36

You have a zip file that you created with 7z to password-protect it with AES 128. Can a smart adversary extract the data only through brute force, or is the file vulnerable to other attacks - such as, I don't know, being able to bypass the password and extract the data?

Strapakowsky
  • 3,039
  • 8
  • 26
  • 31
  • 3
    Does this answer your question? [How to recover a lost zip file password?](https://security.stackexchange.com/questions/17774/how-to-recover-a-lost-zip-file-password) – Dan Dascalescu Jan 11 '22 at 13:38

4 Answers4

25

ZIP files are encrypted with AES-256, and the key is derived using a slow key-derivation function (KDF), which makes bruteforce and dictionary attacks generally infeasible. There are no currently known ways to bypass the encryption.

Polynomial
  • 132,208
  • 43
  • 298
  • 379
  • 1
    ZIP files can be encrypted with AES less stronger than `AES-256`! 7-Zip offers only `AES-256` (or old CryptoZip), but Total Commander for example can encrypt ZIPs with `AES-192` and `AES-128` as well. So your correction to OP is wrong. – trejder May 13 '13 at 08:08
  • 3
    @trejder Except that the current best known attack against AES-128 will still finish about the same time as the heat death of the universe, even if we factor Moore's law in. And that's assuming zero cost for the KDF, which will actually be the largest computational factor. – Polynomial Nov 07 '13 at 22:47
  • I totally agree with you, of course. I just wanted to point out, that (what I get as) correction, that ZIPs are encrypted with AES-256 is (may be) a little bit misleading. Nothing else, no offence. – trejder Nov 08 '13 at 06:55
  • No, OP was talking about 7zip, not TC or other weaker means of encryption. – Overmind Oct 06 '16 at 04:53
  • @Overmind 7zip uses AES. – Polynomial Oct 07 '16 at 19:13
  • Yes, but it's 256. – Overmind Oct 10 '16 at 10:37
23

In direct meaning, you mentioned (extracting data), no. But keep in mind, however, that any program (or user), in any password-protected ZIP archive, can (without knowing the password):

  • browse list of files,
  • check file types1.

ZIP files can also be "broken" in the meaning, that you can overwrite exisiting, password-protected file, stored inside ZIP file, with another file, named the same, without knowing the password.

All these mentioned operations does not give attacker access to contents (he or she is still unable to extract data), only list it or destroy it. So I'm mentioning this only as a possible side effects, you may be not aware of. Some people treats this as security leaks, stating that for this reasons, ZIP files are insecure, but other my assume that security is not violated, even with these mentioned "additions".

Since contents of ZIP file can be changed, without knowing the password, by replacing a password-protected file with another one, we can speak about complete insecurity in psychological terms (social engineering, hacking etc.). The attacker can alter contents of ZIP file, without knowing the password and claim to its victim that it is unchanged. Victim, without knowing above mentioned side-effects, may incorrectly assume, that archive hasn't been changed or its contents aren't altered, since he or she (the victim) is the only person, that knows the password.

Here you have my simple question about security of ZIP files, which turned out to be a very good readout, with a lot of useful answers and comments.

1Try to send encrypted, password-protected ZIP containing EXE file via Gmail to see this "in action". Gmail will be able to detect, that you're sending an executable file (and prevent you from doing so) even though, it does not know password, your ZIP is protected with. Side note: It is also both funny and surprising, that renaming the very same file, by giving it different extension (i.e. file.not-zip) can completely disarm this "protection" mechanism and allow you to send archive containing executable file. Funny, because Gmail is able to "break" encrypted, password-protected ZIP to "save" user from sending executable files, but "dies" completely on file rename.

Community
  • 1
trejder
  • 3,329
  • 5
  • 23
  • 33
  • 2
    Browsing and checking file types can also be denied. Both Winrar an 7Z can encrypt also the file names, so no opening of anything until you use the correct password. – Overmind Oct 06 '16 at 04:54
  • 1
    @Overmind Does that actually work for zip archives, or just more advanced formats like rar and 7z? – Wowfunhappy Aug 20 '18 at 01:23
4

No, as far as I'm aware, there are no current viable attack vectors other than brute forcing the password.

Xander
  • 35,525
  • 27
  • 113
  • 141
1

If you know the plaintext of some of the files in the archive, then pkcrack will do significantly better than brute force.

https://www.unix-ag.uni-kl.de/~conrad/krypto/pkcrack.html

You might also want to search the internet for "pkzip known plaintext" attack to find more resources.

Udo Klein
  • 151
  • 3