-1

I have a zip file containing an unencrypted folder with encrypted files inside.

Given that for some files I have their originals, is it possible to restore the password used for encryption?

kelalaka
  • 5,474
  • 4
  • 24
  • 47
sukhmel
  • 101
  • 3

1 Answers1

4

Recovering the AES key in the situation you describe is called a known-plaintext attack. In the brute force approach, one tries all possible keys to see which one decrypts the ciphertext to the (already known) plain text. On average, one would try about half the keys before success, or 2255 tries. That is effectively impossible because of the time it would take.

There are some shortcut attacks that reduce the number of attempts, but not to a level that is practical. There is more information here: https://math.stackexchange.com/a/57428 but the answer is still no.

However, your question asks about the password, not the key. If I were in your situation, I think I'd try to automate entering the password, then apply a list of 10,000 or so most common passwords. (Such lists are easy to find with Google.) If you have to do it by hand, try the 100 most common first.

Edit: I note that the 7zip program has a command-line interface. I haven't researched this thoroughly, but I did look far enough to see that you can extract password-protected files and that the program sets a return code. The GUI version gives an "invalid password" message when a wrong password is used, so I think this might be a reasonable way to attack your problem, and you don't even need the plaintext. (Not sure how 7zip determines that a password is "invalid.")

Bob Brown
  • 5,293
  • 1
  • 19
  • 28
  • 7zip uses part of CRC to check for validity, as far as I know. Thank you for your answer regarding applicability of known-plaintext attack. – sukhmel Mar 21 '20 at 12:33
  • 1
    Regarding Bob Brown's suggestion of automating password guesses based on known plaintext, see https://security.stackexchange.com/questions/226935/write-a-python-or-c-program-to-guess-the-key for a similar example. – mti2935 Mar 21 '20 at 15:02
  • @mti2935 That is *very cool.* However, the attacker is given the hint that Alice used `time()` to seed the random number generator. Without that information, either given or guessed, the job becomes *much* harder. As the answer says, this problem "highlights the reason that strong random number generators are so critical in cryptography." – Bob Brown Mar 21 '20 at 15:50
  • 1
    @Bob Brown, Yes, I completely agree with 'However, the attacker is given the hint that Alice used time() to seed the random number generator. Without that information, either given or guessed, the job becomes much harder'. My thinking is that using easily guessable passwords (as you allude to in your answer) is akin to using time() to seed rand(), as in the referenced question. – mti2935 Mar 21 '20 at 17:20