So uh...in the 19 hours since this video was released, there has been a HUGE update which makes this video at least partially obsolete. Watch Part 3 here: kzread.info/dash/bejne/qJl925Opeq2af9o.html

@etaraz7966

26 күн бұрын

Hope we get an update soon! Keep up with the good work man.

@soiten

26 күн бұрын

i'll be watching videos about minecraft misteries for three days in a row 😭 (they're good tho)

@ZackLuquettte

26 күн бұрын

Already😂

@sesameoil0009

26 күн бұрын

bruh hahahahahahaha

@zixea3318

26 күн бұрын

Bro got smashed by the power of human will. 💀

"Hey, RetroGamingNow, this is Mojang. We saw your video about the 7z thing. It seems to be... Popular... How much money can we pay you to make another video telling people not to crack the password?"

@Jake28

27 күн бұрын

LOL

@thatwelshman2713

27 күн бұрын

Lol, it sounds like it for someone who loves mysteries he's really trying to get people to give up cracking it. To be honest do I think it's anything big? probably not lol but it's stil funny.

@SparkingSparks

27 күн бұрын

This feels extremely out of place, and a weird follow up I just don't see the thought process for creating this video the way he did, if he was slightly less leaning on "don't solve it guys, not worth it" I'd find it less strange but it's like the sole purpose for this video was discouraging people from solving it. Maybe he really just thinks it's not worth it or too risky? Idk it's odd.

@CrateSauce

27 күн бұрын

Hi mean he explains it in his video. It's most likely a crime. Big risk, small reward.

@GhostGlitch.

27 күн бұрын

​@@CrateSauce It being a crime only really matters if Mojang were to push back on it. And if it does get cracked and really is nothing valuable, it'd be a problem disaster for them to do so

The fact there was never concrete proof of anyone opening and proving the files is 1.0 will always perpetuate the mystery no matter how mundane it is.

@Reyes-zq9qv

27 күн бұрын

True. But if the contents of the file are as mundane as they say, it makes me think there's a small chance that a former Mojang developer might come forward and publish the password somewhere. Since there isn't anything secret inside the file, there would be no reason to keep the mystery alive. Or perhaps that is exactly what they wanted from the beginning - a hoax. This whole mystery has brought a lot of attention to the game and united the community in the common goal of trying to crack the password and solve the darn mystery, which makes me think it might've been intentional.

@Russellsauce

27 күн бұрын

when we put our minds together, humans have achieved many seemingly impossible accomplishments throughout history, and I think cracking this code is in some way, shape, or form as possible as erecting a mile tall skyscraper, but what do i know : /

@dumbprotogen

27 күн бұрын

​@Reyes-zq9qv The devs has said repeat that they forgot the password. So even if it is as mundane, it's probably they just don't remember. Of course, they could be lying but I don't think they're trying to create a hoax assuming that is it just minecraft 1.0

@twta_

27 күн бұрын

​@@Russellsauceyeah but this aint worth anybody's time

@_Shay_

27 күн бұрын

@@Reyes-zq9qv Like RGN said it’s very likely no one at Mojang remembers the password. The decoy swap and that talk show video clip was the hoax and entertainment not the original. Someone at Mojang (most likely Tobias) saw the traction the topic was getting on the forums and had an idea to actually turn it into a game for the community. Which I think even further proves the OG file had nothing special.

The idea of someone suggesting "just break the AES-256 encryption" as a solution is up there with Q suggesting "just change the gravitational constant of the Universe" as insane overkill solutions

@JK-gm6kk

27 күн бұрын

"I don't need your fantasy women!" Commander William T Riker

@drmonkeys852

27 күн бұрын

Queue the bill gates with an overly large pin pong racket meme

@GhostGlitch.

27 күн бұрын

Yea, just completely destroy modern cryptography. NBD

@VixYW

27 күн бұрын

Give it to the 2b2t community. They are the masterminds of overkill methods when it comes to minecraft. They'll break the encryption wide open in a week with the right incentive, regardless of the consequences.

@JmbFountain

27 күн бұрын

Probably more likely to try and break the encryption implementation of 7zip

7:47 I am devastated that "admin" is not among the top 96 passwords.

@snowrose124

27 күн бұрын

by any chance, would your password happen to be admin?

@XarmenKarshov

27 күн бұрын

The general userbase probably don't know what admin means honestly. You have to think, one of the only things people keep admin as the password for is their internet router because the ISP puts it there.

@justanew

27 күн бұрын

lol first things i saw were f###me and f### lol

@applesource8261

27 күн бұрын

@@snowrose124 probably not but since most standartpasswords are admin its probably likely. Just the amount of companies that probably never set up their passwords along should have made the list

@hariranormal5584

27 күн бұрын

@@applesource8261 Yeah. vendors now are randomizing passwords. newer routers and appliances do not use admin as logins anymore because people do not change passwords.

12:55 - For what it's worth, I just downloaded the original file and decrypted it no problem. Some of us remember the password. 😉

@tameranian

27 күн бұрын

evil

@IQorJustQForShort

27 күн бұрын

WHAT!?!?!??!???

@Gufler_

27 күн бұрын

YO

@zenreeio13IIIlI

27 күн бұрын

If someone wanted proof RetroGamingNow was asked by Mojang to incentivise people to NOT decipher the password. There it is

@AstoriaGaming

27 күн бұрын

you have the chance to do the funniest thing ever and tell people some clues also hello Nathan!

Ok so this time I've actually figured it out. Tominecon is actually not the words "To MineCon," it is the words "Tom in Econ." The file contains the Economy Class notes of a student named Tom. His friend who worked at Mojang accidentally uploaded it to the Mojang servers and was unable to figure out how to remove it, so he encrypted it to prevent anyone from accessing Tom's Econ notes. Why are they so sensitive? Well, they actually contain a brand-new economic model distinct from any conceived before, where all money is given to Entity 303, who eats it and in exchange hacks the code of the simulation of reality to give people food and other basic necessities. Tom didn't want his idea getting out because he was not ready to reveal it himself and couldn't have anyone claiming the idea for themselves. I have to type quickly because Tom has Entity 303 himself going after anyone who knows the truth, but the key to open the file is-

@DoorstopperDoesntCare

27 күн бұрын

lol

@notaulgoodman9732

27 күн бұрын

Wow

@_3XP

27 күн бұрын

I thought it was a guy named Tomine, who was a con.

