WikiLeaks password leak FAQ (opens in new tab)

(unspecified.wordpress.com)

5 pointssoyelmango14y ago6 comments

6 comments

I appreciate the effort, and while I haven't gone through the whole thing, you could probably brush up on the use and meaning of "executive summary." Nothing personal!

mgiuca14y ago

Yeah, I get you ;) I've never been good at being concise.

wccrawford14y ago

Article claims that making the encrypted file public is perfectly fine, so long as the password isn't made public.

I think all of us here know how wrong that is. A password isn't going to stop people for long. It was a matter of time until it got out. Maybe it already had, and we didn't know it.

mgiuca14y ago

(Author of the article here). I think you underestimate the power of a good (long) password. Check this out: https://www.grc.com/haystack.htm

That site lets you enter a password and see how long it would take to crack using a brute-force scenario. Assange's 58-character password would apparently take "16.40 million trillion trillion trillion trillion trillion trillion trillion centuries", assuming one hundred trillion guesses per second (which is far more computing power than is presently available to anybody in the world).

Cryptography relies on strong passwords. Assuming that the password wasn't deliberately given out, a 58-character password is going to be secure for a very very long time.

wccrawford14y ago

We can crack things today that were considered impossible (aka "not in our lifetime") 10 years ago. Why would anyone think that 10 more years wouldn't bring this again? Quantum computing is looking more and more likely, with progress almost every month now.

Sure, today they couldn't crack it... But this data has ramifications for many years to come. It should never have been gathered together and put in a public place.

Behind the government's firewalls, it was protected by an ever-changing system. If things get easier to crack, they can upgrade it. As a simple file, it can never be changed. It will also be there.

And finally, security experts will tell you that one of the easiest ways to crack something is the human factor. That password is written down somewhere, and wikileaks isn't a fort. Hackers could have gotten that password from wikileaks without them knowing.

So no, I don't think I do underestimate it.

calcnerd25614y ago

2^60 seconds is a long time

j / k navigate · click thread line to collapse

6 comments

rhizome14y ago

I appreciate the effort, and while I haven't gone through the whole thing, you could probably brush up on the use and meaning of "executive summary." Nothing personal!

mgiuca14y ago

Yeah, I get you ;) I've never been good at being concise.

wccrawford14y ago

Article claims that making the encrypted file public is perfectly fine, so long as the password isn't made public.

I think all of us here know how wrong that is. A password isn't going to stop people for long. It was a matter of time until it got out. Maybe it already had, and we didn't know it.

mgiuca14y ago

(Author of the article here). I think you underestimate the power of a good (long) password. Check this out: https://www.grc.com/haystack.htm

Cryptography relies on strong passwords. Assuming that the password wasn't deliberately given out, a 58-character password is going to be secure for a very very long time.

wccrawford14y ago

Sure, today they couldn't crack it... But this data has ramifications for many years to come. It should never have been gathered together and put in a public place.

Behind the government's firewalls, it was protected by an ever-changing system. If things get easier to crack, they can upgrade it. As a simple file, it can never be changed. It will also be there.

So no, I don't think I do underestimate it.

calcnerd25614y ago

2^60 seconds is a long time

j / k navigate · click thread line to collapse