256' file, and it appears to have been encrypted using OpenSSL: http://forums.packetizer.com/viewtopic.php?f=72t=108 I have the file itself, and the default OpenSSL packages for 10.04, but OpenSSL is a command line application and I wonder if anyone could tell me what to type into the terminal in order to at least inspect the file and gain some information about it. openssl aes-256-cbc -d -a -in Insurance.aes256 -out lotsofsecrets.txt of course it won't do anything at all without the password which you won't get unless Julian Assange meets a sticky end. -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Diaspora
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/01/11 17:26, Paul Tansom wrote: I added myself to the waiting list a while back though, so I'll probably get one eventually. If you haven't already had an invitation, I can send you one. Best reply off-list though. ;) I looked at the requirements for running a server, but decided I didn't really want to start messing with Ruby as there's nothing else on my server that uses it. If it had been Perl (or PHP?!) I might have taken a closer look. My sentiments exactly. This is kind of what drew me to OneSocialWeb, actually - since it's based on XMPP and I already run ejabberd, I thought the barrier to running my own server would be much lower. Unfortunately, OSW only has an implementation based on the Java-powered OpenFire XMPP server, and I don't currently use Java for anything else on my server either (pretty shocking, considering I've been primarily employed as a Java developer for most of the last 10 years!). I've seen some comments about Diaspora-X, which seems to be Diaspora hacked to use XMPP as a transport. Does anyone here know any more about it? JT - -- - ---+ James Tait, BSc|xmpp:jayte...@wyrddreams.org Programmer and Free Software advocate |Tel: +44 (0)870 490 2407 - ---+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk0i7CsACgkQyDo4xMNTLiaWxACg9NKfwaNFJO4m31r72NfdAmeQ 0hcAoJlM2D3aBxIf+1mIH3Lz6vHqx58E =3QYP -END PGP SIGNATURE- -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Insurance.aes256 and OpenSSL
On Tue, 2011-01-04 at 08:02:03 +,Sean Miller s...@seanmiller.net wrote: On 4 January 2011 07:45, Rowan Berkeley rowan.berke...@gmail.com wrote: I have the file itself, and the default OpenSSL packages for 10.04, but OpenSSL is a command line application and I wonder if anyone could tell me what to type into the terminal in order to at least inspect the file and gain some information about it. Well, it's encrypted so you'd need to know the encryption key (aka password) to inspect the file... if you don't, you can't. Or am I misunderstanding something? Sean I don't know much about cryptography, but if I could compare the situation to a box with a lock on it, it should be possible to see the keyhole at least. Thus, I would expect it to be possible to look at the file and say, yes, this is a text file encrypted with AES256, and it requires a password of x characters to open it. R -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Insurance.aes256 and OpenSSL
On 4 January 2011 10:15, Rowan Berkeley rowan.berke...@gmail.com wrote:
I don't know much about cryptography, but if I could compare the
situation to a box with a lock on it, it should be possible to see the
keyhole at least. Thus, I would expect it to be possible to look at the
file and say, yes, this is a text file encrypted with AES256, and it
requires a password of x characters to open it. R
I think you may be oversimplifying this... I do not see how you'd be able
to ascertain the number of characters at all, as the password would clearly
be encrypted itself...
Take md5, for instance...
mysql select md5('hello') from dual;
+--+
| md5('hello') |
+--+
| 5d41402abc4b2a76b9719d911017c592 |
+--+
1 row in set (0.00 sec)
mysql select md5('this is a very long password') from dual;
+-+
| md5('this is a very long password') |
+-+
| d25dcb07b6b0d7d5ca6ee555d73a50ce|
+-+
1 row in set (0.00 sec)
mysql
From those two strings you would not know that one was 5 characters and the
other significantly more, as the encrypted version is almost the same length
in both cases...
