01-29-2026, 06:36 AM
Hashmode: 11600 - 7-Zip
I am trying to crack a few 7-zip archives. Ironically I don't believe I created any of them to be 'uncrackable'. I incorrectly believed 7z was a weak cipher. I put these on a cloud provider and my threat model was I didn't want it to be the very first password that they tried (1234).
I have not yet tried a dictionary derived from password leaks. It may be a password like "qwerty" (simple function/rule of a US keyboard), but it should not be a password like "letmein" (grammar rules of English). So I have not focused on using a leak dictionary.
I have an RTX 3070. My benchmark is around 600 kH/s but in the real world it's around 28 kH/s = 28,000 hashes/second.
Is anything close to 600 kH/s = 600,000 hashes/second possible on this hardware? I am on The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux and all my drivers seem to be working. I installed the 'everything' set in The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) so some convenience features (e.g. prebuilt dictionaries/rules) are included.
I think my commands and methodology are correct because I already cracked one 7z this way. I tried some of the stuff in the FAQ about the gpu being too slow. I am mostly running a straight mask bruteforce (?l?d) but I've also tried generating a dictionary of attacks with mp32. I am very intrigued by the max character parameter. I believe my passwords probably do not have the same character more than once. The parameter in my version only allows a max of 2 or greater. I would love to set it to 2 or greater, or maybe process the dictionary.txt with another linux command to remove pointless lines.
I have brute forced up to around 5 characters for plausible passwords. If I can do 600,000 H/s then I believe I can brute it. Otherwise I need to generate a much smaller key space.
I also have several RX 470 mining GPUs but it would take some work to set them up.
Creation dates of 7z I am cracking:
2015-12-14
2018-01-13
2020-11-12
Notably, it seems the pre-2019 files may use a weaker cryptography.
https://sourceforge.net/p/sevenzip/bugs/2176/
My crypto knowledge is just the 101 level. I don't know how important this flaw is.
Thanks for any help.
I am trying to crack a few 7-zip archives. Ironically I don't believe I created any of them to be 'uncrackable'. I incorrectly believed 7z was a weak cipher. I put these on a cloud provider and my threat model was I didn't want it to be the very first password that they tried (1234).
I have not yet tried a dictionary derived from password leaks. It may be a password like "qwerty" (simple function/rule of a US keyboard), but it should not be a password like "letmein" (grammar rules of English). So I have not focused on using a leak dictionary.
I have an RTX 3070. My benchmark is around 600 kH/s but in the real world it's around 28 kH/s = 28,000 hashes/second.
Is anything close to 600 kH/s = 600,000 hashes/second possible on this hardware? I am on The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux and all my drivers seem to be working. I installed the 'everything' set in The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) so some convenience features (e.g. prebuilt dictionaries/rules) are included.
I think my commands and methodology are correct because I already cracked one 7z this way. I tried some of the stuff in the FAQ about the gpu being too slow. I am mostly running a straight mask bruteforce (?l?d) but I've also tried generating a dictionary of attacks with mp32. I am very intrigued by the max character parameter. I believe my passwords probably do not have the same character more than once. The parameter in my version only allows a max of 2 or greater. I would love to set it to 2 or greater, or maybe process the dictionary.txt with another linux command to remove pointless lines.
I have brute forced up to around 5 characters for plausible passwords. If I can do 600,000 H/s then I believe I can brute it. Otherwise I need to generate a much smaller key space.
I also have several RX 470 mining GPUs but it would take some work to set them up.
Creation dates of 7z I am cracking:
2015-12-14
2018-01-13
2020-11-12
Notably, it seems the pre-2019 files may use a weaker cryptography.
https://sourceforge.net/p/sevenzip/bugs/2176/
My crypto knowledge is just the 101 level. I don't know how important this flaw is.
Thanks for any help.