There’s an embedded archive file called all.7z which contains thousands of additional emails and files.
The 7zip archiver in which this is stored uses 256 bit AES encryption. It’s a tough nut to crack.
“FOIA” chose this most likely because there are no effective tools for 7zip, while there seem to be many for standard .zip and .RAR files.
From their website: http://www.7-zip.org/7z.html
“7-Zip also supports encryption with AES-256 algorithm. This algorithm uses cipher key with length of 256 bits. To create that key 7-Zip uses derivation function based on SHA-256 hash algorithm. A key derivation function produces a derived key from text password defined by user. For increasing the cost of exhaustive search for passwords 7-Zip uses big number of iterations to produce cipher key from text password.”
The password can be 2047 or 8191 characters long, depending on your operating system.
I’m doubtful this password will be cracked anytime soon, maybe DoD could do it. Chances are that “FOIA” chose a very long password, that could take years to crack by a brute force attack.
“FOIA” is holding this in reserve, making it known that it is there, ready to pull the firing pin. I expect we’ll see it sooner than later as the reaction so far from RC and the Team is continued arrogance.
Julian Williams in Wales has an interesting take:
Maybe the passphrase is so complex to be uncrackable; is that possible? Surely after having sat on this material for two years FOIA would have made a decision how he is going to play this, and it just makes no sense to put most of the material behind a crackable passphrase.
But supposing he then sent the passphrase to Phil Jones and M Mann with a threat; Resign now, get the hell out, otherwise this passphrase goes online to the general public. That is a strategy that might push FOIA’s enemies out without completely disgracing the “scientific community”
Just another way of looking at what might motivate FOIA.
Discover more from Watts Up With That?
Subscribe to get the latest posts sent to your email.
The password has to be something that doesn’t need to be written down but can be conveniently accessed, can’t be hacked and can be passed on verbally. The last highly likely IMO.
If I were a cryptographer trying to crack this I would start with books in project Gutenburg. Every sentence and every paragraph should be a manageable number.
Although it occurs to me that the archive contains nothing but junk, and is a bluff aimed perhaps at Jones. Jones’ comments indicate to me there is more incriminating stuff that no one has yet made public.
i found out what the password is but i am not telling unless you send me 100 million dollars in unmarked bills.
Has anyone considered … setting up and running some ‘test cases’ (known, encrypted test files with known passphrases) using .7z files – something everyone could run just to assure that newbies and professionals alike could verify method and means as well as technique?
Any pointers/tutorials existing for same? I ask more for those coming into cryptography for the first time (I’ve got Bruce Schneier’s first book on the subject; could not at the time believe it was actually published!) …
http://www.schneier.com/
.
Re: Mashiki
Rainbow attack – Wont work because the password is fed through SHA multiple times and therefore there are no rainbow tables available.
Hashed attack – Not applicable
Brute Force – Not feasible for any reasonable length password (billions or trillions of years).
Dictionary attack – About the only possibility.
Non predictive branch heading – Never heard of this. Sounds more about what the processor does than anything to do with cryptography.
Re: Kurth Bemis
AES = Advanced Encryption Standard – not American Encryption Standard and was developed by a couple of Belgium’s.
My speculation regarding the strategy of controlled timed release of emails is this: There seems to have been an understanding as to the lengths governments and media would go to brush the uncomfortable truth under the carpet with the first release. The secondary release with an even larger locked cache still to come acts as a threat to governments. Cease and desist with any plans for CAGW legislation or prepare to be embarrassed and completely exposed.
Lucy Skywalker>
I was using Winrar and it appeared to work fine. I didn’t wait for the whole archive to unpack, or check the results – it simply started unpacking instead of giving whatever ‘incorrect password’ error it gave with other passwords. Either I was overly hasty – that is, an idiot – before, or I’m doing something different now.
I’ll double check in the morning 🙂
Joshua says:
November 23, 2011 at 1:17 am
Woohoo! I think i’ve cracked it…
No. You are just telling a big WOPR.
Ummm,
To the password crackers:
What languages are being tried ?
Russian
Chinese
French
Some old computer language
A mix of all the above ?
I personally would use a mix of all, and not be worried.
Then again, I have no idea what I am talking about.
Just a thought.
I would expect the passcode to be something like CQkKFA8PDBEYFRkZFxUXFxodJSAaHCMcFxchLCEjJygqKioZHy4xLSkxJSkqKAEHCAgKCQoTCwsTQ4aOSNwGRh/dYA4IPQis0a9rmnSwP4h0jT7OxnmjthcWGpPcsksjhI96NBH8rOyrlSxBZcjbuZea. Only longer.
