Recovered a 7z password with hashcat, but it's not the right one

Question

I am trying to recover a 7z file, but have forgotten the password. It's completely AES-256 encrypted (i.e. not even the filenames are available).

Steps:

Generated hash file with 7z2hashcat.pl
Ran a mask attack using hashcat -a 3 -m 11600 my.hash masks\rockyou-7-2592000.hcmask
After ~55 hours, hashcat completed with status cracked
The password identified in the hashcat.potfile is rejected by 7-zip

I found a discussion on hash collisions with old Office files here: https://security.stackexchange.com/a/211924

Is 7zip similarly vulnerable to hash collisions?

I would just try the steps in the linked post and see if I could generate more passwords, but given it could tie up my GPU for weeks, I'd appreciate any thoughts!

Unknown, the file was created in 2016, so not a recent version — Ben Owen, Aug 26 '20 at 14:29
Is the password in the potifile maybe saved in Hex Format and not as a normal string? — UndercoverDog, Sep 13 '22 at 15:41

dyp1xy · Answer 1 · 2023-02-13T19:03:01.507

1

Short answer is yes, it suffers with hash collision

You should (in this case) use: --keep-guessing

Since with 7z passwords may have false positives, you need to keep guessing to see other alternatives. To save progress on hashcat you should use

--session SESSION_NAME [and any other commands like -w -a]

Then to restore from last checkpoint:

--session SESSION_NAME --restore

edited Feb 13 '23 at 19:03

answered Feb 13 '23 at 03:13

dyp1xy

21
3

Recovered a 7z password with hashcat, but it's not the right one

1 Answers1