Cracking the remaining FOIA2011 all.7z file

7-Zip There’s an embedded archive file called all.7z which contains thousands of additional emails and files.

The 7zip archiver in which this is stored uses 256 bit AES encryption. It’s a tough nut to crack.

“FOIA” chose this most likely because there are no effective tools for 7zip, while there seem to be many for standard .zip and .RAR files.

From their website: http://www.7-zip.org/7z.html

“7-Zip also supports encryption with AES-256 algorithm. This algorithm uses cipher key with length of 256 bits. To create that key 7-Zip uses derivation function based on SHA-256 hash algorithm. A key derivation function produces a derived key from text password defined by user. For increasing the cost of exhaustive search for passwords 7-Zip uses big number of iterations to produce cipher key from text password.”

The password can be 2047 or 8191 characters long, depending on your operating system.

I’m doubtful this password will be cracked anytime soon, maybe DoD could do it. Chances are that “FOIA” chose a very long password, that could take years to crack by a brute force attack.

“FOIA” is holding this in reserve, making it known that it is there, ready to pull the firing pin. I expect we’ll see it sooner than later as the reaction so far from RC and the Team is continued arrogance.

Julian Williams in Wales has an interesting take:

Maybe the passphrase is so complex to be uncrackable; is that possible? Surely after having sat on this material for two years FOIA would have made a decision how he is going to play this, and it just makes no sense to put most of the material behind a crackable passphrase.

But supposing he then sent the passphrase to Phil Jones and M Mann with a threat; Resign now, get the hell out, otherwise this passphrase goes online to the general public. That is a strategy that might push FOIA’s enemies out without completely disgracing the “scientific community”

Just another way of looking at what might motivate FOIA.

About these ads

244 thoughts on “Cracking the remaining FOIA2011 all.7z file

  1. Putting an encrypted file out has a big benefit for the whistleblower — it enables him/her/them to delete the file from their servers, while being secure in the knowledge that the file will be kept safely by those wanting to know what’s in it (which is now hundreds, maybe thousands of people..

    AES-256 — forget about it. Unless they chose a trivial password, it is unbreakable in any practical sense.

  2. I feel flattered that I might have contributed a useful thought to WUWT after many years of being a big fan of your wonderful publicly spirited and important site.

  3. There is a project, wondering around somewhere, throwing brute force attacks at a 128bit passphrase, using a supercomputer, I think. They’ve been running for a couple of years now. They might have a chance. They’re expecting to break in sometime in the next 100 years. :) But 256 bit is a bit fair dinkum.

  4. Yep – “password” don’t work

    I have 3 crack routines running already – two brute-force, and one a dictionary derivative – and yes one is RARCRACK !!

    Not holding my breath though – could take 100 years !!!!

    Hope the FOIA puts me out of my misery sooner rather than later

    Andy

  5. Try to force someone to resign? To what end? They’ll likely be replaced by the appropriate sycophant, with no real change in direction.

    Only foia knows for sure what he’s got up his sleeve.

    One thing for sure. Now that the protected file is out there, all he has to do is send out the password whenever it suits him.

  6. Bruce says:
    November 22, 2011 at 4:33 pm
    “Has anyone tried password?”

    If he used the Big One (8191 characters long), he could have just typed “password” 1024 times.

    Somebody try that and see if it works.

  7. Interesting – there’s already a README in the archive, but it’s also encrypted. I was hoping for a note left unencrypted with a teaser. Oh, well. It’s only a matter of time. I just hope it isn’t another 2 years.

  8. I love how we are all making stupid suggestions to try. It’s actually making me laugh out loud as I read them :D

  9. Well, I tried ‘hidethedecline’. It ran of course but simply told me that all the files were corrupt. So no joy there – but worth a go. :(

  10. There may or may not be useful information behind the password. The password may or may not be complex. The motives of leaker are unkown.

    So. What do we know?

  11. 123456 worked well in Spaceballs .. and some of the players in those emails strongly remind me of President Skroob, too.

  12. “allyourbasearebelongtous”

    “Thesearenotthedroidsyouarelookingfor”

    “Itsatravesty”

    “Itsworsethanwethought”

    “Teamworkpaysdividends”

    “Ifionlyhadabrain”

    “Hidethedecline”

    “Comtraya”

    “Itstheendoftheweatherasweknowit”

    Hey, I’m just trying to help.

    :)

  13. Sorry I should have posted this here.

    G. Karst says:
    November 22, 2011 at 4:35 pm

    What was the phrase used by the original climategate leaker? I think it was something like:

    “A miracle has happened”

    Anybody else remember it exactly? That’s the passphrase, I reckon. I don’t have the zip file so I can’t try it. GK

  14. I would like for all the folk out there to make it known to the ‘Leaker’ that this is rather intolerable, and pointless- perhaps making the ‘leaker’ out to be some kind of glory seeker, or worse, an extortionist in the wings?
    No – I mean, seriously? Thinking logically, this person is not doing themselves any favours with this stunt. Either the hidden emails are ‘gold’ or they are worthless cr*p – either way, leaving the world in suspense is not doing anything for their credibility – in my opinion, anyway.

  15. There are Cracks available, it will depend on the key encryption though – in work at the moment but will give it a go using a few options later.

  16. You only get 256-bit encryption if you type in a 64 byte/characters long phrase, you get only 128-bit with a 32 byte phrase, you get pretty much nothing with an eight byte long phrase.

    Usually phrases that people put in are the bare minimum to remember. But then again even a four byte phrase get tricky for the native english speaking crowd if it’s not in english. :p

  17. “But supposing he then sent the passphrase to Phil Jones and M Mann with a threat; Resign now, get the hell out, otherwise this passphrase goes online to the general public.”

    Sounds like the plot of a Dan Brown novel..

  18. I’ve written a rather elegant computer model of the 256 bit AES encryption. Of course I’ve had to simplify it somewhat and assume that all but 2 of the 8191 characters are fixed constants. I’ve made a number of runs and the results show the password is worse than we thought. I’d like to publish but am looking for a few good team members to join me first to help beat off the (explitive)jerks who will surely emerge to challenge these results.

    Anybody want to join my team?

    /sarc

  19. But supposing he then sent the passphrase to Phil Jones and M Mann with a threat; Resign now, get the hell out, otherwise this passphrase goes online to the general public.

    I certainly believe there is an “or else” reason for releasing the larger encrypted file. Hidden in that file could be explosive material having nothing to do with climate science for all we know. But there was a reason for releasing the entire file and it implies to me that someone besides the person who had control of the file has been given the passphrase as “insurance”.

  20. Suggestion to FOIA.org person/persons: how about revealing just part of the passphrase, to sort of start the clock running out on Mann et al as we work to break the remainder of the phrase?

    Pretty please?

    .

  21. “Leon Brozyna says:
    November 22, 2011 at 4:44 pm

    Try to force someone to resign? To what end? They’ll likely be replaced by the appropriate sycophant, with no real change in direction.”

    I agree Leon, but lets think a stage further

    This guy who release these 5,000 emails has another 220,000 in a file locked with an unbreakable password. He/she/they have put it all online and now all they have to do is publish the password, but they are holding back. Why?

    Option 1 He has shot his bolt and there is not much else in the remaining emails, but keeping some back maintains the pressure – I don’t buy it
    Option 2 He is waiting for something to happen in return for not releasing the passphrase.
    Option3 ?

    Interestingly he has timed Climategate 1 ahead of Copenhagen and Climategate 2 ahead of the Durban conference. There is a pattern here; they obviously do not like these conferences. They indicate they think the warmists are impoverishing the poor, so there is reason to want to upset the conferences

    Has anyone noticed a pattern in the way he/she/they have selected what they have released?

    I can think of any number of things he/she/they are waiting for.

    My guess is someone has been told what is demanded of them. Maybe Phil Jones and M Mann, or the UEA authorities have in some way been contacted and told what is expected of them. Otherwise it makes no sense.

  22. I think it’s cool.
    The whole ‘password quest’ could give this thing a completely different set of legs – and draw more attention to the debate than would otherwise have happened.
    People love a mystery – and this has now become regular treasure hunt!

  23. JonasM says:
    November 22, 2011 at 4:46 pm

    Interesting – there’s already a README in the archive, but it’s also encrypted. I was hoping for a note left unencrypted with a teaser.

    Yes, that is interesting indeed. It seems that if FOIA put a README in the encrypted archive, he must intend that it will be read at some point in the future. The only way it is going to be read is if he releases the password. So, evidence suggests FOIA does intend to release the password.

  24. I’m thinking “The Leaker” is just giving the Climate Criminals some time to braid more rope to hang themselves with. Think about it, they’ve already proven themselves incorrigible liars, malicious slanderers and libelers concerning everything that’s happened over the last 20 years, much less what the original Climategate files revealed a mere two years ago. He’s letting them roast on the spit for a few days, while they furiously try to remember what they typed to each other and preemptively “deny” that there’s anything damning in the locked files. Then, after all of the major Warm Mongers have had a chance to go on record (again) as to their “innocence”, he (or she) simply unlocks the code to reveal the criminal behavior that we already know is there.

    Think of it as a sort of “trailer” to a “Whodunnit” movie. Anyone want some popcorn? ;-)

  25. I have a truly marvelous solution to decrypting this, which this comment box is too narrow to contain.

  26. One thing to consider: Does 7zip recognize Unicode characters? That would make it next to impossible to crack (not that it was easy before).

