Follow

Michal Stanek over at Twitter did a quick look at the crypto behind file encryption. Not entirely surprisingly, what he found wasn't pleasant:

twitter.com/3lbios/status/1087

He didn't check how they derive the encryption key from your password, so I took a quick look. Apparently, uses PBKDF2-HMAC-SHA1 with 1000 iterations (hardcoded). In other words, even with the rest of it all implemented flawlessly you better choose a damn strong password if file encryption should be of any use.

Actually, 1000 iterations is exactly the value used by Brian Gladman in archive.li/RhBVp which they refer to in the code. A value chosen in 2002. Like, seventeen years ago. Why should anybody adjust it to newer recommendations or hardware advancements?

Ok, apparently I was only looking at WinZip compat code. The code responsible for encrypting 7z archives uses a different approach: SHA-256 hash applied 524,288 times. A lot better but still not exactly an optimal choice either.

medium.com/@davidtstrauss/stop

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.