Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

7z AES encryption - IV randomness issues #379

Closed
maenpaa24 opened this issue Mar 6, 2019 · 7 comments
Closed

7z AES encryption - IV randomness issues #379

maenpaa24 opened this issue Mar 6, 2019 · 7 comments

Comments

@maenpaa24
Copy link

@maenpaa24 maenpaa24 commented Mar 6, 2019

Hi! There was a bug in 7zip AES encryption which has been fixed recently. It has been reported here:

https://sourceforge.net/p/sevenzip/bugs/2176/

I haven't seen anything about it in the changelog. Is it fixed in the latest version? If so, could you add it to the changelog?

Thanks.

@aonez aonez self-assigned this Mar 6, 2019
@aonez
Copy link
Owner

@aonez aonez commented Mar 6, 2019

I'll check that one! Thanks for the tip 👍

@aonez aonez added this to the 1.1.13 milestone Mar 6, 2019
@aonez
Copy link
Owner

@aonez aonez commented Mar 7, 2019

Will use the enhanced code on next 1.1.13 revision. Thanks again @maenpaa24!

Here the p7zip source patch: 15-Enhanced-encryption-strength.patch.zip

@aonez aonez added the fixed label Mar 7, 2019
@maenpaa24
Copy link
Author

@maenpaa24 maenpaa24 commented Mar 7, 2019

Thanks to you for your hard work!

@aonez
Copy link
Owner

@aonez aonez commented Mar 19, 2019

Keka 1.1.13 released with this patch! Thanks again for the feedback @maenpaa24!

@aonez aonez closed this Mar 19, 2019
pull bot pushed a commit to amio/homebrew-core that referenced this issue Aug 8, 2019
There was a bug in 7zip AES encryption. To fix this the size of random initialization vector was
increased from 64-bit to 128-bit and the pseudo-random number generator was improved.
It has been reported here: https://sourceforge.net/p/sevenzip/bugs/2176/

Keka fixes this in aonez/Keka#379 and provided a patch against p7zip.

Closes Homebrew#42565.

Signed-off-by: Sean Molenaar <smillerdev@me.com>
vaboro added a commit to vaboro/homebrew-core that referenced this issue Aug 11, 2019
There was a bug in 7zip AES encryption. To fix this the size of random initialization vector was
increased from 64-bit to 128-bit and the pseudo-random number generator was improved.
It has been reported here: https://sourceforge.net/p/sevenzip/bugs/2176/

Keka fixes this in aonez/Keka#379 and provided a patch against p7zip.

Closes Homebrew#42565.

Signed-off-by: Sean Molenaar <smillerdev@me.com>
@freemin7
Copy link

@freemin7 freemin7 commented Apr 15, 2020

I am sorry that i am necromancing this thread. Are you aware of tools that exploit this error in 7Zip. I encrypted a file in 2017 but have forgotten the password.

@aonez
Copy link
Owner

@aonez aonez commented Apr 15, 2020

Not really @freemin7, sorry.

@maenpaa24
Copy link
Author

@maenpaa24 maenpaa24 commented Apr 15, 2020

Neither am I, sorry.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants