"Our book about WikiLeaks was published last February. It contained a password, but no details of the location of the files, and we were told it was a temporary password which would expire and be deleted in a matter of hours.
"It was a meaningless piece of information to anyone except the person(s) who created the database.
"No concerns were expressed when the book was published and if anyone at WikiLeaks had thought this compromised security they have had seven months to remove the files. That they didn't do so clearly shows the problem was not caused by the Guardian's book."
"According to Der Spiegel: At the end of 2010, Domscheit-Berg [former worker at Wikileaks and founder of rival, OpenLeaks] finally returned to WikiLeaks a collection of various files that he had taken with him, including the encrypted cables. Shortly afterwards, WikiLeaks supporters released a copy of this data collection onto the Internet as a kind of public archive of the documents that WikiLeaks had previously published. The supporters clearly did not realize, however, that the data contained the original cables, as the file was not only encrypted but concealed in a hidden subdirectory."
So The Guardian deliberately leaked the password and Wikileaks accidentally leaked the file. Personally, I think both sound like pretty stupid things to do ...
> "No concerns were expressed when the book was published and if anyone at WikiLeaks had thought this compromised security they have had seven months to remove the files. That they didn't do so clearly shows the problem was not caused by the Guardian's book."
That's a pretty bullshit excuse. Wasn't the insurance file on PirateBay? How exactly should they have removed that once it was out there?
From what I've read, I've been given the idea that the files transferred to The Guardian were encrypted for them only - that the password they had worked against that file alone.
Presumably (hopefully?) the insurance file uses a different password. I was also under the (perhaps wrong) impression that no-one actually knows what's in the insurance file.
I can't imagine the insurance file being little more than the full uncensored cable archive. What else could it be? If Wikileaks had a gigabyte of compromising information on the US government or some other powerful entity, surely they would release it? Isn't that their stated mission?
From what I gather it sounds like they're trying to redact important info from cables prior to release so they don't get their asses burned any more than they have. They've got a collection of cables they haven't yet processed and are now being leaked.
Wikileaks has demonstrated a propensity to keep things close to chest. Perhaps the insurance file contains private documents not yet released that are personally embarrassing to important individuals (e.g., those likely to be involved in the extradition and/or untimely demise of Assange) but not particularly relevant from a national standpoint. Not sure, but I definitely don't think that the cables are the only potential information contained in the insurance file. Wikileaks, especially after their bout of airtime last winter, got a lot of data from a lot of different sources. There's a lot of stuff there to collate.
The details are confusing but apparently it wasn't the insurance file, it was the full cables archive which for some unexplained reason was being served over bittorrent by someone.
I read the book in question. A password to an encrypted file is given at some point, but it is presented as a one-time thing to transfer a specific private file. If Wikileaks reused this password for something else, then it's pretty stupid of them.
It's quite odd. Certainly Assange is quite technically savvy -- he's a reformed (genuine) hacker -- after all. So I just can't imagine him re-using passwords. Similarly, I would have thought that he'd be enough of a control freak to, you know, check this stuff out himself.
I agree that this is a weird thing. From my reading it appears that the encrypted archive sent to the Guardian got out somehow and that combined with the password (recklessly) published in the book, the data can be decrypted to reveal the full unredacted archive.
There are some interesting considerations involved in what this means for distributing highly sensitive data to non-technical people. They apparently have no comprehension that a PGP-encrypted file is not like a web service where you can just go in and change the password in a jiffy -- as long as that file exists, the same password will work on it, forever. The rebuttal quoted indicates that WL said it was a "temporary" password, so it seems that via a misinterpretation at the Guardian, its editors expected the password to stop working on that file in a matter of hours.
It would be really interesting to see PGP files that were time-sensitive, and used passwords that only worked within X time. Does anyone know if something like that has been done?
What would have been a more secure way to distribute the archive? Only bundle 1000 cables at a time, each file with a unique password? Require journalists to view the files on premises at WL so that there was no loss of control on the data? Bundle everything up in a black-box .exe that self-destructed in x time (though, unless implemented carefully, this would still reveal private data once a competent person got a hold of it)? Why weren't these files asymmetrically encrypted anyway? Surely it is not very likely that the private key of a user would be published in a book or that a user would upload his private key to bittorrent. Lots of interesting possibilities here...
It would be really interesting to see PGP files that were time-sensitive, and used passwords that only worked within X time. Does anyone know if something like that has been done?
I'm not a cryptographer, but it seems to me like something of this nature is impossible without maintaining control of the decryption process. You could add a timestamp to the file, but the workaround would be to change your computer's clock or rewrite the decryption software. You would have to include a cryptographically-signed timestamp from a trusted time server in the en/decryption process. Once that signed timestamp is obtained, though, it could be distributed along with the password and a modified application that uses the stored timestamp instead of a live one from the server.
