There’s an embedded archive file called all.7z which contains thousands of additional emails and files.
The 7zip archiver in which this is stored uses 256 bit AES encryption. It’s a tough nut to crack.
“FOIA” chose this most likely because there are no effective tools for 7zip, while there seem to be many for standard .zip and .RAR files.
From their website: http://www.7-zip.org/7z.html
“7-Zip also supports encryption with AES-256 algorithm. This algorithm uses cipher key with length of 256 bits. To create that key 7-Zip uses derivation function based on SHA-256 hash algorithm. A key derivation function produces a derived key from text password defined by user. For increasing the cost of exhaustive search for passwords 7-Zip uses big number of iterations to produce cipher key from text password.”
The password can be 2047 or 8191 characters long, depending on your operating system.
I’m doubtful this password will be cracked anytime soon, maybe DoD could do it. Chances are that “FOIA” chose a very long password, that could take years to crack by a brute force attack.
“FOIA” is holding this in reserve, making it known that it is there, ready to pull the firing pin. I expect we’ll see it sooner than later as the reaction so far from RC and the Team is continued arrogance.
Julian Williams in Wales has an interesting take:
Maybe the passphrase is so complex to be uncrackable; is that possible? Surely after having sat on this material for two years FOIA would have made a decision how he is going to play this, and it just makes no sense to put most of the material behind a crackable passphrase.
But supposing he then sent the passphrase to Phil Jones and M Mann with a threat; Resign now, get the hell out, otherwise this passphrase goes online to the general public. That is a strategy that might push FOIA’s enemies out without completely disgracing the “scientific community”
Just another way of looking at what might motivate FOIA.
Has anyone tried “Nothing to see here, move along”? 🙂
If this is word based, and up to 8k characters, I would try brute force based on quotes from the warmanista’s articles, papers, or books. Maybe a transcript of Al Gore’s 24 hour Boondoggle.
Try them in various languages as well.
This idea ^^ shouldnt take more than a year.
I think the motivation for the release of the encrypted file is simple. This action gives the story legs. Those responsible are clearly playing a media and public relations game; the timing of their releases makes that much clear. The teaser is designed to attract maximum publicity and sustain it for as long as possible.
It certainly would be a hoot if the password turns out to be an English phrase (“Hide the decline” or whatever) although I think that’s rather unlikely. Using such a weak passphrase would mean relinquishing control over the timing of the disclosure and that’s inconsistent with the M.O. here.
climate creeper said on November 23, 2011 at 6:26 am:
Nah, the Twelfth Task was only to capture Cerberus, not kill. Besides, would that be Hercules, or Heracles, or perhaps Herakles? And that’s without considering the possible use of his original name(s)…
I don’t believe that it’s going to be feasible to crack the password in any amount of time that is going to prove useful. To me it seems evident that the presence of the file containing 200K+ emails is a threat (or maybe more gently termed a “reminder”) to “the team”: play it straight because you will be caught and exposed very publicly if you don’t. The “team” certainly must know what’s in those encrypted emails, and it’s bound to be very incriminating.
Well played, FOIA!
Mike Smith says:
November 23, 2011 at 7:34 am
I think the motivation for the release of the encrypted file is simple. This action gives the story legs.
No skilled police investigator would ever tip his/her hand as to the complete evidence they have against a suspect ‘early’ in the investigation. It’s always better to listen to the endless lies first.
In any scandal, the powers that be have to make a decision as to whether they will go the ‘whitewash’ route or ‘throw someone under the bus’.
The whitewash route has been done. Now there is a second set of emails and the possibility of an even larger set coming out.
.
Ok, some tidbits for you to work with. Since these Readme file comes with quotes, then why not Google search with quotes?
The first sentence:
“Over 2.5 billion people live on less than $2 a day.”
Comes from:
http://givewell.org/international/technical/additional/Standard-of-Living#footnote9_7ctwcpa
The second sentence:
“Every day nearly 16.000 children die from hunger and related causes.”
