There’s an embedded archive file called all.7z which contains thousands of additional emails and files.
The 7zip archiver in which this is stored uses 256 bit AES encryption. It’s a tough nut to crack.
“FOIA” chose this most likely because there are no effective tools for 7zip, while there seem to be many for standard .zip and .RAR files.
From their website: http://www.7-zip.org/7z.html
“7-Zip also supports encryption with AES-256 algorithm. This algorithm uses cipher key with length of 256 bits. To create that key 7-Zip uses derivation function based on SHA-256 hash algorithm. A key derivation function produces a derived key from text password defined by user. For increasing the cost of exhaustive search for passwords 7-Zip uses big number of iterations to produce cipher key from text password.”
The password can be 2047 or 8191 characters long, depending on your operating system.
I’m doubtful this password will be cracked anytime soon, maybe DoD could do it. Chances are that “FOIA” chose a very long password, that could take years to crack by a brute force attack.
“FOIA” is holding this in reserve, making it known that it is there, ready to pull the firing pin. I expect we’ll see it sooner than later as the reaction so far from RC and the Team is continued arrogance.
Julian Williams in Wales has an interesting take:
Maybe the passphrase is so complex to be uncrackable; is that possible? Surely after having sat on this material for two years FOIA would have made a decision how he is going to play this, and it just makes no sense to put most of the material behind a crackable passphrase.
But supposing he then sent the passphrase to Phil Jones and M Mann with a threat; Resign now, get the hell out, otherwise this passphrase goes online to the general public. That is a strategy that might push FOIA’s enemies out without completely disgracing the “scientific community”
Just another way of looking at what might motivate FOIA.
Discover more from Watts Up With That?
Subscribe to get the latest posts sent to your email.
256 bit encryption?
Brute force of one is not enough.
Distributed Brute force on the other hand…..?
Just set us all up on one of these:
Grid computing made simple
http://aip.org/tip/INPHFA/vol-9/iss-4/p31.html
Examples abound:
http://www.hyper.net/dc-howto.html
Throw a few thousand computers at it, and it won’t last a week.
Q.E.D.
I have discovered the password which this reply box is too small to contain.
haha. I just wish the developers of 7z had a backdoor subroutine to access any zipped file. I’ll throw in a case of beer if they would give us the password.
For anyone seriously interested in cracking this file, the old days of strong passwords taking years to crack are done and dusted. There are various GPU based cracking programs out there now;
http://blog.zorinaq.com/?e=43 & http://www.golubev.com/blog/?p=166
The above two links go to Whitepixel 2 and lghashgpu. Both of those programs can leverage the parallel processing of modern GPUs to get over 30 billion password hashes per second. Whitepixel is open source, I believe the other is as well. Anyone with moderate programming skills should be able to adapt one of these projects to work with the 7zip format.
For those who are interested, a list of the files (timestamp-filenames and sizes) contained in all.7z is available here:
http://www.megaupload.com/?d=3HG60TZ9
ZIPped text file, 1,33Mb. No password required. 😉
Don’t forget the law enforcement aspect of it.
They want to know what is in it also. There is evidence inside that file… and probably even better evidence in the readme file.
Which one do you think they will try to break first?
Hihi,
Where can we download the all.7z file? Thanks
Link to all.7z and other files files in a single file
http://www.megaupload.com/?d=ROCGBR37
This is getting silly you aren’t going to just guess it or find sitting there in one of the emails.
The naivety of commenters here today is beyond idiot level.
crosspatch says: “Insurance against the person controlling the files being arrested or otherwise forcibly silenced. The key would be in the hands of a third party with instructions to post it should anything happen to the person controlling the file release. Maybe life insurance.”
That’s exactly it. The AGW scam is worth $US 100 billion. If certain parties figure out who the leaker is, he/she will be assassinated ASAP. The best protection is exactly what crosspatch has figured out. Do I need to also point out that cracking the encryption key and bragging about it here in public could cost someone his life? THIS IS NOT A GAME!
Dyspeptic Curmudgeon comments at Volokh.com:
That makes strategy much more interesting for Mann and his lawyers.
Thanks for the link,
I found that off of google and uploaded just the .7z file to megaupload to save some bandwidth.
http://www.megaupload.com/?d=QGQDY78X
Julian Paul Assange? Or one of the 67061 anagrams?
Sailplane Sauna Jug?
Or how about…’there will be no carbon tax under the government I lead’
The AGW scam is worth $US 100 billion.
Its worth a lot more than that. Probably in the region of a $trillion per annum.
At least $10 trillion since its inception.
$US 100 billion is probably about right for the money that has flowed to scientists.