  27. While the actual file contents are inaccessible, we can see the names and sizes of the files.
    Analysing their distribution compared to already released files might give a clue, whether there, in fact, are any more real e-mails or just randomly generated data to fool people think so. ;)

  28. Julian Williams in Wales says:
    November 22, 2011 at 5:16 pm

    Good points all and I suppose we may never know for sure, unless foia releases the password, especially in a couple weeks or so.

    Expecting any change from an arrogant academia is almost laughable … look at Penn State and how they tried to bury something even more explosive as pedophilia. And I don’t see any major course correction happening at Durban … too many people have too much invested in their beliefs to make a major change.

    Only foia knows for sure what’s hidden and … so far, at least … he’s not talking.

  29. Has anyone tried “Hide the decline” ? Maybe a dictionary of climate science – related phrases? Principle Component Analysis, Hockey Stick, …

  30. “B.C. says:
    November 22, 2011 at 5:32 pm

    I’m thinking “The Leaker” is just giving the Climate Criminals some time to braid more rope to hang themselves with. Think about it, they’ve already proven themselves incorrigible liars, malicious slanderers and libelers concerning everything that’s happened over the last 20 years, much less what the original Climategate files revealed a mere two years ago. He’s letting them roast on the spit for a few days, while they furiously try to remember what they typed to each other ……………………………………”

    If they were that malicious they would not have been able to contain themselves for two years, doing nothing much whilst the whitewash went on. When you are that malicious person you cannot just sit back with pulling a leaver or two to punish your victim and watch them squirm. (unless this has been going on behind the scenes) IFOA are very cool. They have not drained this story for malice, they have played it straight and definately have a strategy and expected outcome. (in my opinion)

  31. My wife insists on opening one present on Christmas Eve. As a traditional kind of guy who can wait until Christmas morning, I always balk at this, but, am overruled by everyone else in the family. I think if they had their way they would open all their presents on the Eve.

    My best guess is the password will be released in coordination with Durban. This first group of emails is the Christmas Eve present teaser.

    Twas the night before Durban and all through the house…I’m sure we’re on Santa’s good list…just have patience kids.

  32. Someone needs to setup a website that will allow you to enter your guess, and the page will try the password to see if it works. I would give it a few tries.

  33. “Option3 ?”

    Insurance against the person controlling the files being arrested or otherwise forcibly silenced. The key would be in the hands of a third party with instructions to post it should anything happen to the person controlling the file release.

    Maybe life insurance.

  34. Jeff in Calgary says:
    November 22, 2011 at 6:08 pm
    Someone needs to setup a website that will allow you to enter your guess, and the page will try the password to see if it works. I would give it a few tries.

    I’ve already got a few entries above.

    Maybe also:

    “Wedontneednostinkingpassword”

    “Itisatreeringcircus”

  35. Remember that this could be a more general email archive and that the files released to date are mostly on the subject of climate but there could be a lot more. One might gain an idea of how much more by looking at the size of the previous email dump plus the size of this batch of unencrypted email and getting an idea of how much more remains by seeing how much larger the encrypted blob is (assuming the encrypted bunch is a superset of what has been released to date).

    For example, lets say there is email in there about a relationship infidelity or shady financial dealings. Maybe one might not want that archive to see the light of day. The point is, that there could be email in there on nearly any subject.

  36. Does FOIA stand for Freedom of Information Act? – that is an interesting idea because that phase can have two meanings in English.

    1 – “The Freedom of Information Act” was passed into law in the British Parliament in 2000 – the law Phil Jones despises

    2 freedom of information act 2011 – an act for freedom in 2011 – which maybe what they are doing – Liberating science from the yolk of corruption and conspiracy.

    Clever? Does anyone think this is why this appellation was chosen

  37. This needs to be crowd sourced. Have multiple people brute forcing with various start points and lengths of digits.

  38. I suspect it has been designed to be cracked and the READ ME text contains the passphrase; that way when unlocked there is deniability by the people who set it up.

    I cannot but note that many have commented on the unusual punctuation. Perhaps the correct punctuation is the key here.

  39. “Cardin Drake says:
    November 22, 2011 at 6:37 pm

    Is it possible that whoever “obtained” the file received it in it’s present form and does not know the password?”

    If the file was downloaded from a “secure server” it is unlikely that the users would have wanted to use a 8000 digit password. Such a longwinded papsword would be hell to use and only useful if it is protecting files in teh direct line of fire. (which appears to be why it has been chosen – that points to FOIA2011 putting the lock on)

  40. Power and control is lost when the levers are released. FOIA retains control so long as it retains some emails even if the emails contain no damming content. FOIA wishes to retain control. The power to move the discourse from the climate-IPCC narrative to the narrative of conspiracy by the climate scientists serves EVERYONE except the climate science liars. This is done by holding back ostensibly blockbuster information.

    I hope many of the emails are never released. It is due to the tantalizing nature of the email, the press is turning to the salacious nature of the back story. I blame Mann and Jones et al for creating the Peyton Place in the first place. They created this media monster and I want it kept alive…. eventually all we will have left is monster and people will equate the word climate to sleeze and forget about AGW..

  41. Lucy Skywalker says:
    November 22, 2011 at 5:39 pm

    G. Karst

    A miracle just happened

    Thank-you so much. Did you try the phrase? I still don’t have the zip to try it? GK

  42. Why all the hurry to get at the remaining e-mails? Why not just let us enjoy this second batch first and give them a good going over. And then we can get on to the other 200,000 or so.

  43. I am glad he/she did this.

    We know this many headed monster just won’t die so there is now more ammo in reserve. We certainly needed Climategate II at this time.

  44. Jeff in Calgary says:
    November 22, 2011 at 6:08 pm

    Someone needs to setup a website that will allow you to enter your guess, and the page will try the password to see if it works. I would give it a few tries.

    That is a great idea. A large number of people trying phrases would represent a new form of “brute force” cracking.

    Some organization offering a splashy prize could also be effective. What fun! GK

  45. I think I have it:

    Youknowwhathappenedbeforecoenhagenandnowyouseewhatscomebeforesouthafrica,doyoureallywanttoplananymoreofthesebigwarmistmeetings? Really?

  46. “But supposing he then sent the passphrase to Phil Jones and M Mann”

    It might show up in an email FOIA response. :-)

  47. The password can be 2047 or 8191 characters long, depending on your operating system.

    8191 or 8192? I notice that one email is exactly 8192 characters in length. Wonder if that is the key for the rest: 3683.txt

  48. Hi Anthony,

    I don’t usually comment here, just read. I’m not a scientist, but I’m also not an absolute idiot who forgot my Biology 101 when I was a kid… so yeah, I don’t believe any of this AGW stuff.

    Anyway, I am vastly experienced in the ‘Dark Arts’ (lol) of computer science. This might be my opportunity to contribute to the struggle and out this scam.

    Can’t promise anything as I will need to examine the said zip file.

    Thanks

  49. Ooooh this FOIA guy is a sly one. I think I just figured out his game.

    Question: Who is sweating bullets right now trying to figure out what else is in those encrypted files and how bad it might be?
    Answer: The Team
    Question: How do you systematically break an encryption key?
    Answer: A brute force attack which requires…supercomputers.
    Question: Who has lotsa supercomputers at their disposal?
    Answer: The Team

    I’m betting the WE are going to be up all night reading the dirty slimeballs’ emails and mocking the feeble attempts of trolls to defend them. THEY are going to be up all night trying to break that encryption key.

    I wonder if it actually is more emails? Or just an obscene taunt?

  50. G. Karst A miracle has happened. Tried and and confirmed, also independently by Lucy Skywalker. A miracle has happened indeed.

    Extracting now …

  51. Since you need long password, it may be a phrase or quote related to climate change. Could be something in the original leak two years ago.

  52. Fascinating speculation.

    One aspect I’ve not seen discussed is whether FOIA might be not an individual leaker but a government agency, say from India or China, working with data hacked or purchased through espionage channels.

    Given that the CAGW issue potentially involves tectonic geopolitical shifts and trillions of dollars in economic value, we ought to consider what the interests of various governments may be in this.

    Thanks to everyone for the interesting comments.

    Ken in North Dakota

  53. The filenames seem to be Unix timestamps (seconds elapsed since January 1, 1970) like in the first batch.

    The first one is
    636048969 = Mon, 26 Feb 1990 16:16:09 GMT
    which is an offlier (perhaps a placeholder, server test mail or something like that).
    The next one is
    826300921 = Fri, 08 Mar 1996 16:02:01 GMT
    and from then on the stamps are spread somewhat continuously until the last one,
    1258124051 = Fri, 13 Nov 2009 14:54:11 GMT.

    Interestingly, the the oldest email of the first batch is 0826209667.txt whose stamp resolves to
    826209667 = Thu, 07 Mar 1996 14:41:07 GMT
    which is older than the oldest in this encrypted batch. That could imply that it is not a superset containing already released emails. But matching filenames and sizes to released ones can confirm if this is true.

  54. Perhaps my post above wasn’t clear. G. Karst has posted the passphrase (a good guess?) to the All.7z file. A miracle has happened
    I’m still extracting so can’t see content – yet.

  55. Just because the file we see is 7z doesn’t mean the contents are. You can 7z a crypto file or several. My SWAG is that there are several files inside each with their own crypto maybe even totally different ones like truecrypt.

