How interesting that they report an irrelevant hyper-detail (the password itself) but not the specifics of what "sophisticated encryption technology" that "GCHQ ... were unable to crack."
Also interesting that a password based on word-and-number games, an approach that has been criticized lately as vulnerable to new attacks using common password fragments, seems to have flummoxed the pros in this case anyway.
Here's one point that I think should be referenced more prominently, maybe in the headline somehow:
Police accessed the memory stick [as part of a counter-terrorism operation] and found it contained ... nothing relating to terrorism or national security.
That is: We convicted this guy of a crime for obstructing a terror investigation, even though he wasn't actually doing that. We used our special emergency terrorism powers to push someone around and make demands that were potentially impossible, but it turned out to be just another false alarm. Of course, the guy we pushed around is a certified scumbag and he doesn't look like the sort of white-bread upstanding citizen that most readers of the article imagine themselves to be, so we can count on you to not get too worked up about the whole thing.
> Also interesting that a password based on word-and-number games, an approach that has been criticized lately as vulnerable to new attacks using common password fragments, seems to have flummoxed the pros in this case anyway.
If you're talking about the Ars Technica article that showed that crackers are using common passages from books and movies, it's worth nothing that it's not some kind of issue with passphrases, just the construction of them.
It is not a bad thing to use a passphrase (the Ars article implied that by saying "your long password isn't safe either," or something to that effect.) It is a bad thing to use a passphrase that is not randomly constructed. It's just the same for passwords, and, indeed, cryptographic keys.
It's a numbers game. If it's not random, there's a pattern/bias. If there's a bias, an attacker can exploit that. If there's no bias--i.e. the words of a passphrase were truly randomly selected--then there is no method to crack it more effective than brute force.
This was not a special emergency power, this is simply a case of failing to comply with a court order the same as refusing to comply with a search warrant.
Also interesting that a password based on word-and-number games, an approach that has been criticized lately as vulnerable to new attacks using common password fragments, seems to have flummoxed the pros in this case anyway.
Here's one point that I think should be referenced more prominently, maybe in the headline somehow:
Police accessed the memory stick [as part of a counter-terrorism operation] and found it contained ... nothing relating to terrorism or national security.
That is: We convicted this guy of a crime for obstructing a terror investigation, even though he wasn't actually doing that. We used our special emergency terrorism powers to push someone around and make demands that were potentially impossible, but it turned out to be just another false alarm. Of course, the guy we pushed around is a certified scumbag and he doesn't look like the sort of white-bread upstanding citizen that most readers of the article imagine themselves to be, so we can count on you to not get too worked up about the whole thing.