Wikileaks' insurance.aes256 file and AES Crypt
Posted: Thu Dec 16, 2010 8:47 pm
We recently saw a huge spike in traffic to the AES Crypt web site and the number of downloads of the program increased significantly. While we're certainly happy to see people take an interest in AES encryption technology and AES Crypt, in particular, what we discovered as we tried to find out why there was a sudden and significant increase was that Wikileaks had apparently published an encrypted file called "insurance.aes256". You can read more about it here.
Naturally, people from all over the world started trying to figure out how to decrypt the file and went searching for the tools to do it. Curious as to whether AES Crypt was used to encrypt the file, we inspected the file and determined that AES Crypt was not used. Rather, it appears to have been encrypted with OpenSSL. While AES Crypt and OpenSSL both support 256-bit AES encryption, the file formats are not compatible. As such, it is impossible to decrypt the insurance.aes256 file using AES Crypt.
As the article from France24 points out, trying to decrypt that file by guessing is really a lost cause. AES is a very strong encryption algorithm that, as far as the world knows, has no weaknesses. So, without the password, it is likely going to prove impossible to read the file with OpenSSL. I just wonder how many of the world's computers have been put into service to crack the password?
Naturally, people from all over the world started trying to figure out how to decrypt the file and went searching for the tools to do it. Curious as to whether AES Crypt was used to encrypt the file, we inspected the file and determined that AES Crypt was not used. Rather, it appears to have been encrypted with OpenSSL. While AES Crypt and OpenSSL both support 256-bit AES encryption, the file formats are not compatible. As such, it is impossible to decrypt the insurance.aes256 file using AES Crypt.
As the article from France24 points out, trying to decrypt that file by guessing is really a lost cause. AES is a very strong encryption algorithm that, as far as the world knows, has no weaknesses. So, without the password, it is likely going to prove impossible to read the file with OpenSSL. I just wonder how many of the world's computers have been put into service to crack the password?