[LINK] The Wikileaks Password

Roger Clarke Roger.Clarke at xamax.com.au
Fri Sep 16 09:42:48 AEST 2011


[A nice short story about a long passphrase and how it became insecure]

>** *** ***** ******* *********** *************
>       Unredacted U.S. Diplomatic WikiLeaks Cables Published
>It looks as if the entire mass of U.S. diplomatic cables that WikiLeaks
>had is available online somewhere.  How this came about is a good
>illustration of how security can go wrong in ways you don't expect.  It
>seems that the encrypted file WikiLeaks gave to the Guardian got loose
>in the wild, and then the Guardian published the encryption key in their
>tell-all book about WikiLeaks.
>  From pp 138-9 of "WikiLeaks":
>      Assange wrote down on a scrap of paper:
>      ACollectionOfHistorySince_1966_ToThe_PresentDay#.  "That's
>      the password," he said.  "But you have to add one extra word when
>      you type it in.  You have to put in the word 'Diplomatic' before
>      the word 'History'.  Can you remember that?"
>I think we can all agree that that's a secure encryption key.
>Memo to the "Guardian":  Publishing encryption keys is almost always a
>bad idea.  Memo to WikiLeaks: Take better care of your encrypted files.
>The detailed story.
>Finger-pointing between the Guardian and WikiLeaks:
>or http://tinyurl.com/3g3zktq
>The book:
>** *** ***** ******* *********** *************

Roger Clarke                                 http://www.rogerclarke.com/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list