Home   Groups   Digests   Personalise   Search   Login
  POV-Ray : Newsgroups : povray.off-topic : Zip cracking Server Time
29 Jul 2024 12:28:10 EDT (-0400)
  Zip cracking (Message 1 to 3 of 3)  
From: Invisible
Subject: Zip cracking
Date: 1 Sep 2011 05:37:34
Message: <4e5f525e$1@news.povray.org>
 
http://math.ucr.edu/~mike/zipattacks.pdf

If I'm reading this right, it says that Zip files using the default 
DEFLATE compression and the default password-protect mechanism can be 
decrypted on a 500MHz Pentium-II in a few hours. (In particular, that 
you can use flaws in the algorithm to figure out the decryption key, 
*without* needing to run a password cracker.)

If that's true... is there some software somewhere which implements this??


Post a reply to this message
From: Warp
Subject: Re: Zip cracking
Date: 1 Sep 2011 11:42:27
Message: <4e5fa7e3@news.povray.org>
 
Invisible <voi### [at] devnull> wrote:
> If that's true... is there some software somewhere which implements this??

  Ever heard of this thing called "google"?

-- 
                                                          - Warp


Post a reply to this message
From: Invisible
Subject: Re: Zip cracking
Date: 2 Sep 2011 04:10:10
Message: <4e608f62$1@news.povray.org>
 
On 01/09/2011 04:42 PM, Warp wrote:
> Invisible<voi### [at] devnull>  wrote:
>> If that's true... is there some software somewhere which implements this??
>
>    Ever heard of this thing called "google"?

Google finds plenty of password crackers for Zip files.

(Actually, that's a lie. It finds exactly two: "fzc", an ancient MS-DOS 
program which I can't convince to work at all, and "fcrackzip", a 
somewhat less kludgy thing which has very limited cracking abilities. 
Basically, it can use brute-force, or a dictionary [not supplied], and 
in the latter case it *only* matches exact dictionary words, not any 
variations.)

The link, however, indicates that due to the laughably weak cipher used 
for Zip files, you can crack the cipher itself without ever needing the 
password.

This is significant, since the time required to crack a password depends 
on how strong the password is, but the time required to crack the cipher 
itself is constant. And given that the paper is talking about "a few 
hours" with a P2, that might perhaps translate into only a few minutes 
with a modern PC.

If you really can decrypt any Zip file, regardless of password strength, 
within just a few minutes, that would be a Big Deal.

(On the other hand, *real* Zip tools now support AES encryption, which 
presumably isn't so trivially crackable...)

Unfortunately, I can't find any off-the-shelf software that performs 
this type of analysis. In fact, the vast majority of Google hits for any 
search term remotely related to password cracking are from sites 
promising miracles in exchange for very large sums of money. (There 
should be a name for that... suckerware?)


Post a reply to this message

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.