Today, WikiLeaks has issued a statement accusing the Guardian, a UK newspaper, of publishing a book that negligently divulged the password to an encrypted file circulating the torrents which contains the full unredacted text of all 250,000 U.S. diplomatic cables. While WikiLeaks ruminates on whether to publicly release the cables, it doesn’t really matter — the full cables are now public for all intents and purposes, and nothing can stop that. There’s a lot of blame going around, so I’d like to comment on the cryptographic facts in a way that should be possible for a non-technical person to understand.

The Guardian has released a statement which fires back:

[The book] contained a password, but no details of the location of the files, and we were told it was a temporary password which would expire and be deleted in a matter of hours.

Essentially, the Guardian is saying that they felt it was unnecessary to keep the password secret, since it was no longer of any use. I’m willing to accept ignorance here on behalf of the Guardian, but let’s be clear on the facts: there is no such thing as a temporary password on an encrypted file.

There are basically two things that a password can unlock: a login password unlocks a service; a decryption password unlocks data. For example, your Google password is a login password. If you change the password on your Google account, then you can safely tell the world what your old password was, and nobody will be able to get into your Gmail — Google won’t let you in without the new password. Now for another example, Microsoft Word has a setting that lets you put a password on a Word document. If you put a decryption password on a Word document, you can safely put it online and everybody will be able to download it, but nobody will be able to read it. Once you have given out the file, you cannot change the password, and it cannot expire. Now, you can give the password to a friend, and they will be able to read the document. But if your friend stupidly gives out the password, there is nothing you can do. You could delete the Word document off your computer, but it is likely that dozens of people have a separate copy of the document, which you cannot change or delete. They will all be able to read it using the now-public password, and if the story is juicy enough, it will certainly spread on the Internet.

So: Maybe Julian Assange shouldn’t have trusted David Leigh. Maybe he should have used a different password when he gave out other copies of the same file (just in case Leigh screwed up). But the fact remains that Leigh should never, ever, have disclosed that password, as it was a decryption password, not a login password. I am certain that Assange would never have promised that it was a temporary password, because that is a technical impossibility.