@Nick
November 22, 2011 at 4:38 pm
There is a project, wondering around somewhere, throwing brute force attacks at a 128bit passphrase, using a supercomputer, I think. They’ve been running for a couple of years now. They might have a chance. They’re expecting to break in sometime in the next 100 years. 🙂 But 256 bit is a bit fair dinkum.
++++++
I know someone very well who helped build a computer that can crack a 1024 bit encryption in about 3 hours. It would take about 15 billion years for a good desktop to do the same thing. I think it will not take long for a distributed effort (as suggested by tesla_x) or someone with night duty at a national lab to open the can. Will it be a can of air, worms or a Jack-In-The-Box?
It might even have a back door. I suspect it has multiple files inside with perhaps 5-10,000 mails in each, sequentially locked. If it takes 6 months to open, it will take another 6 months to open the next batch and so on.
The releaser has had time to collate them into a series of revelations, each of which will entice the guilty to paint themselves further into new corners. After a period of coverups, the next batch will reveal the new perfidy. And so on. At some point, one of the Team Rats will fink on the Pack and reveal how far and wide the manipulation goes. You can bet your boots that UK’s upper crust is in this up to their eyes because of the unimpeached whitewashes they have managed to construct on such short notice. As always, follow the money.
Enough to make you sick yet? Feeling a little green?
But as time passes, these emails become ancient history. At some point the release of what people were talking about in 2003 or 2009 become less interesting. So there is some sense that the product in the encrypted file is “perishable” in that it becomes less relevant as time passes.
Mmmmm…..
Has to be a rational sequence of numbers and/or letters. A random sequence would be open to error in use.
How about Perfect Number sequence?
6,28,496,8128, etc
Of course, Douglas Adams may have been right and the answer is 42
This one is interesting, maybe, I don’t know:
So what were “the problems” with CA? Someone got unauthorized access to something?
REPLY: See “the mole” CRU left open files laying about, CRU thought they’d been hacked. Idiots – Anthony
“THIS IS NOT A GAME!”
Indeed. Hansen has over a million dollars of income just in giving talks on the subject as only one example of many. “Accidents” can be arranged in many parts of the world for a tiny fraction of that amount. There are entire industries at stake here and the investments of a lot of politicians and their kin. There are six figure careers on the line of very highly politically connected people. If AGW is debunked, there are a lot of powerful people who could face disgrace and financial ruin.
This certainly is not a game to many people, it is their entire life.
“”Crispin in Waterloo says:
November 22, 2011 at 11:02 pm “”
The intellectual capacity of “the releaser” must be awesome to be able to decide such a release sequence. To be able to understand the relevance of groups of emails within the overall context of “Climategate” indicates to me a person well positioned in the climate science hierarchy. Be a usefull fellow to have on your team, any team.
Now if we just had quantum computers… They are born for jobs like this.
Woohoo! I think i’ve cracked it – its none other than Prof. Stephen Falkens son’s name!
What was it?
Would you like to play a game?
1. Tic-tac-toe
2. Chess
3. Hide the decline
4. Global Thermonuclear War
George Turner says:
November 22, 2011 at 6:22 pm
Has anyone tried downloading the 7-zip password cracker that is used when you forget the password to your 7-zip archive?
Only works with numbers (no letters) and non-encrypted archives.
all.7z seems to be AES-256 encrypted.
No chance.
Kev-in-UK is right:
‘No – I mean, seriously? Thinking logically, this person is not doing themselves any favours with this stunt. Either the hidden emails are ‘gold’ or they are worthless cr*p – either way, leaving the world in suspense is not doing anything for their credibility – in my opinion, anyway.’
Added to that if he/she (why the male assumption :o) is really concerned with the ethics of this the longer it goes on the more people die at the hands of this nonsense.
It is estimated in the UK alone this Winter an EXTRA 2,700 elderly people will die because they can’t afford to heat their homes because of the green taxes, people are starving the world over because it is deemed ok to put food into fuel tanks instead of into people’s mouths, animals are having their habitat cut down in order, again, to plant bio-fuels; if they really cared surely they would want this to come out as soon as possible!
I’m not sure this effort needs as much brute force as it would seem. Think logically as FOIA would. You don’t make up a password on your own because writing it down incorrectly and/or misplacing it is too risky. You want these emails to be read eventually. So, you use a password that you can access at any time without chance for error. I suggest as others have suggested that the password is some combination of characters from one or more released emails. My belief is that the passcode is contained within one email so that all FOIA then needs to do is copy/paste from an email into a password.
It’s a trap!!!
It’s a trap!!!
According to my models, the computing power required to crack this file might raise the planet’s temperature by no less than 6°C.
Try: “Mellon” or maybe “Ennyn Durin aran Moria. Pedo mellon a minno”
Say “Friend” and enter the gates of Moria. . .
🙂