@sW1chyboi

27 күн бұрын

You had us in the first half ngl

@Spinex0196

27 күн бұрын

bro wrote a whole paragraph about 'tom in econ'💀💀

I don't know why people haven't tried this yet but the password is most likely in Swedish. Mojang at the time was mostly comprised of a very small development team.

As a software developer I feel reasonably confident that someone who worked for mojang and was at minecon needed some files from the mojang private file server which couldnt be reached from outside the network. As a workaround someone in the office zipped the files with a password and slapped it on the public server so it could be downloaded, sent the password to the person who minecon who downloaded the file, got what they needed, and then deleted the password from their chat history to be safe and no one remembered to go back and delete the file from the public server.

26 күн бұрын

That's what I thought of as well. After all it's called tominecon and not forminecon. To me, that sounds like sending some information to someone else.

@LavaCreeperPeople

25 күн бұрын

nice

@giin97

24 күн бұрын

100% what I expected. Network restrictions, email attachment limits way to small, throw it on a public server with a password.

@leakingamps2050

13 күн бұрын

Dinnerbone said that he had to go through his old emails, but still had the password

bros being held at gunpoint while recoding this video for sure

I’m calling it now, somebody is going to comment “As someone named John S., I feel personally called out.”

@memorymanxd

27 күн бұрын

As someone named John S., I feel personally called out.

@Sploobicious

27 күн бұрын

He knows who he is

@DukeOfLasagna

27 күн бұрын

Well, that's technically my dad's name 😂 should I tell him to subscribe?

@ichangedmynamenow3478

27 күн бұрын

YOU KNOW WHO YOU ARE JOHN

@jonskillings1258

27 күн бұрын

​@@ichangedmynamenow3478 Me, breathing a sigh of relief that I'm Jon

The actual responses in your server were so damn funny. Nobody knew what they were talking about LMAO.

@adansmith5299

27 күн бұрын

i got a headache from that discord user talking about infiltrating the file with a virus

@a-bombmori7393

27 күн бұрын

​@@adansmith5299 AI deep learning is what does it for me

@pieru

27 күн бұрын

digital natives at work

@Wyattporter

27 күн бұрын

@@adansmith5299same, I was like “and how, pray tell, would you do that?”

@pianoboyedm4829

27 күн бұрын

do people not realize half of them were being sarcastic

Guess we'll just have to wait until they get quantum computers to work.

@U20E0

27 күн бұрын

The thing is, AES is a symmetric cipher.

@Blarttttt

27 күн бұрын

AES is resistant against quantum computers

@plankera

27 күн бұрын

@@BlartttttFor now, soon (as in a maybe a couple decades) they will surpass AES 256 which is why people are working on new encryption algorithms that neither binary nor quantum computers can crack.

@JK-gm6kk

27 күн бұрын

absolute zero to cool a quantum cpu has to be an enormous pain as it is

@drmonkeys852

27 күн бұрын

@@plankera Well the algorithms actually are already done and have been published in the new TLS 1.3 standard. It's now on the developers to update software so the encryption is quantum proof

imagine someone finally gets the password for the 7z after nearly 15 years, and realize that mojang wasnt lying when they said it was just 1.0

@Kibutsuji_Muzan7

27 күн бұрын

The things Dinnerbone said about the file are terrifying , if its true , means all the others were lying

@FAB1150

26 күн бұрын

Well sure, I think it's something mundane. But now it's become a challenge to crack it, less for the content and more for the act of cracking it:)

@MoDrama_BandDqw4

26 күн бұрын

@@FAB1150 but still, that would be so dissapointing and underhwleming

@plasmachicken

26 күн бұрын

​@@Kibutsuji_Muzan7 Dinnerbone posted the content 😮

I usually don't comment anywhere but i really gotta say this. 1.0 was compiled on the 14th of November 2011. This means that even release 1.0 is older than this mysterious file. Everyone can find that out by just opening the 1.0 jar file with any kind of zip or rar program. If it is not the 1.0 jar file, which i doubt that it isn't, then it is definitely just some presentation data from Minecon 2011. Whatever is in that file it is probably not that special but it probably has some historical value to some archivists. I personally don't care about the contents but it is interesting to learn about passwords and how they work

@zane49er51

27 күн бұрын

I wonder how large a minecraft release is with all the debug headers and such kept in. It could both be "the minecraft 1.0 release" and also something exciting - it would be cool to get a slightly better glimpse into how miencraft devs named functions and variables at the time, or as the original video theorized, some kind of proprietary tooling

@orclev

27 күн бұрын

@@zane49er51 Wasn't Minecraft still written in Java at the time? If so there really isn't debug headers (or debugging symbols) in the traditional way, it's all just class files and there's no difference between release and debug builds. If there's anything sensitive in that archive, I think the most likely scenario is some signing certificates. That said unless Mojang were morons on a scale that boggles the mind, there's no way they would actually put signing certificates into an archive that was uploaded to the internet even IF it was password protected. Signing certificates are treated like nuclear launch codes, ideally air gapped and entirely offline.

@LosFarmosCTL

27 күн бұрын

@@orclevmojang obfuscates all the classes and functions in the released jar they might’ve not done that during the 1.0 time, no idea anymore too long ago, but if they did and the archive contains one without the obfuscation that could be pretty cool for 3rd party devs

@zane49er51

27 күн бұрын

@@orclev Yeah it was. I still only play Java so hearing it like that sounds so off lol. You're right, I forgot the JVM worked that way. Still, they obfuscate as losfarmos said. They also don't resist deobfuscation in their EULA so it would be cool to use the official names in forge/fabric

@zane49er51

27 күн бұрын

Plus there are some bits that don't get as much deobfuscation work done on them like most of the minecart related code. It would help get a baseline everywhere that the old version included

Isnt it funny how the guy saying “thats illegal territory” is the same guy who said “brute force it”

7:46 The fact that passwords like "penis", "fuckme", "fuck", "fuckyou" and "asshole" are considered some of the most popular passwords is hilarious to me.

it's like a lootbox that you know sucks but are still willing to spend $20 on

@vnc.t

27 күн бұрын

you don't know it sucks, someone said it sucks maybe it does maybe it doesn't

As someone named John S., I feel personally called out.

