You are reducing the OP's point, which is rather important, to silly analogies about intent. The OP's point is also why, for eg., many govts' attempts to ban encryption are stupid because you cannot outlaw math. Which is why the legality of both having and breaking encryption needs to be detached from intent.

OP's point is that cracking passwords is a form of art, so Assange should be able to claim cracking a DoD Administrator password was a performance of art and thus legal. It's not an important point, it's a silly one.

>many govts' attempts to ban encryption are stupid because you cannot outlaw math

Huh? You can outlaw math. It'd be a stupid idea and quite hard to successfully enforce, but you can outlaw it.

>Which is why the legality of both having and breaking encryption needs to be detached from intent.

This does not make sense at all. Otherwise there would be no legal difference between using a battering ram to break into someone's house and then claiming it was research for materials testing. It also comes down to privacy and property rights.

Case law is well settled in the physical door locks space which also applies pretty well to the digital space with a good balance between research and not breaking into others property. It's perfectly legal to crack your own NTLM hashes, and those of which you have permission to. Imagine someone going around with a saw sawing up doors and then claiming it was their right because the doors weren't properly secured and made of 12 inches of reinforced steel.

Sure, and that's why intent is important. I fully understand encryption being fully legal, but I don't seen any benefit to legally being able to crack/decrypt other's information without their permission and knowledge, against their will.

This has zero implications on crypto-research because it's always legal to try your cracking on your own encrypted data, or on others' data with their permission, like public challenges. What good will it do to extend it to everyone encrypted data?

There are also privacy and property rights issues at hand. Should you be able to crack someone's private key and impersonate them without legal issues?

Reducing something to its basics and then claiming it should be legal by ignoring the real world consequences like the GP was doing is disingenuous.

> benefit to legally being able to crack/decrypt other's information without their permission and knowledge

>privacy and property rights

This is precisely the issue with DMCA. It is illegal in the US to decrypt a DVD/blu-ray etc (for reference, see why fedora cannot play dvds). So what should have been a reactive law against piracy is now a proactive prohibition codified in law. That's why, laws around encryption should decide on the actions after the fact. You can then use existing law on the actions and encryption is out of the picture. In this case, the actions would be protected by free speech and other protections afforded to journalists.

You can’t break and enter and then claim that it was legal because all you did was read documents you used to write a New York Times article.

Indeed, actual journalists have ethics departments that help ensure they don’t step over the line from accepting information gained illegally into encouraging people to commit illegal acts to get them information, and if they commit illegal acts to get information that is always a crime. It’s not even a grey area here.

"Breaking and entering" is a well defined thing in the real world. It does not extend well to digital stuff, and if you go down that road, you end up with the failure to decrypt DVDs. There is no digital property per se. It's just a proxy for other things. So decouple the two. There is no breaking and entering in the digital world. There are just actions you take after the fact, and you can rule on the actions.

If you use someone else's credentials to log in as them then you are breaking the law, even if you didn't have to crack the password. I feel like this is very clearly defined. It's just like if you steal someone's purse because they set it down without securing it. It doesn't matter how easy it was or if you consider your act "art", it's still clearly breaking the law and easy to understand why it's illegal.

> Are you deeply uncomfortable with the thought of govt jailing you for literally doing nothing?

Yes? I’d be concerned for anyone who isn’t. And to be clear... he didn’t crack it. I’ve run password hashes through rainbow tables for shits and giggles. Should I be dragged out of an embassy next?

Sorry if I was unclear, that quote is in continuance of the earlier line, full argument:

>Isn't running into and maiming a pedestrian while driving a car at a traffic crossing a matter of actually doing nothing instead of braking? Are you deeply uncomfortable with the thought of govt jailing you for literally doing nothing?

>And to be clear... he didn’t crack it.

Attempting to commit a crime is a crime even if you failed at it.

>I’ve run password hashes through rainbow tables for shits and giggles. Should I be dragged out of an embassy next?

People shoot at the range all the time but are not prosecuted. But gun murderers are. Dont you see the difference?

Were you cracking an Administrator password of the United States Military protecting classified war logs with an intent to distribute them to the public?

Just because we don’t usually get prosecuted for something doesn’t make it legal.

But that usually means there is a problem with the law in either enforcement(insufficient or only existing to be abused via selective enforcement) or basis(it shouldn't be illegal in the first place).

How did you get those hashes?

What did you (intend to) do with the resulting passwords.

Luckily, intent still counts for something legally.