possible to crack .7z file with sha-256?
#1
I am complete noob at this so please help. from google search, many results kept saying 7z/7zip uses sha-256.  then I came across this benchmark from github https://gist.github.com/epixoip/a83d38f4...804a270c40

it shows that 7z each 1080 GPU can only do about 7k to 8k hash/s (assuming password per seconds?), where as for sha-256 can go upwards of 3000 MH/s which is 3 billion hash/s compare to just 8k of 7zip. that is ~370000x faster.

is it possible to use hastcat with SHA256 for 7zip so its faster?

not -m 11600 (archive 7zip)
hashcat64.exe -m 11600 -a 3 hast.txt

instead use -m 1400
hashcat64.exe -m 1400 -a 3 hast.txt

edit: i just realize google is saying 7zip is using AES 256 and not SHA 256. what is the difference? also I can't seem to find AES 256 under help menu for -m in hastcat.

edit 2: google also says "To create that key 7-Zip uses derivation function based on SHA-256 hash algorithm. " so which is it, AES256 or SHA 256 i am so confused.
Reply
#2
So usually anything encrypted like this has two bits. Firstly, the encryption password, e.g. "fubar", needs to be turned into an encryption key suitable for AES. This uses a Key Derivation Function, such as PBKDF2 ( https://en.wikipedia.org/wiki/PBKDF2 ) which can definitely be based around SHA256, but is different to a straight sha256("fubar").

The result of PBKDF2-SHA256 ("fubar") is a key which is used for the encryption or decryption with AES.

I haven't looked at 7-zip in particular, so I don't the exact way it does it, but in general the password needs to be turned into a key before the encryption.
Reply
#3
No you can not simply replace some mode with a random other mode. If you could, everyone would do it.

For the difference between SHA256 and AES256 I recommend wikipedia.
Reply
#4
so i have to use -m 11600 basically right? slow!!!
Reply
#5
(01-22-2020, 11:39 PM)yugiohle Wrote: so i have to use -m 11600 basically right? slow!!!

Yep. Someone took a reasonable amount of care to make sure it is not easy to crack.
Reply