[LINK] The Wikileaks Password
Roger Clarke
Roger.Clarke at xamax.com.au
Fri Sep 16 09:42:48 AEST 2011
><http://www.schneier.com/crypto-gram-1109.html>
[A nice short story about a long passphrase and how it became insecure]
>** *** ***** ******* *********** *************
>
> Unredacted U.S. Diplomatic WikiLeaks Cables Published
>
>It looks as if the entire mass of U.S. diplomatic cables that WikiLeaks
>had is available online somewhere. How this came about is a good
>illustration of how security can go wrong in ways you don't expect. It
>seems that the encrypted file WikiLeaks gave to the Guardian got loose
>in the wild, and then the Guardian published the encryption key in their
>tell-all book about WikiLeaks.
>
> From pp 138-9 of "WikiLeaks":
>
> Assange wrote down on a scrap of paper:
> ACollectionOfHistorySince_1966_ToThe_PresentDay#. "That's
> the password," he said. "But you have to add one extra word when
> you type it in. You have to put in the word 'Diplomatic' before
> the word 'History'. Can you remember that?"
>
>I think we can all agree that that's a secure encryption key.
>
>Memo to the "Guardian": Publishing encryption keys is almost always a
>bad idea. Memo to WikiLeaks: Take better care of your encrypted files.
>
>The detailed story.
>http://www.spiegel.de/international/world/0,1518,783778,00.html
>
>Finger-pointing between the Guardian and WikiLeaks:
>http://www.guardian.co.uk/world/2011/sep/01/unredacted-us-embassy-cables-online
>
>or http://tinyurl.com/3g3zktq
>http://www.wikileaks.org/Guardian-journalist-negligently.html
>
>The book:
>http://www.amazon.com/exec/obidos/ASIN/B0057D9LJG/counterpane/
>
>** *** ***** ******* *********** *************
--
Roger Clarke http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
Visiting Professor in Computer Science Australian National University
More information about the Link
mailing list