"Eventually, Assange capitulated. Late at night, after a two-hour debate, he started the process on one of his little netbooks that would enable Leigh to download the entire tranche of cables. The Guardian journalist had to set up the PGP encryption system on his laptop at home across the other side of London. Then he could feed in a password. Assange wrote down on a scrap of paper:
ACollectionOfHistorySince_1966_ToThe_PresentDay#. “That’s the password,” he said. “But you have to add one extra word when you type it in. You have to put in the word ‘Diplomatic’ before the word ‘History’. Can you remember that?”
“I can remember that.”
Leigh set off home, and successfully installed the PGP software. He typed in the lengthy password, and was gratified to be able to download a huge file from Assange’s temporary website. Then he realized it was zipped up – compressed using a format called 7z which he had never heard of, and couldn’t understand. He got back in his car and drove through the deserted London streets in the small hours, to Assange’s headquarters in Southwick Mews. Assange smiled a little pityingly, and unzipped it for him."
It is false that the passphrase was temporary or was ever described as such. That is not how PGP files work. Ask any expert.
WikiLeaks 'insurance' files have not been decrypted. All press are currently misreporting. There is an issue, but not that issue.
Iraq's government said Friday it will investigate the new allegations. And some officials said that the document was reason enough for Iraq to force the American military to leave instead of signing a deal allowing troops to stay beyond a year-end departure deadline. . .
"The new report about this crime will have its impact on signing any new agreement," said Sunni lawmaker Aliya Nusayif. She said Iraq's parliament will investigate the new details about the raid and seek to prosecute any U.S. soldiers who commit future crimes in Iraq.
Whether U.S. forces in Iraq will continue to have legal immunity from prosecution if they stay is one of the major stumbling blocks in the ongoing negotiations, as Washington will not allow the military to remain without it.
An adviser to Prime Minister Nouri al-Maliki said the government will revive a stalled probe into the 2006 raid. Al-Maliki has said he needs more information from the U.S. to fully investigate the raid.
"We will not give up the rights of the Iraqi people, and this subject will be followed," said Ali al-Moussawi, the prime minister's media adviser."
It now appears that last December another WikiLeaks employee was responsible for a further leak when he placed the unredacted cables on a peer-to-peer site with an old password – motivated, it seems, by the arrest of Assange on allegations concerning his private life. It is not clear that even Assange – distracted by his legal actions over the Swedish sex allegations – knew of this act. This, to be clear, was not the original file accessed by the Guardian last year, which was, as agreed with WikiLeaks, removed from a secure file server after we had obtained a copy and never compromised.
... When we use encryption, it is entirely expected and normal for the encrypted text to be visible to the public. If the encrypted text isn’t visible to the public, it can’t possibly be transmitted. You can’t run a secure system under the assumption that an encrypted file will not be seen by others. The entire point of cryptography is that we transmit the encrypted text “in the clear” (without further encryption). On the flipside, the entire point of cryptography is that we don’t divulge the encryption key. So WikiLeaks was in the right to make the encrypted file public (however that happened), assuming that the passphrase would be kept private. The Guardian was in the wrong to make the passphrase public, assuming that the encrypted file would be kept private. By definition, the encrypted file was public because it was available from a public server for at least a few hours.
Again, Leigh was a non-technical person, so we can’t expect him to have understood all of these subtleties. But let’s remember what we’re dealing with here: arguably the most important secret documents in history. The man should have gotten a better technical understanding of cryptography before he did this, and failing that, given that he was not an expert, he should not have presumed it was safe to disclose the password. Even assuming no technical knowledge, it is completely idiotic to publish any kind of password, even an expired one. If nothing else, it would have been safe in case Assange did re-use the same password again. And just to dig a bit deeper: Assange took the extra step of creating a salt, the additional word that he told Leigh to remember and insert into the password but not write down, for the express purpose of protecting the data in the event that someone got a hold of the piece of paper. The final, clinching, idiotic move is that Leigh wrote the salt in the book as well as the password — the one thing he was never supposed to write down.
« Older After receiving a $20,000 grant from the Australia... | Face it cats, sometimes playin... Newer »
This thread has been archived and is closed to new comments
Buy a Shirt