Have it saved in multiple places on the internet, copy & paste it anytime you need it.
(Or paste it into a comment at CA someday.) 🙂
drowssap
Only problem is, once you open the archive, there’s a good chance that you’ll find several encrypted archives inside.
Password voted best joke at this year’s Edinburgh Comedy Festival:
SnowWhiteandtheSevenDwarfs
So did it turn out to be ” A miracle has happened.” or ” A miracle just happened.”? The latter was the original, no?
Roger Carr says:
November 23, 2011 at 7:11 pm
Password voted best joke at this year’s Edinburgh Comedy Festival:
SnowWhiteandtheSevenDwarfs
OK, so it is eight “characters” long –
it would now be rejected as being too short.
Well, at least 7 eights of it.
🙂
Che: With 7zip, you can open the archive to see the files in there. There’s a folder called ‘all’, 805MB in size (compressed to 138MB). The first file is named 1000064167, and the last is named 999981722, followed by a file called README. Unless individual files are encrypted with different passphrases (possible I think) one passphrase will decode them all.
Maybe it is ‘Willis Eschenbach’ (“who made the first FOIA request to Phil Jones and the CRU to release his taxpayer-funded temperature data collection.”)
http://wattsupwiththat.com/2011/11/23/mr-david-palmer-explains-the-problem/
Maybe the name of the agent in control of the release of the encrypted files (FOIA) is the link to the password. Maybe the code is Mr. David Palmer, Mike Mann or Phil Jones? Just puttin it out there. Keep it simple – if he/she/they want this cracked, he/she/they would not be making it difficult.
The NSA has purpose built hardware to crack AES. Else they would never have approved it for US government secret documents. Otherwise, some fool clerk loses the passwords and the government is out of business.
It comes down to risk analysis. Banks keep their money in vaults, but they always have a way to drill the lock if the combination is lost. Same with state secrets. Otherwise your enemy only need destroy your passwords to destroy your country. Rather than being more secure, you end up less secure.
Has anyone tried “Purity of Essence”?
I am going to consider the password to be uncrackable for the time being. Whoever has control over that file says in the README.txt that they are not planning to release the passphrase but they have put the file out there in case those plans change at some point. I don’t think anyone is going to be successful in a brute force crack unless the passphrase is believably short.
The README also says that they haven’t read all of them. This was apparently sifted with various keyword searches so at this point nobody except the original principals involved can know what is in those emails still encrypted.
The highest numbered text file is 5349, but there are only 5292 .txt files in the folder.
I wonder if the 57 missing files, having 4 numbers each, in some way makes up the password.
What about a distributed computing project, like the one that didn’t work for SETI to try a brute force approach run by all the sceptics on their PCs? 100 years is only a few months divided by 1000 people.
This might be really silly, I might have gotten the wrong end of the stick.
How do we know that FOIA has zipped this. Isn’t it possible that he lifted the all.7z file from UEA already encrypted and has reached the conclusion that he can’t get into it. Perhaps FOIA is looking for some crypto help.
For those who want to try cracking it with known pass phrases.
The cli program is C:\Program Files\7-Zip\7z.exe (well in my win7 it is, theres also a 7za that I’ve seen mentioned).
Trying (and generally failing) to extract the entire all.7z archive is silly, all you need to do is extract the first file. The first file in the archive is all\1000064167
So open a CMD window.
Cd to whereever you’ve put the all.7z archive. E.g. cd Downloads\FOIA\
Try a password by doing
“\Program Files\7-Zip\7z.exe” -p”A miracle just happened.” x all.7z all\1000064167
if it doesn’t work
del all\1000064167
and try again.
[It’s easier to automate this to try hundreds of passwords and variations in perl on Linux but that’s left as an excerise for the reader…]
Don’t waste your time trying to crack the passphrase.
Even an incredibly weak password such as:
Password1234
is practically unbreakable (1.04 years in a massive cracking array scenario. Assuming one hundred trillion guesses per second) .
https://www.grc.com/haystack.htm
A simple phrase such as:
maryhadalttlelamb!
would take about 14.32 billion centuries to break in a Massive Cracking Array Scenario.
https://www.grc.com/haystack.htm
But supposing he then sent the passphrase to Phil Jones and M Mann with a threat; Resign now, get the hell out, otherwise this passphrase goes online to the general public. That is a strategy that might push FOIA’s enemies out without completely disgracing the “scientific community”
Just another way of looking at what might motivate FOIA
===========
Hmmm! Blackmail – thats a good one