    I use truecrypt for my work and home so I’m not too familiar with 7z but 256 isn’t that much but AES with 8k+ chars to work at ….. well hope those quantum computers come online soon. Which brings me to an interesting thought. As Moore’s law continues the time for even that much crypto to remain unbroken is finite. That has got to weigh on the minds of those involved.

    “Please not while I’m alive” is a phrase I’m sure is being muttered by certain individuals.

  56. Do you remember how long it took the MSM to absorb the original emails? At least 6 to 8 weeks. And then the denials …

    It wasn’t until the general public were ridiculing the press that the MSM starting to come clean. I wonder what will happen this time? It will be interesting to watch.

  57. Looked for a few files from 2009 batch and found none.

    Of course, it would be stupid of FOIA to leave them in the encrypted file, as it would make a cracking effort a lot easier when there is exact, known result data to compare to.

  58. crosspatch says:
    November 22, 2011 at 7:19 pm “8191 or 8192?”

    You probably noticed that 8192 = 2^13

  59. I’m still surprised that no one has yet completed the task of saving the MIME-encoded files from the emails. Many emails have them embedded in the text.

  60. In 7z help file under ‘Format’ it reads,
    Here is an estimate of the time required for an exhaustive password search attack, when the password is a random sequence of lowercase Latin letters.

    We suppose that one user can check 10 passwords per second and an organization with a budget of about $1 billion can check 10 billion passwords per second. We also suppose that the processor in use doubles its performance every two years; so, each additional Latin letter of a long password adds about 9 years to an exhaustive key search attack.

    The result is this estimate of the time to succeed in an attack:

    Password Length Single User Attack Organization Attack
    1 2 s 1 s
    2 1 min 1 s
    3 30 min 1 s
    4 12 hours 1 s
    5 14 days 1 s
    6 1 year 1 s
    7 10 years 1 s
    8 19 years 20 s
    9 26 years 9 min
    10 37 years 4 hours
    11 46 years 4 days
    12 55 years 4 months
    13 64 years 4 years
    14 73 years 13 years
    15 82 years 22 years
    16 91 years 31 years
    17 100 years 40 years

  61. I’m delighted, but before anyone starts up, It WAS logical, but a guess, none the same. I wonder if this upsets FOIA’s masterplan OR did he plan on somebody guessing the key. Wheels within wheels. Please try not to involve me in any conspiracy theories.GK

  62. crosspatch says (November 22, 2011 at 6:19 pm):
    > “Option3 ?”
    > Insurance against the person controlling the files being arrested or otherwise forcibly silenced.
    > The key would be in the hands of a third party with instructions to post it should anything happen
    > to the person controlling the file release.
    > Maybe life insurance.

    I think that crosspatch is probably right. Foia is probably afraid for his life, so he is making sure that The Team has an interest in keeping him alive, rather than wanting him dead. That would explain why he’s publicly promised that he will not release the rest of the emails.

    Unfortunately, that probably also means we’ll never know what’s in that archive — unless The Team is stupid enough to bump off Foia anyhow.

  63. G. Karst says: November 22, 2011 at 8:04 pm

    If you really did bust it, the key was not only logical, but it is a little too obvious.

    It was meant to be opened.

  64. I think Julian Williams is dreaming. It is not productive to play the maybe or what if maybe game. I think it unwise to release to much all at once anyway. The damage to science was done years ago. The damage to these boys and they are boys acting badly, will ultimately be of their own making.

  65. Tom in Texas says:
    November 22, 2011 at 8:11 pm

    G. Karst says: November 22, 2011 at 8:04 pm

    If you really did bust it, the key was not only logical, but it is a little too obvious.

    It was meant to be opened.

    I hope your right. I may have caused a premature discharge. No matter, full disclosure is all that really matters… isn’t it? GK

  66. Releasing an encrypted file of emails is something the media can understand and people love a mystery. This will keep it in the media for days if not weeks. Very clever of FOIA.

  67. A thought struck me. Maybe the pass phrase is in the readme.txt file we can read. The first part before ‘/// The IPCC Process ///’ is about 800 characters long, or 6400 bits, which would make a dandy password!

    Also, it could be that the 5K readable emails are the last of the CRU batch, and the encrypted files are perhaps from another source that as yet does not realize it has been compromised. My first suspicion for a new source would be the IPCC servers. If FOIA.org is really good, it could also be from, say, Jim Hansen’s GISS operation or how about Michael Mann’s department servers! I know that there has been no evidence that servers other than UEA’s have been attacked, but one can think out loud…

  68. I have discovered the password which this reply box is too small to contain.

    haha. I just wish the developers of 7z had a backdoor subroutine to access any zipped file. I’ll throw in a case of beer if they would give us the password.

  69. For anyone seriously interested in cracking this file, the old days of strong passwords taking years to crack are done and dusted. There are various GPU based cracking programs out there now;

    http://blog.zorinaq.com/?e=43 & http://www.golubev.com/blog/?p=166

    The above two links go to Whitepixel 2 and lghashgpu. Both of those programs can leverage the parallel processing of modern GPUs to get over 30 billion password hashes per second. Whitepixel is open source, I believe the other is as well. Anyone with moderate programming skills should be able to adapt one of these projects to work with the 7zip format.

  70. Don’t forget the law enforcement aspect of it.

    They want to know what is in it also. There is evidence inside that file… and probably even better evidence in the readme file.

    Which one do you think they will try to break first?

  71. The naivety of commenters here today is beyond idiot level.

    crosspatch says: “Insurance against the person controlling the files being arrested or otherwise forcibly silenced. The key would be in the hands of a third party with instructions to post it should anything happen to the person controlling the file release. Maybe life insurance.”

    That’s exactly it. The AGW scam is worth $US 100 billion. If certain parties figure out who the leaker is, he/she will be assassinated ASAP. The best protection is exactly what crosspatch has figured out. Do I need to also point out that cracking the encryption key and bragging about it here in public could cost someone his life? THIS IS NOT A GAME!

  72. Dyspeptic Curmudgeon comments at Volokh.com:

    On another note, it will be interesting to find our whether ALL of the Mann emails disclosed in this batch, have previously been disclosed in the UVa and Penn FOIA requests, and have been listed in the documentary disclosure in the B.C. defamation case. Just curious….

    That makes strategy much more interesting for Mann and his lawyers.

  73. Julian Paul Assange? Or one of the 67061 anagrams?

    Sailplane Sauna Jug?

    Or how about…’there will be no carbon tax under the government I lead’

  74. The AGW scam is worth $US 100 billion.

    Its worth a lot more than that. Probably in the region of a $trillion per annum.

    At least $10 trillion since its inception.

    $US 100 billion is probably about right for the money that has flowed to scientists.

  75. @Nick
    November 22, 2011 at 4:38 pm
    There is a project, wondering around somewhere, throwing brute force attacks at a 128bit passphrase, using a supercomputer, I think. They’ve been running for a couple of years now. They might have a chance. They’re expecting to break in sometime in the next 100 years. :) But 256 bit is a bit fair dinkum.
    ++++++
    I know someone very well who helped build a computer that can crack a 1024 bit encryption in about 3 hours. It would take about 15 billion years for a good desktop to do the same thing. I think it will not take long for a distributed effort (as suggested by tesla_x) or someone with night duty at a national lab to open the can. Will it be a can of air, worms or a Jack-In-The-Box?

    It might even have a back door. I suspect it has multiple files inside with perhaps 5-10,000 mails in each, sequentially locked. If it takes 6 months to open, it will take another 6 months to open the next batch and so on.

    The releaser has had time to collate them into a series of revelations, each of which will entice the guilty to paint themselves further into new corners. After a period of coverups, the next batch will reveal the new perfidy. And so on. At some point, one of the Team Rats will fink on the Pack and reveal how far and wide the manipulation goes. You can bet your boots that UK’s upper crust is in this up to their eyes because of the unimpeached whitewashes they have managed to construct on such short notice. As always, follow the money.

    Enough to make you sick yet? Feeling a little green?

  76. After a period of coverups, the next batch will reveal the new perfidy.

    But as time passes, these emails become ancient history. At some point the release of what people were talking about in 2003 or 2009 become less interesting. So there is some sense that the product in the encrypted file is “perishable” in that it becomes less relevant as time passes.

  77. Mmmmm…..
    Has to be a rational sequence of numbers and/or letters. A random sequence would be open to error in use.
    How about Perfect Number sequence?
    6,28,496,8128, etc
    Of course, Douglas Adams may have been right and the answer is 42

  78. This one is interesting, maybe, I don’t know:

    from: Tim Osborn
    subject: Re: FTP server
    to: CRU Computing Support

    Hi Mike,
    in looking further afield than just my files, I see some other files that are no longer
    needed. Please can you delete:
    [1]ftp://www.cru.uea.ac.uk/people/craigwallace/ folder and its content (an old word doc) as
    I know these aren’t needed any more.
    I’d also guess that
    [2]ftp://www.cru.uea.ac.uk/people/davidviner/ folder and its contents can go (files all
    dated >8 years ago).
    Effie’s folder is also empty.
    mickkelly contains only holiday snaps!
    Cheers
    Tim
    At 10:10 31/07/2009, you wrote:

    Dear all,
    After the recent problems with ClimateAudit, Phil has asked for all
    unnecessary files to be purged from the FTP server
    .
    You have a directory in /cru/ftp1/people. Please could you take a look
    to see what files need to remain there?
    If you would like assistance with this, let me know.
    Please confirm by email when you’ve done it, so I can cross you off the
    list.
    thanks
    Mike

    So what were “the problems” with CA? Someone got unauthorized access to something?

    REPLY: See “the mole” CRU left open files laying about, CRU thought they’d been hacked. Idiots – Anthony

  79. “THIS IS NOT A GAME!”

    Indeed. Hansen has over a million dollars of income just in giving talks on the subject as only one example of many. “Accidents” can be arranged in many parts of the world for a tiny fraction of that amount. There are entire industries at stake here and the investments of a lot of politicians and their kin. There are six figure careers on the line of very highly politically connected people. If AGW is debunked, there are a lot of powerful people who could face disgrace and financial ruin.

    This certainly is not a game to many people, it is their entire life.

  80. “”Crispin in Waterloo says:
    November 22, 2011 at 11:02 pm “”

    The intellectual capacity of “the releaser” must be awesome to be able to decide such a release sequence. To be able to understand the relevance of groups of emails within the overall context of “Climategate” indicates to me a person well positioned in the climate science hierarchy. Be a usefull fellow to have on your team, any team.

  81. Woohoo! I think i’ve cracked it – its none other than Prof. Stephen Falkens son’s name!

    What was it?

    Would you like to play a game?
    1. Tic-tac-toe
    2. Chess
    3. Hide the decline
    4. Global Thermonuclear War

  82. George Turner says:
    November 22, 2011 at 6:22 pm

    Has anyone tried downloading the 7-zip password cracker that is used when you forget the password to your 7-zip archive?

    Only works with numbers (no letters) and non-encrypted archives.
    all.7z seems to be AES-256 encrypted.

    No chance.

  83. Kev-in-UK is right:
    ‘No – I mean, seriously? Thinking logically, this person is not doing themselves any favours with this stunt. Either the hidden emails are ‘gold’ or they are worthless cr*p – either way, leaving the world in suspense is not doing anything for their credibility – in my opinion, anyway.’

    Added to that if he/she (why the male assumption :o) is really concerned with the ethics of this the longer it goes on the more people die at the hands of this nonsense.
    It is estimated in the UK alone this Winter an EXTRA 2,700 elderly people will die because they can’t afford to heat their homes because of the green taxes, people are starving the world over because it is deemed ok to put food into fuel tanks instead of into people’s mouths, animals are having their habitat cut down in order, again, to plant bio-fuels; if they really cared surely they would want this to come out as soon as possible!

  84. I’m not sure this effort needs as much brute force as it would seem. Think logically as FOIA would. You don’t make up a password on your own because writing it down incorrectly and/or misplacing it is too risky. You want these emails to be read eventually. So, you use a password that you can access at any time without chance for error. I suggest as others have suggested that the password is some combination of characters from one or more released emails. My belief is that the passcode is contained within one email so that all FOIA then needs to do is copy/paste from an email into a password.

  85. It’s a trap!!!
    It’s a trap!!!
    According to my models, the computing power required to crack this file might raise the planet’s temperature by no less than 6°C.

  86. Try: “Mellon” or maybe “Ennyn Durin aran Moria. Pedo mellon a minno”
    Say “Friend” and enter the gates of Moria. . .
    :)

  87. FOIA has said that he/she/it [delete wichever is inapplicable] has said that they will not be releasing the pass phrase. Implication: it’s guessable; my guess is that we’ll all slap our foreheads when it’s revealed. Also, it will be something that you don’t have to remember; the Internet will “remember” it so you can copy and paste the passphrase from a Google search. Think of something like the first paragraph of the US Consitution. This is a game that keeps the story newsworthy. And it’s fun :-)

  88. The UK Met Office, traditionally funded from the Ministry of Defence budget, has the computing power for a brute force crack. Perhaps UK weather forecasts will now begin to show an improvement in accuracy.

  89. There are no back doors or secret passwords for 7-zip.
    Using rarcrack to get the password is a waste of time.
    The password for 7-zip is hashed using SHA-256. This hash is then used to encrypt the file. If you are going to do an exhaustive search then you can skip trying every password and instead try every hash. This reduces the search from upto 2047 or 8191 characters to 32 bytes (BYTES not characters). Assuming that testing each possible one takes 1 cycle and that you are using a 100GHz processor and there are 1 million of you trying it, it will take you approximately 36,200,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 years.
    Clearly an exhaustive search is out of the question.
    The only hope is that the password is based on a word. For example, if you thought the password was “sunshine” then you might try:
    sunshine
    5un5h1n3
    SunShine
    Sunsh1n3
    etc.
    There are over 1000 different ways to try the word sunshine.
    The Oxford English Dictionary lists over 250,000 words so if we take that list and generate 1000 variations for each word then we get 250,000,000 words to try. I haven’t extracted the SHA code from 7-zip yet and benchmarked it, but assuming a desktop computer can test 1000 passwords a second then it would take approximately 70 hours of computing time to test all those possibilities.
    If they used a 2 word phrase such as “global warming” then there are 250million squared possibilities. This would take 1 person 2 million years to crack. Unfortunately, there are many ways of combining 2 words, such as:
    global warming
    globalwarming
    global_warming
    global+warming
    global-warming
    etc
    Testing each of these would take 2 million years.
    In conclusion, the only realistic hope you have of cracking the password is if they have used a single word as the password. At some point in the future I will probably extract the relevent code from 7-zip and “John the Ripper” and attempt to crack the password using a dictionary attack.

  90. I am an analyst/programmer with a long history in computing and agree with the general sense here that if the pass phrase has been constructed properly it is very unlikely for it to be cracked. What I am curious about is since this thread has attracted many with knowledge about encryption is a point about history. There was a time when there was much talk about security organisations insisting on a back door into any encryption method. The UK even went so far as to pass a law that UK citizens must produce passwords on demand. So does anyone know if these things were done or was it all nosense in the first place?

  91. Hi Terry, that is great, but in 2 million years these emails will have far less impact. We are going to need a different approach.

  92. MikeO says:
    November 23, 2011 at 4:40 am
    There was a time when there was much talk about security organisations insisting on a back door into any encryption method.

    I use BitLocker, available with Windows 7 Ultimate, to encrypt my drives. There is no backdoor. If I forget the password, and I don’t save the key somewhere, the files are unrecoverable.

  93. Re: MikeO

    You are thinking of the Clipper Chip. This was to supposed to be used for secure communications and used a key to decrypt the communications. The US government, however, held copies of all the keys so would have been able to listen into the communications.

    Another one you might be thinking of is PGP (Pretty Good Privacy). The US government classified this a munitions because of the key length and banned its export from the USA. The authors got around this by publishing a book with all the source code printed in it and legally exporting this. The book was then scanned using an OCR and the program recreated. I think, but I’m not sure, that France also banned the import of encryption.

  94. @TerryS
    Intels Knights Corner can do more than 1TFLOPs of double precision calculations, how does that affect the time line to break the encryption.
    There is a 10% chance of breaking the password in one tenth of your calculated time frame.

  95. Dishman

    I think Dyspeptic Curmudgeon is on the right track, the interesting thing will be matching the released emails (and time stamped context) with those that survived in Michael Mann’s email list, for forensic examination – might be very revealing as Mann seems to outsmart himself sometimes, much to the chagrin of the remaining ragged team of followers !.

    Weather [pun] they will suddenly abandon him, if he has left himself open by selectively editing of those remaining emails, will be quite telling. Human trait is to abandon excess baggage to contain a crisis!! (or divert flack elsewhere by proclaiming the target!!)..

  96. Incidently I rather like the discussion on ethical conduct proposed for study by science students taking place now at Judith Curry’s site, The posts by the “defenders of the warming faith” have become quite hysterically comedic as they try to defend the undefendable – bias of the trolls or last tango before Durban!!

  97. Remember that screensaver that was processing signals from outer space. People downloaded it and it ran in spare cycles on their computers. Could someone put together a Massively Multi Something’d project to have 100,000 people download the software and try to break it by brute force.

  98. one possibility of getting into the file is to use cloud computing resources … you can rent an impressive amount of processing power and resources these days.
    … or pose it as a challenge to Watson, IBM’s latest supercomputing toy.

  99. I think FOIA may have a plan that I haven’t seen discussed. Whoever has the original e-mail files can crack the code by using those e-mails against the files. If you can match up the original to the encrypted data it is much easier to crack. However this may be a trap. FOIA may be hoping to get them scrambling to figure out what else is in there and in doing so allow more information to “escape”. Or there may be a trojan inside the zip file designed to crack these systems from the inside.

  100. Re: Gary Mount

    Intels Knights Corner can do more than 1TFLOPs of double precision calculations,

    The SHA hashing and AES encryption both use integer operations, not floating point.
    Even if you increase the processing power a 1000 fold you are still looking at a couple of thousand years to try all 2 word combinations. Once you start on 3 word combinations you are looking in the order of 500 trillion years.

    There is a 10% chance of breaking the password in one tenth of your calculated time frame.

    That assumes that the password is a modified English word and not a German, French, Russian or even a random selection of characters.

  101. Re: Disbeliever says:

    Whoever has the original e-mail files can crack the code by using those e-mails against the files. If you can match up the original to the encrypted data it is much easier to crack.

    There are 244 files in the encrypted all.7z that also appeared in the original Climategate 1.0 version.
    You can not take the encrypted file and the unencrypted file and then derive the key from the two of them. Having an unencrypted copy will mean that you don’t have to decrypt an entire archive entry to test the password, just the first 16 bytes.