Sean
--
ubuntu-uk@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk
https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Insurance.aes256 and OpenSSL
On 4 January 2011 10:15, Rowan Berkeley rowan.berke...@gmail.com wrote: On Tue, 2011-01-04 at 08:02:03 +,Sean Miller s...@seanmiller.net wrote: On 4 January 2011 07:45, Rowan Berkeley rowan.berke...@gmail.com wrote: I have the file itself, and the default OpenSSL packages for 10.04, but OpenSSL is a command line application and I wonder if anyone could tell me what to type into the terminal in order to at least inspect the file and gain some information about it. Well, it's encrypted so you'd need to know the encryption key (aka password) to inspect the file... if you don't, you can't. Or am I misunderstanding something? Sean I don't know much about cryptography, but if I could compare the situation to a box with a lock on it, it should be possible to see the keyhole at least. Thus, I would expect it to be possible to look at the file and say, yes, this is a text file encrypted with AES256, and it requires a password of x characters to open it. R The encryption key will show how the file has been encrypted but certainly not the length of the password, which would be an open attack vector. There are tools in the OpenSSL toolkit that validate encrypted files without providing any identifying information. s/ -- Twitter: @sfgreenwood Is this your sanderling? -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Insurance.aes256 and OpenSSL
On Tue, 4 Jan 2011, Rowan Berkeley wrote: it should be possible to see the keyhole at least. You can see the keyhole---but it unremarkable because it looks exactly the same as any other keyhole. What you can't see is any of the tumblers *in* the keyhole, or through the keyhole to what is behind it, as that would be a security failure. If you could get even a glimpse of either the make-up of the keyhole or the contents that it is protecting, then you now have sufficient plaintext or key leakage to start reducing the brute-force case into something more practical. Which is bad(tm). -Paul -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Insurance.aes256 and OpenSSL
Simon Greenwood sfgreenw...@gmail.com wrote: On 4 January 2011 10:15, Rowan Berkeley rowan.berke...@gmail.com wrote: On Tue, 2011-01-04 at 08:02:03 +,Sean Miller s...@seanmiller.net wrote: On 4 January 2011 07:45, Rowan Berkeley rowan.berke...@gmail.com wrote: I have the file itself, and the default OpenSSL packages for 10.04, but OpenSSL is a command line application and I wonder if anyone could tell me what to type into the terminal in order to at least inspect the file and gain some information about it. Well, it's encrypted so you'd need to know the encryption key (aka password) to inspect the file... if you don't, you can't. Or am I misunderstanding something? Sean I don't know much about cryptography, but if I could compare the situation to a box with a lock on it, it should be possible to see the keyhole at least. Thus, I would expect it to be possible to look at the file and say, yes, this is a text file encrypted with AES256, and it requires a password of x characters to open it. R The encryption key will show how the file has been encrypted but certainly not the length of the password, which would be an open attack vector. There are tools in the OpenSSL toolkit that validate encrypted files without providing any identifying information. I've looked at the toolkit documents at http://www.openssl.org/docs/ and they're all way over my head. What I originally had in mind was something I could put into the terminal for a given location, e.g. /home/rowan/Documents/Insurance.aes256 which would do just that: validate it. R -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Insurance.aes256 and OpenSSL
On Tue, 2011-01-04 at 10:38 +, Paul Sladen wrote: On Tue, 4 Jan 2011, Rowan Berkeley wrote: it should be possible to see the keyhole at least. You can see the keyhole---but it unremarkable because it looks exactly the same as any other keyhole. What you can't see is any of the tumblers *in* the keyhole, or through the keyhole to what is behind it, as that would be a security failure. It's a cute metaphor, but inappropriate. Encryption doesn't lock a room, it changes the entire contents of the room into other, random atoms. There's no keyhole, no tumblers, nothing to see at all except nearly-random noise. We are very unlikely to see a genuine weakness in AES-256 in the immediate future. Regards, Tyler -- Beware of altruism. It is based on self-deception, the root of all evil. -- Lazarus Long, Time Enough for Love, by Robert A. Heinlein -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Insurance.aes256 and OpenSSL
On 4 January 2011 12:31, Tyler J. Wagner ty...@tolaris.com wrote: On Tue, 2011-01-04 at 10:38 +, Paul Sladen wrote: On Tue, 4 Jan 2011, Rowan Berkeley wrote: it should be possible to see the keyhole at least. You can see the keyhole---but it unremarkable because it looks exactly the same as any other keyhole. What you can't see is any of the tumblers *in* the keyhole, or through the keyhole to what is behind it, as that would be a security failure. It's a cute metaphor, but inappropriate. Encryption doesn't lock a room, it changes the entire contents of the room into other, random atoms. There's no keyhole, no tumblers, nothing to see at all except nearly-random noise. If there is no keyhole what do you do with the key, just wave it about and hope for the best? :) Colin -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Insurance.aes256 and OpenSSL
On 4 January 2011 12:35, Colin Law clan...@googlemail.com wrote: If there is no keyhole what do you do with the key, just wave it about and hope for the best? :) A bad analogy is like a leaky screwdriver. Al. -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Diaspora
On 4 January 2011 09:45, James Tait james.t...@wyrddreams.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/01/11 17:26, Paul Tansom wrote: I added myself to the waiting list a while back though, so I'll probably get one eventually. If you haven't already had an invitation, I can send you one. Best reply off-list though. ;) I looked at the requirements for running a server, but decided I didn't really want to start messing with Ruby as there's nothing else on my server that uses it. If it had been Perl (or PHP?!) I might have taken a closer look. My sentiments exactly. This is kind of what drew me to OneSocialWeb, actually - since it's based on XMPP and I already run ejabberd, I thought the barrier to running my own server would be much lower. Unfortunately, OSW only has an implementation based on the Java-powered OpenFire XMPP server, and I don't currently use Java for anything else on my server either (pretty shocking, considering I've been primarily employed as a Java developer for most of the last 10 years!). Likewise. As much as I begged the OSW developers they wouldn't fix this, which is why I was never able to run it on my server. Having an open protocol needlessly tied to a single implementation is not the way to conquer the world. Unfortunately the way it was designed would require significant code in every XMPP server. I've seen some comments about Diaspora-X, which seems to be Diaspora hacked to use XMPP as a transport. Does anyone here know any more about it? Yeah, it looks promising - I'm currently working to make a cross-XMPP-server backend for it. Not quite ready yet though :) Regards, Matthew -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
[ubuntu-uk] weekly and monthly digest?
