dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
52

mouse
Premium Member
join:2007-03-29
australia

mouse

Premium Member

Re: Encryption via 7Zip or specialised programs

so if I understand that fully, while the encryption is identical there is a difference with respect to the password hashing. Guess I need to find out what a difference that makes.

Ian1
Premium Member
join:2002-06-18
ON

Ian1

Premium Member

said by mouse:

so if I understand that fully, while the encryption is identical there is a difference with respect to the password hashing. Guess I need to find out what a difference that makes.

Hmm....I looked again, and I found out that 7-zip does hash your password iteratively...

"7-Zip also supports encryption with AES-256 algorithm. This algorithm uses cipher key with length of 256 bits. To create that key 7-Zip uses derivation function based on SHA-256 hash algorithm. A key derivation function produces a derived key from text password defined by user. For increasing the cost of exhaustive search for passwords 7-Zip uses big number of iterations to produce cipher key from text password."

Assuming a "big number" is a lot, sounds pretty good.

Basically this just means that brute-forcing the 7-zip authentication would take a lot longer. When you hear of sites being breached, often it's a case of a simple hash system being used (only once), making brute-force of the password easier.

This is why I meant that it's irrelevant if you pick a strong password.

Re-hashing it just adds to the length of time for the cracker to check each individual password in a brute-force attack. I believe Axcrypt hashes a number of time based on the speed of the PC it is installed on. So it has some "future-proofing" built in.

A ten digit password like hY9*D%P&7k would take up to 20 years to uncover at 100 billion guesses per second. But if the password is re-hashed 10,000 times, that's 200,000 years.