  102. Hercules?

    After all, he slew Cerberus, the multi-headed hellhound who guarded the gates of the Underworld.

  103. If I had the pass-phrase, what would it be worth?
    … and to whom?
    … and would that be in unmarked US dollars?

  104. Just to confirm, the password given above is correct: “A miracle has happened.” – case sensitive, with the full-stop(/period), without the quotes.

  105. Even assuming the NSA doesn’t have a backdoor in 7zip (which is probably a bad assumption), their algorithms could crack that key in hours or minutes if it is anything based in a language. Brute force isn’t really relevant. Real secure keys use truly random phenomenon like atmospheric changes to generate a one time pad, but that seems unlikely here. Unfortunately we don’t have access to the 50 acres of processors the NSA uses.

  106. Maurizio Morabito (omnologos) says:
    November 22, 2011 at 4:32 pm

    “The technical details might be revealing on who’s behind FOIA.org. How many interested parties knew of 7z at UEA?t”

    7zip is pretty popular. I use it frequently for sending dll and exe files via email. Most email providers, especially big free ones like hotmail, gmail, and yahoo block the transmission of attachments containing executable files for security purposes. Zipping an .exe file doesn’t help as the email providers can and do examine the contents of zip files. They don’t have algorithms to look inside 7zip files so it’s easy to use that instead of plain zip. 7zip also gets hellaciously better compression rates which is icing on the cake. It’s also open source, with an SDK, so no one ever has to pay for it and you can customize it and/or bundle it into applications of your own.

    Given its popularity among the more computer literate and everyone in the open source community the answer to your question is that pretty much anyone at UEA might know about it.

  107. Mark Buehner says:
    November 23, 2011 at 6:49 am

    “Even assuming the NSA doesn’t have a backdoor in 7zip”

    That’s a pretty safe assumption since 7zip is open source.

  108. If this is word based, and up to 8k characters, I would try brute force based on quotes from the warmanista’s articles, papers, or books. Maybe a transcript of Al Gore’s 24 hour Boondoggle.

    Try them in various languages as well.
    This idea ^^ shouldnt take more than a year.

  109. I think the motivation for the release of the encrypted file is simple. This action gives the story legs. Those responsible are clearly playing a media and public relations game; the timing of their releases makes that much clear. The teaser is designed to attract maximum publicity and sustain it for as long as possible.

    It certainly would be a hoot if the password turns out to be an English phrase (“Hide the decline” or whatever) although I think that’s rather unlikely. Using such a weak passphrase would mean relinquishing control over the timing of the disclosure and that’s inconsistent with the M.O. here.

  110. climate creeper said on November 23, 2011 at 6:26 am:

    Hercules?

    After all, he slew Cerberus, the multi-headed hellhound who guarded the gates of the Underworld.

    Nah, the Twelfth Task was only to capture Cerberus, not kill. Besides, would that be Hercules, or Heracles, or perhaps Herakles? And that’s without considering the possible use of his original name(s)…

  111. I don’t believe that it’s going to be feasible to crack the password in any amount of time that is going to prove useful. To me it seems evident that the presence of the file containing 200K+ emails is a threat (or maybe more gently termed a “reminder”) to “the team”: play it straight because you will be caught and exposed very publicly if you don’t. The “team” certainly must know what’s in those encrypted emails, and it’s bound to be very incriminating.

    Well played, FOIA!

  112. Mike Smith says:
    November 23, 2011 at 7:34 am

    I think the motivation for the release of the encrypted file is simple. This action gives the story legs.

    No skilled police investigator would ever tip his/her hand as to the complete evidence they have against a suspect ‘early’ in the investigation. It’s always better to listen to the endless lies first.

    In any scandal, the powers that be have to make a decision as to whether they will go the ‘whitewash’ route or ‘throw someone under the bus’.

    The whitewash route has been done. Now there is a second set of emails and the possibility of an even larger set coming out.

  113. .
    Ok, some tidbits for you to work with. Since these Readme file comes with quotes, then why not Google search with quotes?

    The first sentence:
    “Over 2.5 billion people live on less than $2 a day.”
    Comes from:

    http://givewell.org/international/technical/additional/Standard-of-Living#footnote9_7ctwcpa

    The second sentence:
    “Every day nearly 16.000 children die from hunger and related causes.”
    Comes from:

    http://www.squidoo.com/world-hunger

    The fifth sentence:
    “Nations must invest $37 trillion in energy technologies by 2030 to stabilize
    greenhouse gas emissions at sustainable levels.”
    Comes from:

    http://www.scientificamerican.com/article.cfm?id=iea-low-carbon-co2-investment-energy-demand

    Note that these quotes come from 2009 and 2010.

    Note also, that the writer is European/Russian, as they have changed the ‘thousand divider’ from a comma to a full stop.

    .

  114. Did anyone ever find M. Mann’s formula for “Hide the decline”

    That would be a good password, even Mann probably wouldnt guess that we found that. LOL

  115. You will note that FOIA supports some of the goals of the warmists, but she is still angry.

    Why? Because the CRU had a deal with her, and it would appear that they reneged on it in some fashion. Thus FOIA is still greatly grieved.

    But she is safe, in deepest darkest Russia, and neither PJ not MM can get even close to her. Keep it up, Nady.

    .

  116. misterjohnqpublic says:
    November 22, 2011 at 7:49 pm

    Do you remember how long it took the MSM to absorb the original emails? At least 6 to 8 weeks. And then the denials …

    It wasn’t until the general public were ridiculing the press that the MSM starting to come clean. I wonder what will happen this time? It will be interesting to watch.

    Well, I can make one very reliable prediction about when the MSM will notice this story with anything even remotely like a journalists eye. It won’t be until AFTER Durban.

  117. I’m by no means an expert on cryptography, but I know enough about it to have a feel for the numbers involved here. If whoever encrypted this was competent, and didn’t want it decrypted there is no hope of cracking it (unless there is some flaw in the implementation of AES 7Zip uses, which is possible, but quite unlikely,) barring some fundamental advance in mathematics or computing.

    Now, it is possible that the person who encrypted this wasn’t competent, and did something stupid. I think that’s unlikely, but more likely than, say, a flaw in the implementation. It is also possible that the person who encrypted this intended that it be cracked- I’d say that’s actually the most likely scenario that would allow it to be cracked. So it’s worth trying the obvious things, and maybe some not-so-obvious things. But if one of these three things is not true (flaw, incompetence, intentional incompetence) it doesn’t matter what approach you take- you will not brute-force this. Even if all the economic activity of the planet were applied to decrypting it it would be impossible in any reasonable time-frame (and I use a very generous definition of reasonable here.) The numbers involved here are _large_.

  118. The released emails contain sections which have been “REDACTED.” This indicates they perhaps form part of a response to someone’s FOI request. This leads to the possibility that FOIA has ongoing access to internal communications. Perhaps we are about to be given access to the inside aftermath of Climategate 1.0.

    Wouldn’t it be fun to be a fly on the wall…

    PS – Given the theory the emails are part of an FOI response, the officer in charge must have believed anyone whose name is not redacted from the emails is part of the official affair in question.

  119. “I’m not sure this effort needs as much brute force as it would seem. Think logically as FOIA would. You don’t make up a password on your own because writing it down incorrectly and/or misplacing it is too risky. ”

    Good thought. How about starting with the American constitution and other freedom oriented documents? Or for irony’s sake the UN charter.

  120. Blair, I suspect this person is not in the US and has possibly never lived in the US so US documents would not be interesting. Also, this exposure of the actions of “the cause” would not advance the interests of either China or Russia. In fact, it would do just the opposite. “Climate change” imposes a huge drag on the economies of the West and hamstrings them. It prevents our economy from growing and forces more business activity out of the industrialized West to the benefit of those countries. China would want to bankroll “the cause” as the return on investment would be enormous. Anything that can be done to hamstring the US energy supply thereby directly hamstrings our economic growth. You can not increase production of anything without increasing energy consumption. The entire purpose of this is to use a CO2 scare to increase regulations which greatly increase energy costs which then force business activity to migrate to places with no such regulations. It is “redistribution of wealth” on a global scale using fear of CO2 as the mechanism to persuade people to buy into the regulations that enable that redistribution.

    Look, if I produce apples and if I want to double my production of apples I must make twice as many trips to market, must wash twice as many apples, must pick twice as many apples, cultivate twice as much land, etc. All of that increases my energy consumption. There is a direct correlation between energy consumption and GDP growth with some allowable slop for changes in efficiency of use. We are extremely efficient in our use. BTUs = Dollars of GDP if you hamstring the BTUs, you hamstring the GDP. It really is that simple.

  121. The REDACTED areas that I’ve seen were clearly labelled as “Family” or “Health” issues that are none of our concern. Such as: (email 0012.txt)

    3) On a strictly personal note, [[[redacted: health, 3rd party]]]

    I think FOIA did the right thing on this. Stuff like that are none of our business,

  122. Dave says: November 23, 2011 at 6:36 am

    Just to confirm, the password given above is correct: “A miracle has happened.” – case sensitive, with the full-stop(/period), without the quotes.

    I cannot get this to work.

  123. Forget all your rather silly attempts at cracking 7. You aint gonna do it ! Just sit back, grab a biere and popcorn, read the manna from heaven and wait longingly for your next present.