My knowledge comes from reading about failed DRM schemes and the comments of tptacek and cpercival, so I can only point out things that wouldn't work, not what will.
I can't imagine how you could build a foolproof (or more importantly, state-sponsored-team-of-experts-proof) time-limited system. Assuming the file is digital, and can be accessed freely, you can make infinite bit-identical copies and fiddle your system clocks to make it work.
You'd need some sort of physical real-time clock combined with the memory storing the material, which wipes it after
a given time. Maybe even a physical medium which degrades over time[3] could work, but that could be foiled by controlling the environmental conditions (inert gas atmosphere to avoid oxidation, cold temps to slow electron migration, etc).
My personal approach would be something like providing an incredibly locked-down laptop/netbook (https://grepular.com/Protecting_a_Laptop_from_Simple_and_Sop... would be a good start), but with additional physical security improvements (battery/big caps wired directly to HDD and RAM via a set of tamper switches[1], disabling all IO ports in software and filling them with epoxy / disconnecting internally) You could then wire in an RTC to the same system, as well as perhaps using a GPS receiver to verify the time (Yes, you could jam/spoof GPS signals if you knew to expect them, but that's still raising the bar).
One final approach would be to have some other trusted party/system which remains in your control, and have some challenge/response auth which you can disable/destroy after a fixed time.
To conclude, I can't see any way to build time-limited encryption without some external trusted authority or some trusted physical infrastructure.
[1] Not just physical switches, but as many things as you can come up with: Light sensors, pressure sensors (especially if you can gas-seal the enclosure and keep it at elevated/vacuum pressures), temperature to avoid cooling attacks, resistive/optic-fibre security meshes. Another amusing idea would be to use a GPS receiver to ensure that data can only be viewed from a given physical location[2].
[2] This gets used in _Distress_ by Greg Egan, although I'd thought about it myself long before reading the book.
The only way to time-limit data would be to find some kind of cryptographic function which can't be parallelized, requires a certain amount of work, and then make assumptions about the speed with which this could be done based on resources available to an attacker. You could at least set a lower bound for time given likely resources. I find it highly unlikely that even national technical means include general purpose reconfigurable logic much faster than 50x the open state of the art; if your problems keep changing, reconfigurable logic is going to be needed.
The key is to have lots of problems nested together, which must be solved in series.
Computers scale a lot better than people, so something which required a human to try to solve a puzzle to get a key, then use that key to decrypt the next puzzle, and so on, probably has better characteristics.
A trusted third party or tamper-resistant hardware is far more practical.
Indeed, it seems something like a dongle that kept its own clock would be required to implement this in a way that couldn't be circumvented merely by setting your PC's clock back. The firmware could wipe as soon as the clock in the device hits time X; if you distribute these close enough to X, even an experienced hacker would be unable to get around the deletion without destroying the whole device.
Alternatively, this dongle could contain the necessary private key to decrypt the file instead of the data itself, or another component required to unlock the data a la RSA SecurID.
I would be greatly interested to see relatively secure self-destructing USB sticks.
Obviously someone interested in copying the data at whatever cost will be able to do it, but that's not the use case pertinent to this story. This would not be designed to taunt your enemies, but rather ensure security of data in the hands of individuals who may not understand how to handle it properly.
The Guardian was operating under a grievous misunderstanding about the nature of the encrypted data, but from my vantage point I don't see that they operated out of intentional malice. If you are distributing data to compliant parties and just want to ensure a tidy cleanup to prevent mishandling or theft, something like this definitely could be useful.
Your only defense is compartmentalization. Segregate the data and encrypt each segment separately. Communicated the data and keys through separate channels to separate parties. Hope that, therefore, a compromise is limited to a single compartment.
You could also make decryption dependent upon a network connection (e.g. Adobe DRM, et al.), but with "the opposition" potentially in control of the network and/or able to compromise you physical security, and with the decrypted results readily copy-able (they always are, one way or another), this is probably more trouble than it's worth.
P.S. I didn't mean actually Adobe DRM; rather, just citing them as an example instance of such a thing (though, truth be told, I've never looked at how they do theirs, in detail).
You can read the Guardian's rebuttal here:
http://www.guardian.co.uk/world/2011/sep/01/unredacted-us-em...
Guardian's quote:
"Our book about WikiLeaks was published last February. It contained a password, but no details of the location of the files, and we were told it was a temporary password which would expire and be deleted in a matter of hours.
"It was a meaningless piece of information to anyone except the person(s) who created the database.
"No concerns were expressed when the book was published and if anyone at WikiLeaks had thought this compromised security they have had seven months to remove the files. That they didn't do so clearly shows the problem was not caused by the Guardian's book."