7z "Copy 7zAES" algo brute force with 32 char password for when original file



  • As some in here might know, there is/was a ransomware attack going on worldwide that used 7z to encrypt all files

    Each user has a unique 32 char password (Upper & lowercase & Numbers - 62 possibilities, no special char where used)

    the command line that was being used was a -mx = 0 -sdel -pmFyBIvp55M46kSxxxxxYv4EIhx7rlTD [FOLDER PATH]

    (Note: sample password)

    Given

    • we know the length
    • we know the characters used
    • we know the plain text

    Is it doable to speed up a brute force attack. Or can you explain to me, why the 7z encryption algorithm might be protected against something like this?

    e.g. I have this file and I still have the original on backups

    Output of 7z l -slt playback.m3u.7z :

    1 file, 274 bytes (1 KiB)
    
    Listing archive: playback.m3u.7z
    
    --
    Path = playback.m3u.7z
    Type = 7z
    Physical Size = 274
    Headers Size = 146
    Method = Copy 7zAES
    Solid = -
    Blocks = 1
    
    ----------
    Path = playback.m3u
    Size = 122
    Packed Size = 128
    Modified = 2017-07-13 15:40:12
    Attributes = A_ -rwxrwxr-x
    CRC = 8CEF1157
    Encrypted = +
    Method = Copy 7zAES:19
    Block = 0```
    
    Looking forward to your responses
    Leo
    



  • AES is not vulnerable to plain text attack.

    There are 62 (you didn't account for special characters but we'll stick with 62) possibilities for the first character.

    There are 62 possibilities for the second character, meaning 62*62 or 62 to the power of 2 combinations (technically a permutation) for the first 2 characters.

    Likewise 62 to the power of 3 combinations for the first 3 characters.

    Ultimately there are 62 to the power of 32 combinations for all 32 characters, or over 2 x 10 to the 57th power.

    There are 3x10 to the 7 seconds in a year. Assuming you test a billion passwords a second that's ... longer than you can wait.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2