Even Russian spies have absurd password requirements

Security by on June 30, 2010 at 10:48 pm

From this fascinating CNET article on a few of the techniques that the Russian spies used to exchange data:

…the steganographic program was activated by pressing control-alt-E and then typing in a 27-character password, which the FBI found written down on a piece of paper during one of its searches.

While online passwords never need to be this complex - centralized management can prevent brute-force attack. Arguably, longer passwords are more important for local software (that can be stolen, then brute-forced). In fact, the leading theories on the ‘cracking’ of the wikileaks video suggest that they brute-forced the password that unlocked the encrypted contents.

A 27 character password certainly makes brute-forcing the password impossible. But human nature, even to extremely well-trained spies is to write things like this down.

1 Comment

  1. Henry Guibord — November 3, 2010 @ 9:02 pm

    I don't know why they wouldn't have just used a memorable phrase if that was the case – surely it is easier to remember a passage from a novel (maybe even switching out every third letter) than it would be to write down the password.

    It sounds rather suspicious and it may even be the case that they released a story about the password being written down to disguise their real source for the password… or maybe that's my tinfoil hat talking.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License. | Dave Naffziger's BlogDave & Iva Naffziger