Comes from:
http://www.squidoo.com/world-hunger
The fifth sentence:
“Nations must invest $37 trillion in energy technologies by 2030 to stabilize
greenhouse gas emissions at sustainable levels.”
Comes from:
http://www.scientificamerican.com/article.cfm?id=iea-low-carbon-co2-investment-energy-demand
Note that these quotes come from 2009 and 2010.
Note also, that the writer is European/Russian, as they have changed the ‘thousand divider’ from a comma to a full stop.
.
Did anyone ever find M. Mann’s formula for “Hide the decline”
That would be a good password, even Mann probably wouldnt guess that we found that. LOL
You will note that FOIA supports some of the goals of the warmists, but she is still angry.
Why? Because the CRU had a deal with her, and it would appear that they reneged on it in some fashion. Thus FOIA is still greatly grieved.
But she is safe, in deepest darkest Russia, and neither PJ not MM can get even close to her. Keep it up, Nady.
.
Well, I can make one very reliable prediction about when the MSM will notice this story with anything even remotely like a journalists eye. It won’t be until AFTER Durban.
I’m by no means an expert on cryptography, but I know enough about it to have a feel for the numbers involved here. If whoever encrypted this was competent, and didn’t want it decrypted there is no hope of cracking it (unless there is some flaw in the implementation of AES 7Zip uses, which is possible, but quite unlikely,) barring some fundamental advance in mathematics or computing.
Now, it is possible that the person who encrypted this wasn’t competent, and did something stupid. I think that’s unlikely, but more likely than, say, a flaw in the implementation. It is also possible that the person who encrypted this intended that it be cracked- I’d say that’s actually the most likely scenario that would allow it to be cracked. So it’s worth trying the obvious things, and maybe some not-so-obvious things. But if one of these three things is not true (flaw, incompetence, intentional incompetence) it doesn’t matter what approach you take- you will not brute-force this. Even if all the economic activity of the planet were applied to decrypting it it would be impossible in any reasonable time-frame (and I use a very generous definition of reasonable here.) The numbers involved here are _large_.
The released emails contain sections which have been “REDACTED.” This indicates they perhaps form part of a response to someone’s FOI request. This leads to the possibility that FOIA has ongoing access to internal communications. Perhaps we are about to be given access to the inside aftermath of Climategate 1.0.
Wouldn’t it be fun to be a fly on the wall…
PS – Given the theory the emails are part of an FOI response, the officer in charge must have believed anyone whose name is not redacted from the emails is part of the official affair in question.
“I’m not sure this effort needs as much brute force as it would seem. Think logically as FOIA would. You don’t make up a password on your own because writing it down incorrectly and/or misplacing it is too risky. ”
Good thought. How about starting with the American constitution and other freedom oriented documents? Or for irony’s sake the UN charter.
Ralph,
I have what I promised our friend.
Thanks for the time.
Blair, I suspect this person is not in the US and has possibly never lived in the US so US documents would not be interesting. Also, this exposure of the actions of “the cause” would not advance the interests of either China or Russia. In fact, it would do just the opposite. “Climate change” imposes a huge drag on the economies of the West and hamstrings them. It prevents our economy from growing and forces more business activity out of the industrialized West to the benefit of those countries. China would want to bankroll “the cause” as the return on investment would be enormous. Anything that can be done to hamstring the US energy supply thereby directly hamstrings our economic growth. You can not increase production of anything without increasing energy consumption. The entire purpose of this is to use a CO2 scare to increase regulations which greatly increase energy costs which then force business activity to migrate to places with no such regulations. It is “redistribution of wealth” on a global scale using fear of CO2 as the mechanism to persuade people to buy into the regulations that enable that redistribution.
Look, if I produce apples and if I want to double my production of apples I must make twice as many trips to market, must wash twice as many apples, must pick twice as many apples, cultivate twice as much land, etc. All of that increases my energy consumption. There is a direct correlation between energy consumption and GDP growth with some allowable slop for changes in efficiency of use. We are extremely efficient in our use. BTUs = Dollars of GDP if you hamstring the BTUs, you hamstring the GDP. It really is that simple.
