An encrypted ZIP file can have two correct passwords — here's why

guest · Aug 21, 2022

August 21, 2022

Password-protected ZIP archives are common means of compressing and sharing sets of files—from sensitive documents to malware samples to even malicious files (i.e. phishing "invoices" in emails).

But, did you know it is possible for an encrypted ZIP file to have two correct passwords, with both producing the same outcome when the ZIP is extracted?
Click to expand...

A ZIP file with two passwords
Arseniy Sharoglazov, a cybersecurity researcher at Positive Technologies shared over the weekend a simple experiment where he produced a password-protected ZIP file called x.zip.

The password Sharoglazov picked for encrypting his ZIP was a pun on the 1987 hit that's become a popular tech meme:

Nev1r-G0nna-G2ve-Y8u-Up-N5v1r-G1nna-Let-Y4u-D1wn-N8v4r-G5nna-D0sert-You
But the researcher demonstrated that when extracting x.zip using a completely different password, he received no error messages.

pkH8a0AqNbHcdw8GrmSp
Click to expand...

How's this possible?
Responding to Sharoglazov's demo, a curious reader, Rafa raised an important question, "How????"

Twitter user Unblvr seems to have figured out the mystery:

ZIP uses PBKDF2, which hashes the input if it's too big. That hash (as raw bytes) becomes the actual password. Try to hash the first password with SHA1 and decode the hexdigest to ASCII... :)
— Unblvr (@Unblvr1) August 20, 2022
When producing password-protected ZIP archives with AES-256 mode enabled, the ZIP format uses the PBKDF2 algorithm and hashes the password provided by the user, if the password is too long. By too long, we mean longer than 64 bytes (characters), explains the researcher.

Instead of the user's chosen password (in this case "Nev1r-G0nna-G2ve-...") this newly calculated hash becomes the actual password to the file.
Click to expand...

When the user attempts to extract the file, and enters a password that is longer than 64 bytes ("Nev1r-G0nna-G2ve-... "), the user's input will once again be hashed by the ZIP application and compared against the correct password (which is now itself a hash). A match would lead to a successful file extraction.

The alternative password used in this example ("pkH8a0AqNbHcdw8GrmSp") is in fact ASCII representation of the longer password's SHA-1 hash.
Click to expand...

Palancar · Aug 23, 2022

Interesting. Sounds like I/you need to keep your zip encryption files to 63 characters or less just to be sure. LOL!

Regardless of the obvious mathematics to more digits, who in this lifetime is going to crack a 63 digit random password??

Log in or Sign up

An encrypted ZIP file can have two correct passwords — here's why

guest Guest

Palancar Registered Member

Log in or Sign up

An encrypted ZIP file can have two correct passwords — here's why

guest Guest

Palancar Registered Member

Useful Searches