@madeformario

26 күн бұрын

the self report is crazy

@therealwisemysticaltree

26 күн бұрын

somebody called this comment

Trying to teach minecraft kids Cybersecurity is a fruitless effort. Just crack the encryption, hur dur Also Dinnerbones is just trying to scare you. A publicly uploaded file is perfectly legal to crack.

@Zikiro

27 күн бұрын

In USA law this is not true. Even if something is public, unless you are given specific permission it is still considered illegal. Otherwise they couldn't go after people who publicly accessible directories that some company left public, but contained sensitive info like passwords, one time passwords, personally identifiable information or just general sensitive information.

@schwingedeshaehers

27 күн бұрын

it is not. it can also be illegal to share a password of a uploaded file.

@wedoalittletrolling723

27 күн бұрын

@@schwingedeshaehers it's not illegal if you're already a wanted fugitive (jk it's still is, but you just end up with additional charges + you prob have the police or feds on your tail)

@schwingedeshaehers

27 күн бұрын

@@wedoalittletrolling723 (in the case i thought about, that wouldn't be a good decision) (i thought that a whistleblower uploads an encrypted file with evidence/secret information, and passes the password for security to another person, you don't want that they have any reason to jail them before they can release the password, if something happens)

@shauas4224

27 күн бұрын

Its legal to crack but the moment you give password out - you commited a crime. I doubt mojang will care but nonetheless

I like it how you kept talking about the odds of finding the password for the 7z file for a solid ~5 minutes

@LavaCreeperPeople

25 күн бұрын

lmao, ikr

Hello Retro, I really enjoy watching your Minecraft lore videos, and the last two have especially caught my attention. I am a Computer Science student at UCO, and I just completed a Cybersecurity course for the Spring semester. I wanted to chime in regarding AES encryption while the information is still fresh in my brain. AES is a block cipher, meaning it will encrypt an entire block of data at a single time. The block size is always 16 bytes, or 128 bits. The default mode of AES (ECB, or Electronic Code Book) has a specific weakness where identical plaintext blocks will produce identical ciphertext blocks. This is due to the same, unchanged, key being used to encrypt each block. This means that if the file is encrypted using ECB mode, the overall pattern in the data will be easily visible even without needing to decrypt. There are a few other modes of operation used with AES, each of which require something called an Initialization Vector (IV). This is a random number that ensures blocks will produce different ciphertext regardless if they have identical plaintext. The IV has a fixed size of 128 bits (same as block size), which means it has 2^128 different possibilities. This means that if the file is encrypted using any mode other than ECB, you would need to guess not only the key, but the IV as well, leading to a calculation requirement of 2^128 * 2^256 (depending on the key size). If the IV generator is predictable, you can easily guess it but you would need multiple messages to see a pattern in the IV generation, and since this is a single file that is not an option. Overall the computation requirement would be around 2^384 to brute force an AES-256 encrypted file that was encrypted using a mode of operation including an initialization vector. I hope I could provide something you didn't previously know and these past two videos have been super interesting to me! I love being able to share knowledge from school so it doesn't just go to waste! P.S. If you use Linux and read the file in hexadecimal format, you could probably pick out a pattern pretty easily if encryption was done using AES-256-ECB!

@MrBlueBonez

27 күн бұрын

u should get a hold of the file and read the file in hexadecimal format using linux then

@alphonse5686

27 күн бұрын

@@MrBlueBonez here's the first bit of it in hex: 377abcaf271c0394c049adc0c570400003a00000003768fb1f708daf673562274e3b60a1d9368afd268838dbbcc947ab85195dea86f99f48a5d96f1e8a5aed3b4366cfd8744c7f51a52dcbddd7903cbbcd85293ecb1e8d4d2ac673929f6f8df96ca2f91935beec186b9d7d20b32c2df1e82df0d6a06f236ad0cf6efb62c79bbf15dc289bf3a74dfb7772594ed4b647ca54afc4328d63c382ec74ae5f97edc3a3ffe96b5ff2d865276d6ffce62ac842814dcdf45fb696d827b6ad1dc3828bcc92cef547152922e62ac5aa2f989563fe7fbfba7caabd317c111fb5141859776ea2672ee53ea743859df1f35def341ddb59d1268bd378aa4fa5a2a3123d6e2142752a79f221848413872c64359fc978b6b19bdbff44a7d7c9b6a28673729e56b3c40ab78b65c69f5c55985f452279bdd35d26e3dce81524cd2fbaca387d61b32eb125d517a1881f213172d8c206e409ce380f8cffb44859595e055271eacd8135a75f6a6559815afaaa5a7ad4b9d8fbbef4828514faec2b4775ec72fe9a112b8941612a3bbb6d24ad3247e8bf3a874d8e90a87a45228e99c1421de1ad5851b65ae1443614a9e02dbd43eec757b88391f20c1af2720f1f964e8c9dc713da28b41e50cf661220c2e9252a46acc5ebd88ac389fc0a62c9df9992a3da196f0157a2cf1 (way too huge to send the entire thing) i don't really see any patterns tbh

@etaoinwu

27 күн бұрын

Using ecb would be considered a fundamentally flawed implementation. 7zip uses aes-256-cbc. you also don't need to brute force the iv; iv is attached with the ciphertext (otherwise a user with the correct password would not be able to decrypt.)

@ethanfogarty9540

27 күн бұрын

​@@etaoinwu You are correct! The IV can be sent in clear text in the case of CBC (Cipher Block Chaining) mode. This is because the IV is only used as an input to AES for the first block of data. The resulting ciphertext / plaintext block is then "chained" to the input of AES for the next block, along with the symmetric key. It is cool to know that the file was encrypted using CBC! Thank you for pointing that out.

@vitulus_

27 күн бұрын

It's CBC, so its a lot more preferable to check passwords. The IV is not a secret -- and often isn't. Unfortunately, 7zip uses 2^19-times (~500k) iterated SHA256 on the password.

The most baffling thing to me is that if it's so mundane, why don't they just... tell us what's in there? Dinnerbone obviously knows something, and if it's as unexciting as he claims it is, what's the point in keeping it a secret? It's just weird and dodgy how secretive he's being about something so "uninteresting". Edit: Huh. Alright.

@martijnalblas1761

27 күн бұрын

They did tell us; minecraft 1.0

@lagomoof

27 күн бұрын

My bet is that it also contains the authentication server code for 1.0 which would have been top secret at the time, but has long since been replaced. Imagine they wanted to create a stand-alone, no Internet version of Minecraft that works like the real Minecraft to run at Minecon. That would be one way to do it.