The REDACTED areas that I’ve seen were clearly labelled as “Family” or “Health” issues that are none of our concern. Such as: (email 0012.txt)
3) On a strictly personal note, [[[redacted: health, 3rd party]]]
I think FOIA did the right thing on this. Stuff like that are none of our business,
Dave says: November 23, 2011 at 6:36 am
Just to confirm, the password given above is correct: “A miracle has happened.” – case sensitive, with the full-stop(/period), without the quotes.
I cannot get this to work.
Forget all your rather silly attempts at cracking 7. You aint gonna do it ! Just sit back, grab a biere and popcorn, read the manna from heaven and wait longingly for your next present.
FOIA, who ever you are. Thankyou, thank you, thankyou. You have given me the best laugh in years. Your tactics are genius even if they are less convoluted than expressed on this site, just brilliant.
I know there’s plenty of arguments on processing power, but most people are looking at this from a CPU benchmark. GPU cracking is fast, very fast especially when using rainbow, hashed, brute and dictionary attacks because it uses non-predictive branch heading. Which is the direction that password breaking has moved in the last year. Providing that someone has the time and effort, a 8-line bank of modern GPU’s could probably crack it in a few years, that is providing that it falls into one of those normal password groups. Or the old fashioned common passphrase range. Otherwise, you’re probably looking at it taking longer.
A miracle has happened.
– Not working on linux 7zip 9.04 beta
Lucy Skywalker said @ur momisugly November 23, 2011 at 11:38 am
“I cannot get this to work.”
Neither could I. Frustratingly, 7zip hangs after each attempt and I have to kill the process [64-bit Win7/64-bit 7zip].
As I surmised earlier, it’s going to be something blindingly obvious with hindsight. Also, it will be considerably longer than “A miracle has happened.” That would be susceptible to brute force and I believe this is a logic game.
Wouldn’t be more efficient if people choose the same crack pot engines and work with specific character lengths only so as no two are doing the same work others have already done. This should work with the brute force tactics as well as dictionary work (as in using different dictionaries to work with)?
:p
Folks, AES is used by the American government (AES = American Encryption Standard) to protect everything, including material with top-secret designation. Even with a cluster from the top500, it would still possibly take longer then the age of the universe to break. Simply isn’t going to happen. Wikipedia will tell you everything you need to know….GPU isn’t going to help much due to the
The other reason for not releasing everything is to prevent information overload. 5k emails can be read and analyzed. 200k+? So much information that it would be nearly impossible to build anything reasonable out of it in any amount of time. Similar to the Afgani War logs that Wikileaks released. The press didn’t care because there was too much data to sift through and not enough time.
The reason it’s been distributed is so that it cannot be removed or suppressed. From my servers alone, over 15k people have downloaded the full archive. If push comes to shove, the passphrase will be released, and there will be no way for any government to stop the spread of the information, which, after all, is one of the goals here. Possibly blackmail too. Fun.
The rest of the emails will be released at some point. Keep your pants on and be happy with what you got. ;p
Sorry Kurth. AES is a standard which many use, but passwords fail because of human stupidity. GPU cranking against tables is fast, even with 50 character passes, which are uncommon. Most passphrases are words, or phrases under 10 characters. And that’s what you always run against when you’re braking a passphrase 95% of the time. Seeing 100,000 tries per-second per single GPU isn’t uncommon these days, and cheap GPU cracking rigs(4 cards) can push over 1m passwords tries a second if configured properly and using the right software.
Brute forcing? Cheap, easy for the common person. Especially when coupled against what people normally use for passwords.
I think whoever released the emails has a clear plan. The other emails may be released when whoever is responsible is ready. As was said above we can only take in so much information at once. Whatever is in the mind of whoever released may become come clear soon. Who knows for sure. At the moment all we can do is sit back read the emails figure out their meaning and see if there is a suitable response this time. This could be what whoever released them is after. Things like this take time to change and in the grand scheme of things waiting 2 years for more information isn’t that long. I’m going to sit back and enjoy the view.