2

I have an old PDF.zip file that is password secured. Naturally I can't remember it. Is there a way to change it or disable it?

schroeder
  • 125,553
  • 55
  • 289
  • 326
Gary Domel
  • 21
  • 1
  • The other answer is only for Zip archive using AES, which might not be the case here. – Thomas Pornin Jul 28 '14 at 18:31
  • True. http://security.stackexchange.com/q/5447/971 might be relevant if it isn't encrypted with AES. If their question is not covered by either of those two links, the author can post a new question (or edit this one) with the details of their specific zip file. In particular, they should tell us what it *was* encrypted with, if it wasn't AES and wasn't the weak "standard" encryption. – D.W. Jul 28 '14 at 22:16

1 Answers1

6

Some Zip archives use the old PKZIP encryption, which uses a weak homemade stream cipher. The attack is described here (implementing it is a nice exercise for crypto students, by the way). Tools which apply that attack exist (use Google to find some). Windows XP inherent abilities at "Zip password protection" use this weak algorithm; see this answer for some details.

Other Zip-aware tools rely on AES encryption, which won't be as easily broken. If that is the case, then your only hope is to try some brute force on the password, in case it was chosen by a human being and thus possibly in range of a dictionary attack. This may fail if the password is strong enough.

Thomas Pornin
  • 322,884
  • 58
  • 787
  • 955