Riplinger Fails to Hash Out a Defense

[Breathe, Jonathan. Just breathe. Oh, the reader has arrived.]

Oh, hey friend. Do you remember a couple of months ago when Gail Riplinger claimed the MD5 hashing algorithm was used to distort her voice? If not, allow me to jog your memory:

“Since the MD5 algorithm is open source, programs to distort a voice and make it subtly more difficult to discern are widely available to non-professionals; dozens of apps can be purchased to do this.”

In the above sentence, the word “since” means “because”. The statement “the MD5 algorithm is open source” is given as the cause to the statement “programs to distort a voice…are widely available.” Gail claims MD5 can distort audio.

I pointed out in my response that MD5 hashes are used for many things, but they aren’t used for audio distortion. Her assertion to the contrary demonstrates a complete lack of relevant knowledge on her part.

Recall that the MD5 hashing algorithm accepts variable-length input, and produces 32 characters of output. Most importantly, recall that this algorithm loses all original data. Pass in 64,512 characters of data, and you will get 32 characters of output. Pass in 0 characters of data, and you will get 32 characters of output.

Well, Gail is now trying to save face. Or not. Honestly, I have no idea what this lady is thinking. To even attribute thought to her aimless scrawlings is generous.

In her most recent post, Gail claims that I am “unsure as to how MD5 is related to audio forensics.” As shown in my earlier article, I understand how MD5 is used to test file integrity. But Gail didn’t attribute MD5 to file-integrity; she attributed it to voice distortion.

It seems now that Gail is claiming to have used MD5 to test the file signature (or, the hash generated from the file). As I pointed out in my original article, this is a legitimate use of the technology.

Gail provides a couple of helpful quotes:

“Any changes, even the simple act of opening and resaving a file without any content changes, can alter the calculated MD5 value.”

http://forensicprotection.com/Education_Authenticate.html

“Two of the most common hashes used in the audio/video forensic field are message-digest algorithm 5 (MD5….)”

https://books.google.com/books…

Correct. No disagreement here. These authors understand the topic. Gail does not.

Let us, for now, pretend that Gail never claimed MD5 was used in audio distortion. Let us pretend that Gail claimed from the start that she used MD5 to authenticate James’ debate audio. Now, let us see how quickly even our imagination betrays us.

What audio does Gail have in her possession? Well, she claims to have received “originals” in the form of one or more cassette tapes:

“On the originals, my voice is clear…I received the original tape from a listener.”

I called Gail after reading this, hoping to get her copy of the debate to compare for myself, and perhaps upload for the consideration of others. After all, if what she claims is correct, and James has an edited copy, James should be confronted.

Gail told me that she did not have a digital copy; only a cassette. She did, however, say that she would try to get a family member to digitize the audio. I believe she was going to check with her son-in-law.

So lets assume that Gail does have a recording, and that the recording differs from James’. Lets assume she has her very own cassette tape (as she claims), just as James has his.

Dr. James White holds up his cassette tape containing the 1993 debate with Gail Riplinger on KRDS during his February 16, 2016 Dividing Line (https://youtu.be/JRV6CAiN5wE?t=2105).

What problem has Gail created for herself now? Gail claims to have performed a forensic analysis using MD5 on the debate audio; but MD5 doesn’t work unless you have a digital copy (such as a WAV or MP3) to begin with. You cannot do digital analysis on a cassette tape, Gail.

You may be asking yourself, is there any way Gail can redeem this MD5 story? There might be, but it’s going to take a little more lying on her part.

If KRDS had provided identical (bit for bit) MP3 files to White and Riplinger, and White uploaded a manipulated version to a public share, Riplinger could then download White’s file and check its MD5 hash against the hash from her own original MP3. This would tell her whether White made modifications or not.

But even in this alternate history, Gail’s own source says “…the simple act of opening and resaving a file without any content changes, can alter the calculated MD5 value.” So even if Gail performed a digital analysis, a variant MD5 hash doesn’t necessarily mean manipulation; it could mean nothing more than a harmless re-saving of the data.

Quit now, Gail. For your own sake, quit now.

Gail Riplinger Caught Lying

Gail Riplinger wrote a lengthy note a few weeks back (Published by Kent Hovind’s website on February 11, 2016), accusing Dr. James White of many terrible things. In her article she made numerous bold claims that I would love to dig into, but frankly don’t have the time. She did, however, walk right into my wheelhouse in her attempt to discuss audio forensics.

I’m not trained in audio forensics, so I won’t pretend to be an authority on the matter. But given Gail’s short write-up, I can say with absolute confidence that she cannot possibly be an authority on the matter either. You see, in her attempt to sound authoritative, she made reference to something I do know a great deal about—hashing algorithms.

Since the MD5 algorithm is open source, programs to distort a voice and make it subtly more difficult to discern are widely available to non-professionals; dozens of apps can be purchased to do this. (as of 2016-02-24)

The above was Gail’s statement from the original post. I have, quite honestly, no idea what possessed her to pull MD5 into this discussion. It has nothing to do with generating clicks, pops, or any other audio artifacts as we’ll see momentarily.

I’ve been a software engineer for nearly two decades. In fact, as a young man (over a decade ago) I built Gail Riplinger’s website avpublications.com (as of 2016-02-24, it is still in use). The Lord must have a sense of humor.

Hashes exist in software security to store sensitive data (passwords, in particular) in a way that isn’t easily compromised in the event of a data-breach. Hashes are also used to confirm that files haven’t been subject to tampering. Think of hashes like trash compactors that take in loads of garbage, and output an indiscernible heap.

How about we look at an example?

Suppose you registered an account on my new website, and you provided the password “Genesis 1:1”. In my database, I could store a hash to represent this password. A hash, in this case, is a 128-bit value that represents your password. The above password would result the following hash: 15b4bd0bf02b2f1a591643c1af015c9d.

Here are a couple other hashes. Note that the size of the data being hashed has no impact over the size of the resulting hash. Each hash is 32 characters long:

Input	MD5 Hash
jonathan	78842815248300fa6ae79f7776a5080a
1611	7a6a74cbe87bc60030a4bd041dd47b78

The great thing about hashes is that they are one-way, meaning I can generate the hash if I have your password, but I cannot generate your password if I have the hash. Each time you come to my site and provide a password to login, I hash the password you’re attempting to log-in with, and authenticate you only if the new hash matches the hash on file. (To my fellow engineers, I’m avoiding a discussion about salting, rainbow tables, etc).

Since hashes are determined by the input, they are used to confirm file integrity as well. A program author passes their program through the algorithm (like we passed a password earlier), and a 128-bit value is produced. That generated hash allows others to detect changes to the program (such as an embedded virus) upon download. If the hash you generate after downloading the program doesn’t match the hash published by the author, there’s a good chance you downloaded a corrupted file.

Back to Gail. Gail seems to think this has something to do with creating distortions, clicks, and pops in an audio file. She’s wrong. It doesn’t. An algorithm that adds distortion needs to output something that sounds almost like the input. MD5 hashing loses all of the original data.

What I am left wondering is why Gail would pretend to know something like this, at the risk of embarrassing herself. Does she think Hovind’s community of followers are too ignorant to catch her red-handed?

What this example demonstrates to me is that Gail is willing to lie in order to appear authoritative on a matter. I am left wondering how serious she could possibly take KJV Onlyism if she is willing to spread misinformation in its defense.

What saddens me most is that Kent Hovind continues to hold to the mast of Gail’s sinking reputation. Why he won’t let go, per the advise of so many around him, is beyond me. I can do nothing more than pray for his sight, and expose her blindness.