Hello, Is there a way to get a weekly or monthly digest? It seems to be limited to 10 messages now. -- Andrés Muñiz-Piniella -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Research Required
Rather than the football analogy I use the recipie analogy (I think I heard Stallman use it). If you are a good cook and you make your soup for free at home to your friends and/or give the recipie so others can improve on it will it mean that it will be worst than at a michellin star soup. There is a good chance that it will be better since you can adjust it as you like and it has quicker feedback. You can then charge on support to make sure your reciepie works properly on your kitchen so you don't need a new induction kitchen to get the same result. Was planning on writting something on the recipie of a spanish omlette, similar to the lines above. -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
[ubuntu-uk] [job] Engineers wanted - Weybridge
Aloha I thought Id post here as well, I work here and its great! Sirius (http://siriusit.co.uk/) is currently looking for bright university graduates looking into joining a young open source company. Sirius is an Open Source consultancy focused on helping our customers to make the most out of open source and create great innovative products with it. The working environment is really flexible and we have a great team of developers and engineers. Our projects cover the whole desktop, mobile and embedded Linux stack. We are particularly looking for people with some involvement in open source ( and an interest in getting involved in low level kernel and graphics development, but if you are focused on other areas that you think might be interesting dont hesitate The job would be on site in our offices in Weybridge so people living within the EU or people with a work permit in the UK are possibly well suited. Sirius is looking for a qualified individual to work as a Technical Support Engineer. The Support Engineer provides comprehensive telephone/web/e-mail/chat technical and application support to Sirius customers. The candidate must be able to work directly with customers in high-pressure situations; have strong analytic, organizational, time management, and communication skills; thrive in a team environment; and possess the willingness to do whatever it takes to achieve the highest customer satisfaction. The candidate will interact with development and project teams to investigate and resolve issues. The job responsibilities include, but are not limited to, analyze, track and resolve customer issues in a professional, timely manner; identify any security upgrades that are necessary and communicate them to customers; maintain and update web based support documentation, using monitoring software to identify potential support issues. The role is shift based and will include some night shifts. Requirements * Experience working with Open Source technologies * Excellent verbal and written communication skills * Outstanding interpersonal and telephone skills * Strong problem solving skills * Ability to function and thrive in a team environment * Energetic, with a strong desire to succeed * Experience within a similar role would be beneficial If youre interested or want to know more about the place or the job you can contact me on freenode as czajkowski or mail Kelly - kelly DOT flitter @ siriusit.co.uk to talk more -- http://www.lczajkowski.com http://wiki.ubuntu.com/czajkowski skype: lauraczajkowski Message sent using UebiMiau 2.7.10 -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Research Required
That sounds a bit like the talk that Bruno Bord gave at the first OggCamp called Programming explained to non-techies -- Jon The Nice Guy Spriggs On 4 January 2011 14:44, Andrés Muñiz Piniella andre...@gmail.com wrote: Rather than the football analogy I use the recipie analogy (I think I heard Stallman use it). If you are a good cook and you make your soup for free at home to your friends and/or give the recipie so others can improve on it will it mean that it will be worst than at a michellin star soup. There is a good chance that it will be better since you can adjust it as you like and it has quicker feedback. You can then charge on support to make sure your reciepie works properly on your kitchen so you don't need a new induction kitchen to get the same result. Was planning on writting something on the recipie of a spanish omlette, similar to the lines above. -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/ -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
[ubuntu-uk] Research required ...