@zacknattack

27 күн бұрын

​@@martijnalblas1761 but if it's just that, why not just give up the password and let people see it for themselves?

@darklex5150

26 күн бұрын

Probably because he doesn't want the mystery to die, if dinnerbone told you exactly what's inside the file and gave you the password, and it indeed turns out to be as mundane as he says then the mystery would die pretty quickly, in fact, you wouldn't be watching this video because this video wouldn't exist. The mystery is a mystery because we don't know what's inside, and the fact that IT IS A MYSTERY is the entertaining part, not what's inside, that's the boring part. Some mysteries are better left unsolved, this one in particular is that case. Edit: he apparently did want the mystery to die so people would stop nagging him about it lol.

@probablyaxenomorph5375

26 күн бұрын

@@darklex5150 Idk man, I'm more frustrated than amused at this point 😅 I personally find mysteries most interesting when they finally have a conclusion.

"why dont we try breaking the encryption" LMAO

@Rustmilian

13 күн бұрын

​​​@@QUBIQUBED Every single nation state actor in the world has been trying to do that, and they failed... You can't crack AES like that.

Start: Minecraft Middle: Vsause End: Minecraft

@gregoryturk1275

27 күн бұрын

I’m outside your home. Or am I?

@kianchristopher7704

27 күн бұрын

@@gregoryturk1275 This is a funeral for michael's unfortunate passing, or is it?

@gregoryturk1275

27 күн бұрын

@@kianchristopher7704 I’m dead. Or am I?

@acemany

27 күн бұрын

Oh yes, Michael here

@resphantom

26 күн бұрын

Hey Michael, vsauce here. What are fingers?

Just because the original tominecon.7z is uncrackable doesn't mean that's the end of the mystery: there's still the supposedly "junk data" binary blob in the decoy, which may turn out to be more meaningful upon closer examination (if no one has looked at it more closely yet).

@wedoalittletrolling723

27 күн бұрын

If you somehow crack it, i think you have the NSA after you because you'd be a risk to national security so the file would be the least of your concern as now you are a wanted fugitive. So don't bother, there is nothing interesting in it anyway. No source code or anything, just 1.0 release

@LavaCreeperPeople

27 күн бұрын

ok

@CuteistFox

27 күн бұрын

As a security expert, even long "secure" passwords are easy to crack if you combine the kaonashi wordlist (uses human phsycholagy) and the unicorn ruleset. You can probly crack it in 2 weeks with a RTX 4090 and hashcat.

@Rarisma

26 күн бұрын

the file is encrypted. we can't make sense of anything in the zip until its cracked.

@Hacker_Kamyko

26 күн бұрын

​@@RarismaThey're talking about the "junk" data in the decoy version which has been successfully cracked, with it's password being "thespicemustflow" (I think)

One should remember Dinnerbone is not a Mojang spokesperson nor were they even there at the creation of the original file so they really have no authority to tell people what they should do around this manner. Also, while it is true no one has given explicit permission to try and open the file, the fact that in 13 years no one with authority over the matter has said /not/ to is all the confirmation one needs to know it's fine. If this ever changes then yeah it'll be different, but it is plainly obvious that this is something the creators of the file are fine with and have been fine with ever since the initial community interest in the file in 2012, because as the "decoy" file indicates probably all of Mojang has been aware of this at one point or another back when it was actually relevant.

@zixea3318

26 күн бұрын

This is exactly what I was trying to say. Dinnerbone has absolutely no authority on the file. I think he’s only concerned about people getting arrested

@sharp14x

26 күн бұрын

Telling people not to would be make it far more compelling to do so.

@vombgrillz

25 күн бұрын

Crazy idea, maybe the content is illegal, and they can't rely on legal matters to protect the file, their only chance of keeping it hidden is to make people uninterested or afraid.

Bro really filled half the video with a summary of the last one

@seriouscat2231

20 күн бұрын

He's in love with his own voice. I hope other videos on this channel are better.

If it's so boring why don't they just *actually* tell us what's inside? As RGN pointed out in the last video, Minecraft 1.0 is too small by itself. So just tell us what else is in there

Cracking the file's password is worthless as the time bruteforcing the password is simply not possible at the time. There are 3 ways to approach this: 1) A weakness in SHA256 that reduces the entropy of the encryption key generation (even if broken that is just the key generation, not the encryption broken) 2) A weakness in AES256 that makes it easier to break. 7zip seems to use the CBC cipher mode and a 64 bit or 128bit long random IV (very unlikely atm) 3) If parts of the plaintext are known that helps in a known-plaintext attack on the encryption. We don't know what's inside, so that's not applicable We can only wait until we have the computational power for trying to bruteforce it or the encryption algorithm itself is broken. As long as we don't have it even trying to break it is not worth it

@lnro4494

27 күн бұрын

Could we really not throw quantum compute at this? The version of AES-256 used here was built way before quantum conputing was something people realistically had to worry about in 2011-2012. IBM also has publicly accessible albeit not free (most likely) access to qcompute. Perchance ?

@ScarredToons

27 күн бұрын

Has anyone done any kind of frequency analysis of the data? As I understand the CBC mode of operation is susceptible to this (just some textbook knowledge, so no idea on the practical side). Perhaps we can convince a state sponsored entity to care...

@Iwasneverevenhere

27 күн бұрын

​@@lnro4494no, for multiple reasons. (keep in mind that I don't know that much about it, so all the information below is what I've been able to piece together from quick Google searches - take it with a grain of salt!) One is that with the best currently known theoretical attack (Grover's quantum search), it would still take 2^128 operations (much less than 2^256, but enough to still be considered secure). The other is that this algorithm would require 256 qubits, if I understand it correctly. While machines with more than that exist (although I'm not sure how many qubits can be involved in any single operation), using just a single physical qubit would lead to unusably high error rates. Therefore, you need to represent one "logical" qubit with multiple physical ones, which also makes your operations much more complex. The highest I've been able to find with a quick search is 48 logical qubits. The highest for a successful Grover search seems to be much lower still. It will be interesting to see how fast these numbers will grow in the next few years. Finally, a comment: when people currently worry about post-quantum security, it's not because anyone is worried that it's currently possible to crack encryption with quantum computers, but because it's at least plausible that it might be possible within 20-30 years. Therefore, the risk is that encrypted communication that is still secure right now could be stored to be cracked as soon as it is possible, so we should be switching to post-quantum secure encryption as soon as possible.

