[HN Gopher] An encrypted ZIP file can have two correct passwords...
___________________________________________________________________
An encrypted ZIP file can have two correct passwords - here's why
Author : arkadiyt
Score : 21 points
Date : 2022-08-21 20:33 UTC (2 hours ago)
(HTM) web link (www.bleepingcomputer.com)
(TXT) w3m dump (www.bleepingcomputer.com)
| realitysballs wrote:
| It's an interesting but mostly useless finding cuz The hash is
| also incredibly strong password
| [deleted]
| V__ wrote:
| Since hash functions are fixed-length, aren't there always
| infinitely many collisions and therefore passwords which would
| work?
| omoikane wrote:
| In theory yes, but finding SHA1 collisions is nontrivial.
| shattered.io has one, but they used up quite a bit of compute
| to get it.
| riotman wrote:
| Unless it's invertible.
| modeless wrote:
| The same thing is true of Zoom meeting passwords. When you share
| a URL to a meeting with a password, a hashed version of the
| password is included in the URL. That hash works the same as the
| password. You can manually type it in the password box when
| joining the meeting and it will let you in.
| netsharc wrote:
| The article seems to be very repetitive in the way it explains
| things, but TL;DR:
|
| > When producing password-protected ZIP archives with AES-256
| mode enabled, the ZIP format uses the PBKDF2 algorithm and hashes
| the password provided by the user, if the password is too long.
| By too long, we mean longer than 64 bytes (characters), explains
| the researcher.
|
| So the first accepted password would be the overly long one, and
| the second accepted password is the ASCII representation of the
| SHA1 hash of that long password. The researcher used a modified
| version hashcat to get a password which SHA1 hash is also ASCII.
___________________________________________________________________
(page generated 2022-08-21 23:01 UTC)