This is why when picking the long " Nev1r-G0nna-G2ve-. " string as the password at the encryption stage, the actual password being set by the ZIP program is effectively the (SHA1) hash of this string.Īt the decryption stage, if you were to enter " Nev1r-G0nna-G2ve-.," it will be hashed and compared against the previously stored password (which is the SHA1 hash). In other words, shorter passwords will not be hashed at either stage of compressing or decompressing the ZIP. Note, however, that when encrypting or decrypting a file, the hashing process only occurs if the length of the password is greater than 64 characters. This checksum when converted to ASCII produces: pkH8a0AqNbHcdw8GrmSp The alternative password used in this example (" pkH8a0AqNbHcdw8GrmSp") is in fact ASCII representation of the longer password's SHA-1 hash. A match would lead to a successful file extraction. When the user attempts to extract the file, and enters a password that is longer than 64 bytes (" Nev1r-G0nna-G2ve-. "), the user's input will once again be hashed by the ZIP application and compared against the correct password (which is now itself a hash). Instead of the user's chosen password (in this case " Nev1r-G0nna-G2ve-.") this newly calculated hash becomes the actual password to the file. By too long, we mean longer than 64 bytes (characters), explains the researcher. When producing password-protected ZIP archives with AES-256 mode enabled, the ZIP format uses the PBKDF2 algorithm and hashes the password provided by the user, if the password is too long. Try to hash the first password with SHA1 and decode the hexdigest to ASCII. That hash (as raw bytes) becomes the actual password. ZIP uses PBKDF2, which hashes the input if it's too big. Twitter user Unblvr seems to have figured out the mystery: Responding to Sharoglazov's demo, a curious reader, Rafa raised an important question, "How?"
While the ZIP was encrypted with the longer password, using either password extracted the archive successfully. Like the researcher's ZIP archive, ours was created with the aforementioned longer password, and with AES-256 encryption mode enabled. We used both p7zip (7-Zip equivalent for macOS) and another ZIP utility called Keka. Two different passwords for same ZIP file result in successful extraction (Sharoglazov)īleepingComputer was able to successfully reproduce the experiment using different ZIP programs.
0 kommentar(er)