@mega_gamer93

27 күн бұрын

@@ScarredToons The file is also compressed so there's probably very little non unique data

@mega_gamer93

27 күн бұрын

@@lnro4494 there is no such thing as a new version of AES. New implementations of an algorithm exist, and new algorithms exist as well, but there is no such thing as an "older version of AES" Besides, quantum computers are not some ultra powerful computing device that can do whatever you want it to. They can solve _specific_ problems extremely fast compared to conventional computers, and others very slowly. From what I know there is no known algorithm that can make cracking even AES-128 viable, much less AES-256. And besides, how would you get access to a quantum computer?

Funnily enough, after you mentioned the number of cells in the human body, my immediate guess was that the number of atoms in the observable universe was close to the number of possible passwords

@xxGreenRoblox

27 күн бұрын

well technically him and you were completely off the mark because they aren't the same number of zeros i'm pretty sure the number of atoms in the observable universe was about 100 times larger

@Draconicfish2679

27 күн бұрын

@@xxGreenRoblox yeah but it was still the closest thing he did as a comparison

@ElysetheEevee

27 күн бұрын

​@xxGreenRoblox He never said it was the same number of zeros. His exact wording was actually along the lines of "This is the closest we've gotten" as far as the number of combinations. The comparisons were less to find the exact number in something else and more to give viewers a direct idea of how insanely huge that number is. Humans have a limited ability to internalize large numbers like this, so it's difficult for most everyday humans to truly grasp how large that amount is. I always find it baffling how people like you, who thrive on pointing out peoples' "errors" don't ever take context and truly listen to what a person says into consideration. He made it incredibly clear the entire time that getting the same immense number would be very difficult, so he got the closest he could to establish the difficulty in getting to that amount.

@gugoluna

27 күн бұрын

Same

@mulhollandoverdrive

27 күн бұрын

@@ElysetheEevee context doesn't matter when there's an opportunity to correct someone on the internet

Perhaps in the furture the encryption system is broken down. And then, instead of looking at what governments were hiding, we can look at what some long lost cave game had hidden in it.

I feel like this is just a microcosm of the human condition. You tell a human something's impossible they're like "bet, lemme try I'm built different." We want to overcome impossible odds just to say we can, and we continue to try ad infinitum because that's the only way it *could* happen. And I think there's something beautiful in that. But it can also get very silly sometimes

@GhostGlitch.

27 күн бұрын

Yea. Same shit that lead the US to land a man on the moon just to prove we were cooler.

@Supahdenning

27 күн бұрын

Known as the Faustian spirit

@GoGicz

27 күн бұрын

Well this Is possible to crack you just need a lot of time on your hand, Its easier to just find different way at that point, i seen many talented people make something impossible to possible, though IT was much smaller deal than this.

@nescafeblend43

27 күн бұрын

i love humanity 🥹

@mulhollandoverdrive

27 күн бұрын

@@GoGicz you would literally need more time than is available to you. this is just functionally impossible with current means and knowledge.

If they removed the file, people would definetly notice, and people with the file would continue to share it, making it easier to access.

@social_ghost

27 күн бұрын

This is what I said in my comment on the first video. Totally agree, if they had just deleted the file it would have drawn way more attention to it from parties outside the Minecraft community. To imply otherwise seems like willful ignorance or deception.

3:12 You don't need to guess the 256-bit key, though, just the password that was used to generate it. In the last video you said we knew the length and that it only has numbers. That's fairly easy to brute-force by trying every combination, and that's not even considering the possibility of a key collision.

@therealwisemysticaltree

26 күн бұрын

It was already discussed in the video that most of those comments were just trolls, so the password could be anything longer, shorter, with and without letters. It's been tracked down to literally anything

@Izerion

25 күн бұрын

@@therealwisemysticaltree Yes, but who is going to use a 256 character password on a file they would decrypt manually? It is much more likely to be short, even if it is not simply 16 characters and numbers you can go through few character passwords in a microscopic fraction of the time it takes to go through all 256 character combinations

@therealwisemysticaltree

25 күн бұрын

@@Izerion mcdonlads mcchiken bunger

I wanted to go to sleep just now, there goes my sleep schedule

@kracerplays

27 күн бұрын

same here dude

@atomicaxiom7573

27 күн бұрын

dawg its 15 mins long

@shanefrantz

27 күн бұрын

dawg its 15 mins long

@piss7610

27 күн бұрын

dawg its 15 mins long

@kracerplays

27 күн бұрын

@@shanefrantz wow you copied the other guy how imaginative

i swear if this file gets opened billions of years in the future to just be a rick roll or something similar, my atoms will come back from the dead and i'll detonate the sun out of rage

Does anyone else think it's weird how RGN is suddenly acting as if we shouldn't try to crack it? He seemed really interested in it and by making the video, wanted someone else that may know more about it solve it. (Reminds me of the pvplegacy mystery vid by arcn, if I can remember correctly, a while back). Suddenly all was silent. I wonder if RGN was approached by someone that wanted him to make a video that tries to discourage people from attempting to crack the file...

@JustPlayerDE

27 күн бұрын

AES is one of the most secure encryption standards today, because it is symetric it is also quantum computer resistent. good luck 'cracking' the unknown length and unknown pattern password on this one.

@presentfactory

27 күн бұрын

@@JustPlayerDE The security of AES has nothing to do with the ability to crack it in this instance. The question is how easy the password is to crack not the encryption itself, and since the password was created by a human that is a much more reasonable possibility.

@JustPlayerDE

27 күн бұрын

@@presentfactory guess how long a good to remember password based on 8 words (a passphrase) takes to crack just 8 words, spaces in between you also dont know if they used a password generator or not, if you really think its that easy why not try it yourself then

@45545videos

27 күн бұрын

It's moreso that it's impossible to crack. God himself couldn't do it. All the computers in the world combined for 100 billion years couldn't do it.

@presentfactory

27 күн бұрын

@@JustPlayerDE People do not use 8 words in a password frequently, especially not in 2011 and especially for something which was likely not thought to be a high security file.

I do think it is odd that dinnerbone will not explicitly say what the file contains. he always refers to it vaguely.

