I created an encrypted but forgot the password. When I attempted a pattern based brute force it said it had over a 100 trillion passwords to check. And to my knowledge that could take a few years. Based on this it may be possible to use a padding oracle attack. That being said, how would I go about doing a "padding oracle attack"? I could not find anything on google.
            Asked
            
        
        
            Active
            
        
            Viewed 1,074 times
        
    2 Answers
7
            
            
        A padding oracle attack is not helpful in cracking a 7zip archive. In a padding oracle attack the attacker must be able to decrypt arbitrary ciphertext, and the target must return a signal notifying the attacker that the padding of the arbitrary ciphertext is correct or not.
In the case of a 7zip archive where you do not know the password, you cannot decrypt the archive, so there is no way of knowing, if the padding is valid to begin with.
 
    
    
        TildalWave
        
- 10,801
- 11
- 46
- 85
 
    
    
        rook
        
- 47,004
- 10
- 94
- 182
- 
                    do you have any suggestions then? – Timberwolf Mar 20 '13 at 21:10
- 
                    @Timberwolf Programmers brute force. – rook Mar 20 '13 at 22:23
4
            
            
        As @Rook says a padding oracle attack isn't appropriate to your circumstances, however some suggestions for you in retrieving your archive.
- If you have common passwords or phrases create a dictionary of those and then run an attack based on modifications of those words
- If you have any memory of the length of the password use that to constrain the attack
- if this is sufficiently valuable to you, you could look at software which makes use of GPUs and/or multiple CPU cores to speed up the cracking process.
at the end of the day It'll largely depend on how much you can cut down the search space and how much power you can throw at it.
 
    
    
        Rory McCune
        
- 61,541
- 14
- 140
- 221
 
    