    FOIA, who ever you are. Thankyou, thank you, thankyou. You have given me the best laugh in years. Your tactics are genius even if they are less convoluted than expressed on this site, just brilliant.

  124. I know there’s plenty of arguments on processing power, but most people are looking at this from a CPU benchmark. GPU cracking is fast, very fast especially when using rainbow, hashed, brute and dictionary attacks because it uses non-predictive branch heading. Which is the direction that password breaking has moved in the last year. Providing that someone has the time and effort, a 8-line bank of modern GPU’s could probably crack it in a few years, that is providing that it falls into one of those normal password groups. Or the old fashioned common passphrase range. Otherwise, you’re probably looking at it taking longer.

  125. Lucy Skywalker said @ November 23, 2011 at 11:38 am

    “I cannot get this to work.”

    Neither could I. Frustratingly, 7zip hangs after each attempt and I have to kill the process [64-bit Win7/64-bit 7zip].

    As I surmised earlier, it’s going to be something blindingly obvious with hindsight. Also, it will be considerably longer than “A miracle has happened.” That would be susceptible to brute force and I believe this is a logic game.

  126. Wouldn’t be more efficient if people choose the same crack pot engines and work with specific character lengths only so as no two are doing the same work others have already done. This should work with the brute force tactics as well as dictionary work (as in using different dictionaries to work with)?

    :p

  127. Folks, AES is used by the American government (AES = American Encryption Standard) to protect everything, including material with top-secret designation. Even with a cluster from the top500, it would still possibly take longer then the age of the universe to break. Simply isn’t going to happen. Wikipedia will tell you everything you need to know….GPU isn’t going to help much due to the

    The other reason for not releasing everything is to prevent information overload. 5k emails can be read and analyzed. 200k+? So much information that it would be nearly impossible to build anything reasonable out of it in any amount of time. Similar to the Afgani War logs that Wikileaks released. The press didn’t care because there was too much data to sift through and not enough time.

    The reason it’s been distributed is so that it cannot be removed or suppressed. From my servers alone, over 15k people have downloaded the full archive. If push comes to shove, the passphrase will be released, and there will be no way for any government to stop the spread of the information, which, after all, is one of the goals here. Possibly blackmail too. Fun.

    The rest of the emails will be released at some point. Keep your pants on and be happy with what you got. ;p

  128. Sorry Kurth. AES is a standard which many use, but passwords fail because of human stupidity. GPU cranking against tables is fast, even with 50 character passes, which are uncommon. Most passphrases are words, or phrases under 10 characters. And that’s what you always run against when you’re braking a passphrase 95% of the time. Seeing 100,000 tries per-second per single GPU isn’t uncommon these days, and cheap GPU cracking rigs(4 cards) can push over 1m passwords tries a second if configured properly and using the right software.

    Brute forcing? Cheap, easy for the common person. Especially when coupled against what people normally use for passwords.

  129. I think whoever released the emails has a clear plan. The other emails may be released when whoever is responsible is ready. As was said above we can only take in so much information at once. Whatever is in the mind of whoever released may become come clear soon. Who knows for sure. At the moment all we can do is sit back read the emails figure out their meaning and see if there is a suitable response this time. This could be what whoever released them is after. Things like this take time to change and in the grand scheme of things waiting 2 years for more information isn’t that long. I’m going to sit back and enjoy the view.

  130. The password has to be something that doesn’t need to be written down but can be conveniently accessed, can’t be hacked and can be passed on verbally. The last highly likely IMO.

    If I were a cryptographer trying to crack this I would start with books in project Gutenburg. Every sentence and every paragraph should be a manageable number.

    Although it occurs to me that the archive contains nothing but junk, and is a bluff aimed perhaps at Jones. Jones’ comments indicate to me there is more incriminating stuff that no one has yet made public.

  131. i found out what the password is but i am not telling unless you send me 100 million dollars in unmarked bills.

  132. Has anyone considered … setting up and running some ‘test cases’ (known, encrypted test files with known passphrases) using .7z files – something everyone could run just to assure that newbies and professionals alike could verify method and means as well as technique?

    Any pointers/tutorials existing for same? I ask more for those coming into cryptography for the first time (I’ve got Bruce Schneier’s first book on the subject; could not at the time believe it was actually published!) …

    http://www.schneier.com/

    .

  133. Re: Mashiki
    Rainbow attack – Wont work because the password is fed through SHA multiple times and therefore there are no rainbow tables available.
    Hashed attack – Not applicable
    Brute Force – Not feasible for any reasonable length password (billions or trillions of years).
    Dictionary attack – About the only possibility.
    Non predictive branch heading – Never heard of this. Sounds more about what the processor does than anything to do with cryptography.

    Re: Kurth Bemis
    AES = Advanced Encryption Standard – not American Encryption Standard and was developed by a couple of Belgium’s.

  134. My speculation regarding the strategy of controlled timed release of emails is this: There seems to have been an understanding as to the lengths governments and media would go to brush the uncomfortable truth under the carpet with the first release. The secondary release with an even larger locked cache still to come acts as a threat to governments. Cease and desist with any plans for CAGW legislation or prepare to be embarrassed and completely exposed.

  135. Lucy Skywalker>

    I was using Winrar and it appeared to work fine. I didn’t wait for the whole archive to unpack, or check the results – it simply started unpacking instead of giving whatever ‘incorrect password’ error it gave with other passwords. Either I was overly hasty – that is, an idiot – before, or I’m doing something different now.

    I’ll double check in the morning :)

  136. Ummm,
    To the password crackers:

    What languages are being tried ?
    Russian
    Chinese
    French
    Some old computer language
    A mix of all the above ?

    I personally would use a mix of all, and not be worried.

    Then again, I have no idea what I am talking about.
    Just a thought.

  137. I would expect the passcode to be something like CQkKFA8PDBEYFRkZFxUXFxodJSAaHCMcFxchLCEjJygqKioZHy4xLSkxJSkqKAEHCAgKCQoTCwsTQ4aOSNwGRh/dYA4IPQis0a9rmnSwP4h0jT7OxnmjthcWGpPcsksjhI96NBH8rOyrlSxBZcjbuZea. Only longer.
    Have it saved in multiple places on the internet, copy & paste it anytime you need it.

  138. drowssap

    Only problem is, once you open the archive, there’s a good chance that you’ll find several encrypted archives inside.

  139. So did it turn out to be ” A miracle has happened.” or ” A miracle just happened.”? The latter was the original, no?

  140. Roger Carr says:
    November 23, 2011 at 7:11 pm
    Password voted best joke at this year’s Edinburgh Comedy Festival:

    SnowWhiteandtheSevenDwarfs

    OK, so it is eight “characters” long –

    it would now be rejected as being too short.

    Well, at least 7 eights of it.

    :)

  141. Che: With 7zip, you can open the archive to see the files in there. There’s a folder called ‘all’, 805MB in size (compressed to 138MB). The first file is named 1000064167, and the last is named 999981722, followed by a file called README. Unless individual files are encrypted with different passphrases (possible I think) one passphrase will decode them all.

  142. Maybe it is ‘Willis Eschenbach’ (“who made the first FOIA request to Phil Jones and the CRU to release his taxpayer-funded temperature data collection.”)

    http://wattsupwiththat.com/2011/11/23/mr-david-palmer-explains-the-problem/

    Maybe the name of the agent in control of the release of the encrypted files (FOIA) is the link to the password. Maybe the code is Mr. David Palmer, Mike Mann or Phil Jones? Just puttin it out there. Keep it simple – if he/she/they want this cracked, he/she/they would not be making it difficult.

  143. Some text strings that are highly likely to be in the contents are the names of the various people involved. How much known text does it take to be an aid in cracking archive passwords?

  144. The NSA has purpose built hardware to crack AES. Else they would never have approved it for US government secret documents. Otherwise, some fool clerk loses the passwords and the government is out of business.

    It comes down to risk analysis. Banks keep their money in vaults, but they always have a way to drill the lock if the combination is lost. Same with state secrets. Otherwise your enemy only need destroy your passwords to destroy your country. Rather than being more secure, you end up less secure.

  145. I am going to consider the password to be uncrackable for the time being. Whoever has control over that file says in the README.txt that they are not planning to release the passphrase but they have put the file out there in case those plans change at some point. I don’t think anyone is going to be successful in a brute force crack unless the passphrase is believably short.

    The README also says that they haven’t read all of them. This was apparently sifted with various keyword searches so at this point nobody except the original principals involved can know what is in those emails still encrypted.

  146. The highest numbered text file is 5349, but there are only 5292 .txt files in the folder.
    I wonder if the 57 missing files, having 4 numbers each, in some way makes up the password.

  147. What about a distributed computing project, like the one that didn’t work for SETI to try a brute force approach run by all the sceptics on their PCs? 100 years is only a few months divided by 1000 people.

  148. This might be really silly, I might have gotten the wrong end of the stick.

    How do we know that FOIA has zipped this. Isn’t it possible that he lifted the all.7z file from UEA already encrypted and has reached the conclusion that he can’t get into it. Perhaps FOIA is looking for some crypto help.

