Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:15:21
jwashbur@whittman-hart.com
Wed, 14 Oct 1998 09:02:36 -0500
I want to be clear.
Your question was regarding the psuedo-random number generator used to
create the 11 byte prefix to the encrypted data stream of a PKZip file.
The transformation of the compressed data stream into an encrypted data
stream for PKZip 2.0+ is:
A) [PK Local File Header][Compressed data stream]
||
||
\/
B) [PK Local File Header][11 Byte IV][High Btye of CRC][Compressed data
stream]
||
||
\/
C) [PK Local File Header][Encrypted data stream]
The size of the encrypted data stream in step C is the size of compressed
data stream + 12 bytes.
The transformation of:
[11 Byte IV][High Btye of CRC][Compressed data stream] from step B
into
[Encrypted data stream] in step C
is by XORing the compressed data with the incredibly weak 96-bit random
number generator. This 96-bit random number generator is the subject of
the Kocher / Bihlam attack.
Your question was how were the 11 bytes of the [11 Byte IV] in step B
generated? The answer to this narrow question is: any method you want.
Using the knowledge of how the IV was created should narrow the possible
plaintext combinations of the IV. With this you should be able to employ
the Kocher / Bihlam attack for the rest of the encrypted data stream. I
have another hint that may help. I believe the 11 bytes IV's for
successive files are linked. E.g. if you have a Zip archive of 10 files,
the 110 bytes of the 10 IV's are from the same PRNG stream. Byte 1 of the
IV for file 2 is the successor of Byte 11 of the IV for file 1. The
assumption here is that all files in the PKZip archive are encrypted with
the same password. This is often the case, but it is not required the
PKZip file format defined in APPNOTE.TXT.
Hope that helps.
In Liberty,
John Washburn
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:15:21