Ubuntu One store has enough music to buy things. I have found that the latest Album by Blunt is cheaper than iTunes and amazon. I thought amarok and banshee had support to put music inside the ipod? Recently I installed ubuntu on a girl's laptop that I haddn't even met face to face. She had XP and was going slow because of antivirus it seems. She only uses it for facebook and email so she seems to be happy with what she had: only problem I had was that I fogot to tell her the keyring password. Also had a problem with father in law: HDD broke windows wasn't loggin it. It was an IDE HDD so not something you can easyliy find it seems. He was content with waiting a while longer and booting from an Xubuntu live CD. It's only used for browsing. Sister in law had a netbook with xp it crashed. Her other brother in law was unable to install a dodgy copy of windows but I was able to install no problem ubuntu netbook10.10. Even hung over from newyears party she knew that firefox icon was internet and that she could do her documents with openoffice. I told her I could provide with remote support (I can right?) and she was well happy that I could recover her 16Gb of pictures. I tried explaining gwibber but was not convinced. Chat with facebook (empathy) failed but that happens to me as well.. quote: Message: 1 Date: Mon, 27 Dec 2010 12:06:18 + From: Barry Drake bdr...@crosswire.org Subject: [ubuntu-uk] Research required ... To: UK Ubuntu Talk ubuntu-uk@lists.ubuntu.com Message-ID: 1293451578.2118.38.camel@ pcspecialist Content-Type: text/plain; charset=UTF-8 Those of you on the advertising list will know that Dant? Ashton and I have been trying to research easy entry into Ubuntu with the mindset of the average Windows user. Please consider helping with this research. The aim is to pick a particular 'need' and to follow through whether this need can be met under Ubuntu, how easily and how successfully. This use should ideally be one that your Windows friend would have, and preferably a need that you know little about. First take a look at: https://help.ubuntu.com/10.04/switching/C/applications-equivalents.html This page may need revision, and certainly needs extending. Rules for research: any necessary packages to be easily and quickly installed without using the commandline. The preference would be to use the Ubuntu Software Centre. If you have a way of meeting the need, but this requires commandline or other methods, please submit this anyway - Ubuntu could incorporate a simple workaround. Any scripts or code you write to make things work could be posted. Stuff like that could easily be part of a package and run on installation without the user being in any way aware of the complexity. When you have done the research, please report on how easy it was to access the information and provide links if a good method is suggested online somewhere. So far, I have researched iPod and iTunes. I have also explored Logos/Libronix as a colleague has over ?1000 worth of books in that format. I have to report that Ubuntu is not for him. I have e-mailed Logos and received a reply stating that at present they do not have plans to support our platform. The same was true of Mac until many many Mac users complained to Logos! A niche area, but maybe you'd like to aid that cause? I also did a webcam exercise with my sister. The task was dead easy for me - but incredibly daunting for my sister and it need not have been! That one hardly wants any tweaking but it does need tweaking and properly documenting. Researching iTunes, I found an official Ubuntu document that said iTunes would install under PlayOnLinux. I tested this. Only iTunes 10.6 can be made to work, and it installs crippled. The CD rip and burn facilities don't work. It is official policy that we do not include methods based on Wine or any of its derivatives as these, however good, are not for the Ubuntu newbie. The result of the above is that iTunes can be perfectly replaced and iPods work just fine under Ubuntu with several apps BUT the Apple download store cannot be accessed. Most of you knew that already - I was working in the dark and discovered how hard it was to get information that a newbie could follow. So - lay aside your geekiness for a time, imagine you're a newbie and volunteer to research a particular need. Please state the one you are thinking of pursuing so we don't duplicate the effort. If there's a good response, maybe someone who has admin access to the Canonical or Ubuntu website can set up a Wiki for us to report back on? Hope I'm not treading on any Canonical toes here apologies in advance if I am. Regards,Barry Drake. -- Andrés Muñiz-Piniella -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Research Required
To: UK Ubuntu Talk ubuntu-uk@lists.ubuntu.com Subject: Re: [ubuntu-uk] Research Required Message-ID: aanlktim9qb5nea9jjjxmcscx89=1ir0djrq8uwwlx...@mail.gmail.com Content-Type: text/plain; charset=ISO-8859-1 That sounds a bit like the talk that Bruno Bord gave at the first OggCamp called Programming explained to non-techies * Don't know Bruno, but I I bet he is really clever. ;) -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Insurance.aes256 and OpenSSL
On Tue, 2011-01-04 at 12:45 +, Alan Pope wrote: A bad analogy is like a leaky screwdriver. Added to my signature quotes source file. :) Tyler -- I believe the government that governs best is the government that governs least. And by these standards, we have set up a fabulous government in Iraq. -- Stephen Colbert -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Insurance.aes256 and OpenSSL
On Tue, 2011-01-04 at 12:35 +, Colin Law wrote: If there is no keyhole what do you do with the key, just wave it about and hope for the best? :) You multiply part of it with the lock, and then modulo it with the doorknob. Regards, Tyler -- Freedom of thought is best promoted by the gradual illumination of men's minds, which follows from the advance of science. -- Charles Darwin . -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
