

WikiLeaks password leak FAQ - soyelmango
https://unspecified.wordpress.com/2011/09/03/wikileaks-password-leak-faq/

======
rhizome
I appreciate the effort, and while I haven't gone through the whole thing, you
could probably brush up on the use and meaning of "executive summary." Nothing
personal!

~~~
mgiuca
Yeah, I get you ;) I've never been good at being concise.

------
wccrawford
Article claims that making the encrypted file public is perfectly fine, so
long as the password isn't made public.

I think all of us here know how wrong that is. A password isn't going to stop
people for long. It was a matter of time until it got out. Maybe it already
had, and we didn't know it.

~~~
mgiuca
(Author of the article here). I think you underestimate the power of a good
(long) password. Check this out: <https://www.grc.com/haystack.htm>

That site lets you enter a password and see how long it would take to crack
using a brute-force scenario. Assange's 58-character password would apparently
take "16.40 million trillion trillion trillion trillion trillion trillion
trillion centuries", assuming one hundred trillion guesses per second (which
is far more computing power than is presently available to anybody in the
world).

Cryptography relies on strong passwords. Assuming that the password wasn't
deliberately given out, a 58-character password is going to be secure for a
very very long time.

~~~
wccrawford
We can crack things today that were considered impossible (aka "not in our
lifetime") 10 years ago. Why would anyone think that 10 more years wouldn't
bring this again? Quantum computing is looking more and more likely, with
progress almost every month now.

Sure, today they couldn't crack it... But this data has ramifications for many
years to come. It should never have been gathered together and put in a public
place.

Behind the government's firewalls, it was protected by an ever-changing
system. If things get easier to crack, they can upgrade it. As a simple file,
it can never be changed. It will also be there.

And finally, security experts will tell you that one of the easiest ways to
crack something is the human factor. That password is written down somewhere,
and wikileaks isn't a fort. Hackers could have gotten that password from
wikileaks without them knowing.

So no, I don't think I do underestimate it.