Given the odd amount of War Thunder stories about leaking US documentation, I can’t say I’d be surprised if AES-256 encoding would somehow be broken over a Minecraft mystery

@Crawldragon

27 күн бұрын

Well it kind of is, because as RGN says there's technological methods in the way making it mathematically unviable to try to crack the password. The reason US documents keep getting leaked to War Thunder forums is because of human error, and unless someone at Mojang accidentally leaks the password it's unlikely that human error will overcome those technological methods. Remember: Humans are the weakest point in any security system, because humans make mistakes and humans are nice. Computers don't care.

@45545videos

27 күн бұрын

Not remotely similar

@VixYW

27 күн бұрын

@@Crawldragon It is mathematically unviable to crack the password, but this might not be the case to reverse engineer it if they broke the encryption method itself and managed to get the key.

@Seedx

27 күн бұрын

@@VixYW nobody's broken AES

@mega_gamer93

27 күн бұрын

@@VixYW If every group of/individual mathematician(s) and computer scientist(s) who has tried to crack AES failed a bunch of minecraft kids aren't going to achieve it

"90% of gamblers quit right before they hit big". Now that's motivation

my theory for the extra file size is that it is minecraft 1.0 but possibly with revision history, showing what changes where made when and dead branches off the main code that where bugged, didn't work, or where simply chosen to be completed later.

@Dovenchiko

27 күн бұрын

Was thinking it was the 1.0 compiled .jar and the source code. Java uses a VM so it shouldn't matter but it's industry standard to include the source and a script to compile the game on the presentation machine in case the exe fails to run. That or it could have a mod or program to script the demo and avoid the inherent RNG of the game with perfect inputs.

My bet is that its not only the 1.0 build but a load of dependencies such as the jre that would have been needed to get a basic machine working from scratch. I suspect that it was likely placed in the public assets so that it could easily be pulled down by staff members at the con to setup any machine they needed.

@ifeigen

25 күн бұрын

Precisely what I've been thinking. Idk shit about game dev but it's probably dependencies and source codes. Did git exist back in 2012? Maybe it's also some kind of version control?

Its crazy how deep minecraft versions are and how much lore they have

Just a heads up, it is not a crime to crack it if the file was publicly available. Also, I disagree that taking down the file would be a better approach to keep people away from it. By taking it down, people that had it would feel an instant urge to preserve and look further into it. But replacing it is a whole different story. Not everyone will notice it was replaced, and even if they do, they might not have it downloaded, and the ones that do might not be aware that the file can no longer be obtainable and might not preserve it. The fact that one guy happened to have it lying around is almost a miracle after all those years. If not for that, Mojang would have successfully erased the file from history forever, which seemed to be the goal.

i just realized the file was uploaded on 11/11/11

Something to mention that I think makes it most likely the 1.0 build of Minecraft is the fact that it was likely used to showcase the 1.0 build at Minecon in 2011. - First, it's just about twice the size of a compressed build of 1.0 Minecraft. This makes sense even if the file doesn't contain any sample content as it's common practice to include the source code, SDKs, and editors in internal builds of any piece of software as well as ALL licenses. - This makes sense even though the file isn't exactly twice the size of the 1.0 build. The 7-Zip software, as well as any other compression software, has various different options when compressing stuff. We don't know the exact settings they used to compress the original, so it's not hard to imagine the compression settings you used in your last video were just not the same as the settings used for the oringal file. Hell, maybe they didn't compress it at all. 7-Zip does in fact have the option to zip files but not compress them afterall. All in all, it's likely only really interesting to developers, and mostly for historical education on game development. There's almost certainly nothing in it of any more use to developers today, especially not when we have much more modern tools to help us actually make games. This was programmed in Java of all languages, which I would NOT want to use personally to make a game. lol

best feeling ever, i just watched the first video of this and checked to see if there was another video not expecting to see anything and then i see this video posted 35 minutes ago (havent watched it yet but im sure its awesome since i really enjoyed the first)

@red1monster_

27 күн бұрын

Kind of a nothing sandwich :(

As a security expert, even long "secure" passwords are easy to crack if you combine the kaonashi wordlist (uses human phsycholagy) and the unicorn ruleset. You can probly crack it in 2 weeks with a RTX 4090 and hashcat.

@Rustmilian

13 күн бұрын

And if the password doesn't use any words?

@CuteistFox

12 күн бұрын

@@Rustmilian A wordlist isnt a list of words anymore. You can tell the security of a password you might use (not a real one obviusly) by sending the md5 of it and ill try and crack it

@Rustmilian

12 күн бұрын

@@CuteistFox I don't use words... Good luck. 2a663a021f59ecc46ca3ae9942e0c2c5

@Rustmilian

12 күн бұрын

@@CuteistFox I'll be genuinely surprised if you manage to get it. If you do manage it, I'll challenge you with a much much harder password.

imagine more stuff being unfolded in a part 2 of the hit video about tominecon.

This is my favorite mystery, especially the fact that it’s a real thing and not an arg (or at least it’s one by mojang themselves) So glad you’re making a follow up

I think that the contents of the file are interesting, even if on their own they are boring, the fact that they are the contents of this mysterious file is what makes it interesting, at least to me anyway

two videos in less than a week?! blink twice if you need help

@RetroGamingNow

25 күн бұрын

👀 👀 👀

@planetnovember6552

25 күн бұрын

Three times 💀

The content of the archive might be the friends we made along the way

Mojang is unintentionally giving people ideas for Minecraft horror KZread series

I'm emotionally a big fan of finding lost media, archiving, and documenting things - especially digital things - and I think mysteries like this are a great example of why. If tominecon were a physical item, locked in a safe in some developer's basement, even if the key were lost and the developer forgot about it entirely, it's still relatively simple to find the contents again assuming there's proof of it existing somewhere (yes, things can be destroyed physically, but if its being protected/guarded like this, its less likely lol). But with digital things like this, if its lost... its lost. Like you said, there's just no reasonable way to crack the safe. We will likely never know what's in there, and if the developers forget how to access it too, then there's an entire piece of minecraft's history lost forever, even if its a mundane and functionally worthless piece, its still a piece of history that will forever be undocumented. Idk. I think far too much about stuff like this. Hopefully I've explained the parallels or differences I'm seeing, Maybe this comment isn't even coherent at all, who knows lmao. Great video either way.