  149. For those who want to try cracking it with known pass phrases.
    The cli program is C:\Program Files\7-Zip\7z.exe (well in my win7 it is, theres also a 7za that I’ve seen mentioned).
    Trying (and generally failing) to extract the entire all.7z archive is silly, all you need to do is extract the first file. The first file in the archive is all\1000064167
    So open a CMD window.
    Cd to whereever you’ve put the all.7z archive. E.g. cd Downloads\FOIA\
    Try a password by doing

    “\Program Files\7-Zip\7z.exe” -p”A miracle just happened.” x all.7z all\1000064167
    if it doesn’t work
    del all\1000064167
    and try again.

    [It’s easier to automate this to try hundreds of passwords and variations in perl on Linux but that’s left as an excerise for the reader…]

  150. Don’t waste your time trying to crack the passphrase.

    Even an incredibly weak password such as:
    Password1234

    is practically unbreakable (1.04 years in a massive cracking array scenario. Assuming one hundred trillion guesses per second) .

    https://www.grc.com/haystack.htm

    A simple phrase such as:
    maryhadalttlelamb!

    would take about 14.32 billion centuries to break in a Massive Cracking Array Scenario.

    https://www.grc.com/haystack.htm

  151. But supposing he then sent the passphrase to Phil Jones and M Mann with a threat; Resign now, get the hell out, otherwise this passphrase goes online to the general public. That is a strategy that might push FOIA’s enemies out without completely disgracing the “scientific community”
    Just another way of looking at what might motivate FOIA

    ===========

    Hmmm! Blackmail – thats a good one

  152. JJThoms says:
    November 24, 2011 at 4:55 am
    Hmmm! Blackmail – thats a good one
    ===========
    Or, how about – pay trillions of dollars in taxes to continue using fossil fuel or freeze to death?

  153. Look people. Someone got a little excited when they entered “a miracle has happened” and the archived “appeared” to be unpacking. Nobody has cracked the password (that I know of). I just downloaded the archive and have tried different variations to no avail. However, there ARE a lot of variations to try – uppercase, lowercase, mixture of both, punctuation included/excluded, etc.

    If any were successful we would have the documents by now! None of the people, who thought they unpacked it have reported back. Unless someone guesses the phrase, I suspect this lock will hold for some years. GK

  154. @edvin

    if I am understanding the architecture of 7z files yes the password in its hashed form is part of the zip file as an extra field appended to the header……….but the algorithm used to generate it is a one way process

    you enter a password and an algorithm converts it to a hash and when you try to unzip the files the hashes are compared and if they match then the file will unzip and unencrypt

    even with a hex editor and looking at the file and using lots of guesswork you won’t be breaking it, the hash might be encrypted too

    http://en.wikipedia.org/wiki/ZIP_%28file_format%29

  155. Btw: During one attempt to crack, one text file actually produced content ie a file size. When I opened it there was a few characters. I deleted the file before it occurred to me that it might be important. It was something like (sorry don’t know the symbol for cent) “cent cent cent cent ))]]”.

    Has any one else been able to produce any characters (hence file size) in any unpacking attempts? Does it have any significance to crackers? GK

  156. I’ve seen real miracles, things there was no way can be explained by Newtonian or Einsteinian physics. I’ve studied things like the First World War phenomenon called the Angel of Mons. I’ve looked at this from all sides, both naively believing, naively rejecting, and levels of maturity of both belief (with evidence) and rejection (with less evidence). Personally I try to steer clear of both belief and disbelief, I look for evidence, and I “believe” this puts me in the general mindset of scientific attitude.

    The miracles I’ve seen and read up have a certain “feel” about them, I really cannot be too exact. They have a kind of deep integrity, simplicity, and direct usefulness, often lifesaving.

    FOIA has all the attributes I associate with flat-out miracles.

    My intuitive guess is that the password will be given to people in dreams, or something like that, when the time is right. Well, I wait to be proven wrong!

  157. >>Q. Daniels says: November 23, 2011 at 11:06 am
    >>Ralph,
    >>I have what I promised our friend.
    >>Thanks for the time.

    Good news. Thanks.

    .

  158. Could the protected files contain CRU’s raw data that it shared with the
    World Bank and no one else?

  159. 220000 emails over 13.5 years means about 45 emails per day (~62 emails per working day).
    Would that be expected amount of traffic for an organization of the size of CRU?
    Analyzing the UNIX timestamps could give further information (week day frequency, notable events etc.).

    I’m guessing:
    – all.7z contains all the emails of the entire CRU staff between March 1996 and November 2009 (a dump from the email server) minus already published emails (FOIA2009 and FOIA2011 unencrypted).

    – The reason to keep the passphrase secret is simply to protect the privacy of innocent people (staff not directly involved in climate science or under any FOI requests).

    – Probably all “juicy” stuff has now been extracted using keyword searches and published.

    – But just in case, as she/he/they haven’t read all 220000+ emails, the whole dump is released to “stand by” if there will be a reason for digging deeper into the pile.

  160. jorgekafkazar says:
    November 22, 2011 at 9:18 pm

    The naivety of commenters here today is beyond idiot level.

    crosspatch says: “Insurance against the person controlling the files being arrested or otherwise forcibly silenced. The key would be in the hands of a third party with instructions to post it should anything happen to the person controlling the file release. Maybe life insurance.”

    That’s exactly it. The AGW scam is worth $US 100 billion. If certain parties figure out who the leaker is, he/she will be assassinated ASAP. The best protection is exactly what crosspatch has figured out. Do I need to also point out that cracking the encryption key and bragging about it here in public could cost someone his life? THIS IS NOT A GAME!
    ————–
    Really???

    Some people here have been watching way too many Hollywood conspiracy movies. Last I checked Julian Assange is still alive and fighting extradition to Sweden on a minor sex charge, although bumped off the news recently by Lindsey Lohan’s latest rehab setback. Odds are Lindsey will spend more time in jail than he will [unless she is sprung early by shadowy AGW supporters to star in a movie version of Al Gore’s “24 Hours of Climate Reality” …].

    Does anyone really think the AGW crowd have more money, more trained agents, or more ability to carry out secret violence than the US diplomatic and intelligence agencies? Yet Julian is still roaming around the streets of London without armoured cars or Kevlar(tm) vests:

    http://www.guardian.co.uk/media/2011/nov/15/julian-assange-extradition-wikileaks

    Even Julian probably thinks speculations like the above are paranoid fantasies.

    Really. It’s Thanksgiving and I’m going to increase my carbon footprint in a few hours by eating a big dinner. Then tomorrow I’m going to celebrate the start of the Christmas shopping season by joining an “Occupy Walmart” movement. Don’t let wild conspiracy fantasies spoil a perfectly good holiday.

  161. My 7-zip opened something with 200,000 – odd files – all with 0 bytes content. Still took three crash-reboots of my Win7 computer before I could get it to the recycle bin, and even there, it took three minutes to remove.

    I’ll leave this to the more technically-minded.

  162. The password is most probably one of those sentences used in the ReadMe file. Otherwise, why include them? Try them all, and see which one unlocks the files.
    (Yes, I’m a retired NCO, and yes, I’m sneaky and devious and bear watching.)

  163. I’ve been going through the 7zip code and if anybody is interested then this is what it looks like it does when encrypting files.
    1. Initialises the SHA256 digest
    2. Adds a salt to the SHA256 digest
    3. Adds a password to the SHA256 digest
    4. adds an 8 byte number (zero to start with) to the SHA256 digest
    5. increments the 8 byte number
    6. Repeats 2-5 a total of 524288 times. (0x80000 in hex)
    7. Compresses and encrypts the file using AES256 with the SHA256 digest as the password.

  164. In the US, universities using PeopleSoft generally give “W numbers” to their students and staff, e.g. w012345 . . . if UEA uses PeopleSoft (which appears to be the case based on quick googling), perhaps the W number of one of the relevant CRU parties might be the key.

    This could be the case whether or not “FOIA” 7zipped the file, as someone above speculated.
    In any case, an orderly crowdsource of this would be worthwhile, if even in the form of a basic site where people could enter in guesses they’ve tried. However, the problem there would be AGW alarmists adding false data to throw people off.

  165. It tends to be the case that governments have a number of clever cryptographers and powerful computers. If a government were to set its mind to opening this file – it might well succeed.

    FOIA could be using the archive to send a message to only those he or she wants to read that message i.e. government. It will be interesting to see the general trajectory of governmental pronouncements post Climategate 2.0.

  166. @ZT,
    governments like to scare the people into thinking that their encrypted data can easily be cracked. This means people don’t bother to encrypt.

    Unless you use an obvious password (eg an English word in lower case) and low level encryption your data is safe.

  167. I’ve extracted enough code from 7zip to perform some benchmarking to determine how many passwords could be tested per second.
    Using a quad core 2.4GHz processor I was able to generate 16 encryption keys (from passwords) per second. The reason this figure is so low is because the designers of 7zip made the key generation processor intensive.
    If I had been able to get this figure to over 1000 per second then it would have been feasible to perform a dictionary attack. Because of this low number, and the low probability of success, I’m abandoning writing attack code for 7zip

  168. To me the reason for placing the encrytped file out there is very simple: to be able to hide it in plain sight. By releasing the encrytped file like this:

    1. They do not have to look after it as they can retrieve it at any time
    2. They cannot be incriminated by being in possession of it on their computer as they can no download it post-facto from the internet

    As for the password, it is unlikely to be a long, random number/character sequence as this could be misplaced and possession of the passphrase would be incriminating. I think there are two possibilities for the passphrase. One is that it is something that can be copied from plain view on the internet and that never changes. A text is therefore possible, but this might not be reliable enough as it must be something that is guaranteed to never change.

