i'll say what i know someone plz correct me if im wrong

well if i set for example XXX as password the password ins't saved in the zip file a CRC is made with the password then when the user enter the password it is compared to the CRC and if equal the file is extracted else gives a error msg..is it right ?

ok i know how brute forcers work but how AZPR do xxxx password per second ? how do they work ? like it can sound dumb but shouldnt winzip password dialog get opened and with something like 'sendkeys' send the passwords to winzip password window..oh i don't understand..someone plz xplain me !

[]'s

DuDu

The CRC of the file is stored in the header. When you type in the password, the program initializes the stream cipher. It then decrypts the first twelve bytes of the encrypted file. The last byte should match the high byte of the CRC of the file that was stored in the header.

One out of 256 passwords are going to pass this test on any given file, so the rudimentary zip attack programs require you to have around four files archived in the zip file. This way, there's only a 1/(256^4) or one in four billion chance of a false positive.

Sometimes they say that with WinZip you can get by with fewer files or run faster. This is because there are two check bytes in WinZip files. The bytes are compared against the high word of the file CRC, thus squaring the effectiveness of each file.

The good pw crackers use knowledge of the compression method to filter bad passwords. They reconstruct the huffman trees and some other tables and check that everything is valid. This allows them to use a single file.

All of these methods rely on guessing the password and then checking against known plaintext. With a really long password, even if it's only alpha characters, it just takes too long.

The *really* good WinZip cracker (the one I wrote, see www.accessdata.com) eliminates 2^58 possible keys at a time, enabling one to brute-force the 90-bit keyspace in about two hours, no matter what the size of the password. It does require five files in the archive. I've submitted a paper for publication, and should find out next month if it has been accepted. Once the details public, I'll post a link to the paper on this site.

sorry, meant 96-bit space (three dwords)

Man, thanks now things are clear for me. i'd like to know about the encryption that softwares like word, excel, winrar & others use, waiting to see your paper

[]'s
DuDu

Word & excel store three 16-byte values in the file. Look for 01 00 01 00 at a 16-byte boundary and they follow immediately afterwards. I'll call these three first, second, and third.

To check a password, you do the following:

RC4Init(LM(LM((LM(pw) + first) x 10h) + 00 00 00 00))

where LM(a) is the first 40 bits of MD5 hash of a, + is concatenation, x N is repeated concatenation N times.

Decrypt second and third.

If MD5(second) == third, then the password is correct.

The source to RAR encryption is available at RARsoft's site. The file is CRCCRYPT.C