THERES A CONTINUATION. YEAAAAAAAAAAH! Edit: Imagine the original file gets cracked, and it’s just a fucking Rick Roll and they planned this entire thing lmao

@CoolLink-Zelda

27 күн бұрын

This is what I call advanced trolling

The bee movie script. Nothing else. THE BEE MOVIE SCRIPT.

yall remember the Minecraft@Home project? perhaps it's time for Tominecon@Home

My theory is that there's customer info in there and the decoy was meant to be a red herring. They had hoped that, once cracked, people wouldn't realize it wasn't the original and would file it away under "solved" and move on. Except someone noticed that it's not the same file.

Actually, quantum computers are getting closer and closer to breaking AES-256 because quantum computers can reduce the possibilities to 2^128≈3.4*10^38, which is much much less the 1.15*10^77

@soniablanche5672

27 күн бұрын

that's still too much possibilities

@GoGicz

27 күн бұрын

Not to mention realistically we can cut lot of IT Down cause Chance of IT having to go through every single password And the last possible number being the password we needed Is nearly impossible just As the password being Brute forced in seconds.

@schwingedeshaehers

27 күн бұрын

i still don't think that your guess is correct. there is AES 128, which still counts as practical secure, (with 126,1 buts security) (but it needs a bit of storage, over 9000 tb of storage to be exact) so if aes 128 is secure against current attacks, aes 258 should just fall to aes 128 with quantum computers. yes, it will make it much easier, but it is still out of reach until something is found, that helps a bit

@schwingedeshaehers

27 күн бұрын

​@@GoGiczin average it is half the time, so it doesn't help in that case. does ut make a difference if it is 100000 years or 50000?

@Sehyo

26 күн бұрын

​@@schwingedeshaehersWhere do you get half from?

I don’t even think a NASA supercomputer could go through each and every single key in a persons lifetime

@doctorsarcasm.

27 күн бұрын

Hold on hold on brother just hear me out, TWO nasa supercomputers.

@davidchalmers6753

27 күн бұрын

The likelihood that the very last attempt would give you the password is extremely small. You don't have to try every combination. You just have to try combinations until you find the correct one. Without knowing the length, this is pretty much impossible.

@45545videos

27 күн бұрын

If I'm not mistaken, all the computing power in the world put together working until the heat death of the universe wouldn't be enough to break it

Two RGN videos released so shortly after one another! What an absolute treat. Thanks RGN

Why are your videos so eerie? I love them to death, and I binge your channel for hours on end, but I can’t watch in the dark, or with my doors open. I’m really not an easily scared person, and I consider myself desensitized to most horror, but for some reason, your videos just kind of give me chills. I get the creepy music in the background, and I’m usually not sensitive to that, but you’re an exception. If you end up seeing this, I’d really love to know what your strategy is, and what you do to achieve this, or even if this effect is intentional at all, because it’s really incredible. Keep it up, dude!

Why can’t we just do a Minecraft@Home-type effort narrowed down to characters available on the Swedish Windows keyboard layout? It’s unlikely the password uses anything else

@BallisticWistfully

27 күн бұрын

Minecraft@Home said they wont do that for legal reasons

@mega_gamer93

27 күн бұрын

the length is still infinite, brute forcing would be similiarly hard. Also, how is it unlikely for the password to not use characters in the swedish keyboard layout? It's still very likely to be using english characters

@Nightcaat

27 күн бұрын

@@mega_gamer93 The layout still contains the Latin alphabet

2:20 If I got a Penny for every time some big Security risk happened because of someone in the Minecraft Community tryed something, I had a couple of Pennys. I happens more often than you think. Most Botfarm are just there because some Trolls wanted to DDOS Minecraft Servers and Log4J was only found because of someone how tryed to Hack a Minecraft Server. If anyone can find a security flaw in AES-256, than it would be someone from the Minecraft community.

6:06 in other words, guessing one undecillion keys a second. That would be a lot, but it would STILL take ages!

really love that you made this video. it intersects with a major issue I have in regards to the entire concept of digging into things that others did not intend or want people to really look into. especially with lost media; people can get very caught up in the mystery aspect and forget that boundaries exist. humans are curious creatures, after all. I respect that. but some things are best left alone and moreso best left alone when the people behind the "mysteries" really didn't want their stuff dug through to begin with. at what point does solving a "mystery" become blatant disrespect for the wishes and intentions of others? that's a rhetorical question, of course. the decoy was placed to placate the curiosity of those who were adamant on breaking into something they really had no business seeing regardless of how mundane the files are contained within. I highly respect that they made that decoy file instead of becoming irate or deleting the original file fully (which would have only made people more interested in the 7zip, thus worsening the issue). and I respect you even more for acknowledging that some things are best left to stay mysteries. great video!

Imagine the end is a Rick Roll 😂

I think people underestimate how sloooooooow the 7Zip encryption algorithm is. it's not MD5, it takes FOREVER to brute force (mostly on purpose). until quantum computers reach the point of cracking AES-256, there is no way we'll ever see the contents of this file if the password is even remotely secure

@shauas4224

27 күн бұрын

Thats what im saying

@a_few_species

27 күн бұрын

But it's not like it is 100% impossible as could be made seem by the video, thought. Just not possible today.

@mega_gamer93

27 күн бұрын

It actually isn't. It uses 1000 PKBDF iterations of sha256, which is not a cryptographically secure/slow algorithm, in fact, dedicated hardware acceleration for it exists on consumer computers

@cralo2569

26 күн бұрын

not really

@amogus3

21 күн бұрын

​@@mega_gamer93 this is interesting. do you have more info on that?

There is more to cracking passwords you could use, like rainbow tables. 7Z is actually not that secure because it does not use salt in their hashes. However, it is difficult to crack because it does not actually use password verification. It just decrypts and tries to extract the file and if the data is bullshit, then the password was wrong. This makes the process way longer than usual approach.

dam perfect timing just finished the first video, hope this mystery is solved

imagine it gets found and then its another password protected 7z

RetroGaminNow thank you soo much for making me remember about my nostalgic 5th and 6th grades. You have gotten me back to mc. Thanks

"In todays marketing class, we would like to show you how to create conversation and interest in your brand with this one simple trick..."

As a mojang developer, i can confirm we are hiding obamas last name in that file

@nullmoore9943

27 күн бұрын

Ladies and gentlemen we got 'em

It’s here! The update video! I’m currently participating in something similar to the Minecraft@home project for cracking the file, it’s pretty cool.