    Alternatively the passphrase could be something that can be easily worked out if you just know the clue. For example, it could be a long number comprised of the first n primes written in sequence. You cannot forget it and you can very easily communicate this as a short message in a blog posting, or to a trusted person. Even a clue such as “primes n” would probably be sufficient for a crack to be run, even if they were in reverse order or some such as the number of permutations narrows down dramatically.

    As an example, there are 95 primes between 1 and 500 and it just so happens they would give a sequence of 256 digits:

    2357111317192329313741434753596167717379838997101103107109113127
    1311371391491511571631671731791811911931971992112232272292332392
    4125125726326927127728128329330731131331733133734734935335936737
    3379383389397401409419421431433439443449457461463467479487491499

    It only takes a few minutes to copy the list from the internet and reformat in a text editor to remove spaces. This sort of approach would make for a secure passwrod that cannot be lost and can be simply recovered.

  169. In the Readme file the following is one of few with a comment, could this be a hint;
    One dollar can save a life — the opposite must also be true
    Could the password be the reverse of OneDollar can save a life
    efilaevasnacrallodenO
    or variations on the above.
    Just a thought, hope it helps

    REPLY: Thanks, too simple vulnerable to password grinder attack – Anthony

  170. Anthony is the General and I’ve appointed myself Regimental Sergeant-Major for a day or two to enforce some DISCIPLINE.
    There is no way that the code as described can be cracked, especially by amateurs guessing. You have better things to do with your time. One of the better things is to contemplate the effect of Climategates 1 & 2 on the civilised world, particularly the way that the world regards Science.
    Please read the emails if you think that you have the background, the skill and the experience to pull something useful from them. Then summarise that useful component, with recommendations about ways that could lessen the bad effects and enhance any good effects.
    This is not material for children to play with. This is a revelation of a brutal attack on Science by a pack of people whose identities are still being uncovered. In the end, it would not surprise me to find that a cartel behind the Global Warming story was formed with the express purpose of making large capital gains, through schemes such as carbon trading. The main alternative hypothesis (in my mind at least) is a concern by some with power to try to cause a global wealth redistribution. Either way, the top weights are determined to find a place in history and they will not be easily stopped.
    As a Scientist, my concern is with damage to the public perception of Science. Despite protestations by the players and despite whitewashes by a few inquirers, these email series show a side of Science that is alien to the genuine Scientist. John Citizen, however, could be pardoned for thinking that this is the crooked way that Science progresses normally.
    Unless you are a geniune Scientist with a sense of history, you will not realize the enormous benefit that Science has brought to the World, to your personal health, to your personal comfort and enjoyment. You will know the fragility of a reputation and how it can be damaged by slinging mud, which is essentially the repetitive theme in Climategate. Sling mud at anyone who disagrees with you, stuff it in his/her mouth to cause silence.
    My disapointment with the “me too” crowd of sycophants of man-made Global Warming personnel is high. When I first saw the makings of the man-made Global Warming scam, I hesitated not at all to add my full name and some not inconsiderable time to an investigation of it, though I lack the skills of a Steve McIntyre or an Anthony Watts and others who know who is on this list of achievers. I am really disapponted that more scientists have not had the guts to cross the line and add their criticism to the shallow nature of Global Warming “Science”.

    So, troopers, forget the fun game of trying to invent uninventable passwords and get on with telling the public, the media, your friends, just how much of a sham this is. Guilt by omission to act is as bad guilt by commission. You would not like your name on the accused list of Climategate email people, so take positive steps to place the man-made Global Warming topic where it belongs – in the bin.

  171. I’m not going to be much use in cracking this code. But I will make a guess on the contents:

    In the zip will be….

    5,000 emails and a slightly smaller encrypted zip. :)

  172. FOIA is good, very good. The authorities have been trying to track him since Climategate 1 with no success. It is therefore highly unlikely that the passphrase is trivial and vunerable to a dictionary attack. As other posters have said AES256 is to all intents immune from a bruteforce attack and will be for many many years yet.

    So why is FOIA releasing the ZIP file, Thinking Scientist has it right, it provides plausible deniability for having an encrypted file on your computer. Under UK law the Police can demand the password for any file and it is a serious criminal offence not to comply. It also means that you do not have to transport the data on physical media across international borders which is risky.

    So why did he not release the full archive un-encrypted? Again this would be highly risky for FOIA as this could contain information which could reveal his identity. Just simply knowing the start and end dates of the file dumps would be useful to the pursurers.

    His concern isn’t that if discovered he would be subjected to some kind of Black Ops disappearance, rather that he gets some serious jail time. You only have to look at the treatment of recent script kiddies to realise why our friend is cautious. Whatever you think of his motives and morality, he clearly has broken laws, and is unlikely to get much sympathy from the authorities.

    As to what is in the remaining e-mails, we can have fun guessing, while hopefully our friend gets on with his data mining.

    As I said he is very good, trust him.

  173. FOIA is becoming a bit of a legend,

    what next FOIA T-shirts, single, book, interview with face blacked out and actors voice,

  174. the easiest random number is 3.141592…. etc etc, just choose your length ?

    sounds like FIOA is a Brit (`old school` of course)

    regards

  175. Just a thought, if the UEA etc has nothing to hide……why don’t they “trump” the FOIA leak and publish the E-Mails?

  176. cross-posted from ClimateAudit-

    Running “all.7z” in test mode reveals some interesting results. Apparently, the passphrase isn’t required for this function.

    There are 220247 email files and 1 readme.txt file. There are no subfolders, so no additional tranches requiring different passphrases. This is the Full Monty.

    The email file names are 9 or 10 digit Unix timestamps.

    Oldest email is 636048969.txt dated 26 Feb 1990 16:16:09 GMT. Interestingly, The next email in the sequence is dated Mar 08 1996 8:02:01 GMT- 6 years later.

    Newest email is 1258124051.txt dated 13 Nov. 2009 14:54:11 GMT. This moves the dossier acquisition up one day, from 12 Nov 2009.

  177. From Duke C. on November 26, 2011 at 12:13 pm:

    Running “all.7z” in test mode reveals some interesting results. Apparently, the passphrase isn’t required for this function.

    There are 220247 email files and 1 readme.txt file. There are no subfolders, so no additional tranches requiring different passphrases. This is the Full Monty.

    Run in test mode? I get all that on my Debian Linux box by running Archive Manager without the correct passphrase. Except the count is 220246 numbered text files and one readme, all empty, and their directory. It also takes a very long time to wipe all 220248 objects off of the hard drive, more than 3 to 4x the attempted unpacking, so I’ve given up trying. Maybe three attempts an hour with pronounced system slowdown? I don’t need the hassle.

  178. kadaka (KD Knoebel) says:
    November 26, 2011 at 2:39 pm

    It also takes a very long time to wipe all 220248 objects off of the hard drive, more than 3 to 4x the attempted unpacking, so I’ve given up trying.

    Try just unpacking one file (ie read me) instead of the whole archive. GK

  179. I’m wondering about Kendall. If not an outright miracle, still, good people can get inspired. As Kim noted, Kendall would appear to have the ability, reason, and courage. Read his story through the emails here.

    Whatever.

    I think it would be a good idea to think about a plan of action, as to how best to cope with 220,000 emails.

  180. how about just googling the password, could be hidden in plain view, so the owner can find it whenever they want?

  181. it seems that Phil Jones and the rest of the crew are not phased by these emails or the threat of the ones not published, they know themselves that there are another 200,000 + ready to go.

    I feel that if there were worse to come they would be running for the hills .

    If i knew I had done some cover ups and it was there in print and this was about to come out i would not be taking it so casually.

  182. I think they have already taken stock of what is there and know they can weather the storm as the MSM will just keep quiet.

  183. all the emails should have been released at once and swamped everything.

    always strike with the clenched fist not the spread hand, I learnt this from General Manstein.

  184. not to worry though, the world cannot afford this madness so is backing off, the politicians pushing this were also pushing the euro.

    Dumb and Dumber.

    sorry for my hogging of the comments box, i am done and will sit back with my glass of wine.

  185. “Over 2.5 billion people live on less than $2 a day.”

    “Every day nearly 16.000 children die from hunger and related causes.”

    “One dollar can save a life” — the opposite must also be true.

    Why the quotes? Perhaps one or more of them are a “treasure map” of sorts to the pass phrase. That’s what I’d do — include the phrase in the archive, but somehow transformed.

    The first quote comes from givewell.org
    The second quote comes from save-life.org
    The third quote comes from a variety of websites, but why the editorial comment following it?

    Perhaps the “save a life” quote is a mnemonic to help remember that the pass phrase is some text from the Save-Live website (i.e., the quote), and “the opposite” is a clue to remember the transformation. Or maybe it’s a word substitution. Or maybe the quotes are just to get people like me to waste a few minutes time on a slow day. ;-)

    For those interested in trying to guess the pass phrase, just use the 7zip file manager and double click a file, then paste in the phrase. Takes a few seconds per try.

    As to why release the archive — keep your enemies guessing. No one can possibly remember every email he wrote over that many years. It vastly limits one’s ability to counter what has been released not knowing what else is there. Doubly true if you know for certain something is there, but FOIA hadn’t happened to find it.

    BTW, FOIA stands for Freedom of Information Act, a bit of US legislation, even if he does use a . for a , as a thousands separator. Either could be a clue planted to confuse the trail.

Comments are closed.