@Cheato64

27 күн бұрын

Wait what? I thought cactus and DannyDorito said that they wouldn't do it anymore in mc@home.

@hatyyy

27 күн бұрын

@@Cheato64 ITs something similar to it, not mc@home

@Cheato64

27 күн бұрын

@@hatyyy oh I see. Yeah I might be familiar with that.

@45545videos

27 күн бұрын

Cracking the file is literally impossible, you're wasting energy

@MightyAlex200

27 күн бұрын

what's the project? i'd like to contribute, too

I love these types of videos, Minecraft and cold case mysteries are some of my favorite videos!

This video (including the previous one) reminds me so much of the time when everyone was trying to decode the FNaF lore, this video genuinely gave me a lot of nostalgia

So, you're telling me that @RetroGamingNow is in on the conspiracy?

I think its some old defunct arg honestly. Why would they make a decoy otherwise? But even then, it was probably just teasing some new update from 10 years ago or something.

Am I the only one that jumped up when I saw “joshua” in the most popular passwords list? War games was such a good movie.

I like that you’re honest about things that don’t bother me. Good honesty!

3:10 JEEZ THAT'S CRAZY

Babe wake up, RetroGamingNow uploaded a sequel

I mean, just because the file is 7z doesn’t mean you can’t just create a 7z process and then forget about it and move onto the next one And there’s always the option of pulling a minecraft@home if the interest increases enough and enough people are willing to contribute their processing power

It’s probably a developer preview of Minecraft XBLA. Which was presented at Minecon 2011.

The main thing that keeps running through my head is that most passwords are made to be both memorable and secure. This is often done by replacing letters with other characters that represent the letters. Why not create a brute-force algorithm that prioritizes real words with multiple different character variations? It would start with English, then Swedish, and go down the list of languages. I'm certain that just aimlessly brute-forcing is ridiculous, but educated guesses can be surprisingly useful.

@Riksterify

27 күн бұрын

There already exist programs that do that, they slightly modify a password. This itself is a beast on its own, because to create a program like that you need a lot of data from already existing passwords, possible machine learning, string matching algorithms, and knowledge about human psychology. If the password is secure, such a program won't help at all. And if the program fails, it might be that it wasn't good enough to find all variations of a password. Again, this is incredibly difficult. If the password was insecure, it would have already been found to be honest. It's more likely the password is secure. I think you would have much better chance if you start looking at "side channels". For example, metadata information about the file. Its compressed size is an indicator of what might be inside. Other metadata like time created, if present, might also be helpful. Other ways are to convince Mojang to release the content of the archive without leaking the password. Or to somehow obtain the password through other means. But trying to break the encryption algorithm or brute force the password is imho the worst way to get to the content inside at this point.

@mega_gamer93

27 күн бұрын

subsistuting characters in a password for recognizable similar characters is terrible at adding entropy to a password. I don't know if "most" passwords are written this way, but writing them this way gives you none/minimal additional security to not doing that

The fact that the encription method is used by the NSA is not such a good benchmark Government often has not secured computers, they oftentimes even use windows xp, their security mostly comes from closed networks AES-256 does sound good to me, somebody that doesn't know anything about encryption and maybe it is strong but the fact that the NSA uses it is not a good indicator lol

@andrewpinedo1883

27 күн бұрын

True. And quantum computers are getting closer to cracking AES-256, they have narrowed down the possibilities to 2^128.

@lintee_12

27 күн бұрын

They use it because it’s the best encryption on the planet… there is no better options lmao

@lintee_12

27 күн бұрын

@@andrewpinedo1883with quantum computers there will be quantum encryption

@Kai-oz9gr

27 күн бұрын

its not only the NSA but the entire internet is depending on this algorithm. It's really well studied and can be trusted.

@mega_gamer93

27 күн бұрын

@@andrewpinedo1883Could you cite your sources? Also, a quantum computer cannot reduce the number of possible keys, those too things are completely unrelated. Perhaps you are talking about time complexity of cracking a key?

This should be added in the Minecraft iceberg

This has got to be my favorite kind of video you make! Keep it going!

It seems to me that the information stored in this archive may be legitimately confidential (for example, personal data of Minecon visitors). Decoy and disinformation can provide cover for it so it is not going to become a temptation for actual malicious hackers seeking for personal data. This is why Dinnerbone mentioned that attempts of cracking may be considered illegal.

@Crawldragon

27 күн бұрын

I appreciate your concern, but that's not likely to take up 80 megabytes of data unless they have a bunch of scans of peoples' drivers licenses or something. Besides, if it were something that serious then it's likely that Mojang would have used some kind of legal means to take down public archives like the one on Reddit to try and mitigate the liability risk to them.

@MishaGold

27 күн бұрын

@@Crawldragon it still can be something like txt file of people's full names and age. Not that much but still legally confidential.

@drmonkeys852

27 күн бұрын

@@MishaGold That would be a few kilobytes at most as millions of people don't visit minecon

@vvstwo

27 күн бұрын

its nothing its literally a 1.0 minecraft build and a waste of time

@cralo2569

26 күн бұрын

@@MishaGold it's very likely that anyone serious enough to crack it won't go crazy and start spreading sensitive information around like this.

Last time I was this early, Minecraft 1.7 was the shit, and the Covenant still had their raggedy-ass fleet!

I liked how this video turned into Vsauce kind of video

An explanation about AES key: What RGN said is that the key is not calculated from existing human readable key but a random bit sequence generated and interpreted directly as and AES key that can be a possibility but as it’s said on the video is astronomically long and it’s still an euphemism lol. But what bruteforcing programs does are that they generates an human readable key and transform it to an AES key. That permit to control what is generated because the first technic can potentially generate a 32 characters password even if it’s not 32 char while with the other way to proceed we can apply to the generating process a mask that is specification that has to meet the password that is generated. Thanks for reading 😊

But what is the second weird file that was in the decoy version. you passed on it very fast on the last episode but we still don't know, and it was intended to be found

let’s goooo new video

@Ultimatetexican

27 күн бұрын

W

RGN: "I have scattered 500 special atoms throughout the universe" Me, an immortal: "Bet"

this is the best explanation of how rare it is to brute force a sha-256 key I've ever heard

hello i didnt like my own comment