

This means that for each bruteforcing iteration we need to do the following: So we effectively have 4 bytes of plaintext at the very beginning of the encrypted stream. Luckily, since in this case the encrypted file is in itself another ZIP archive, we know the 4-byte file header. In such a scenario, bruteforcing is going to be very expensive since each password permutation will require millions of operations. For bruteforcing, you would normally have to decrypt the entire file in order to actually confirm that you have the correct password. In my recent Metal API studies, I was curious to see if the GPU could offer a meaningful performance advantage if one wanted to simply bruteforce the password of such an archive. This program does not support such archives. NOTE: Modern ZIP archives are encrypted using a stronger, AES-based encryption cipher (which is not supported by this program) that utilizes proper password hashing based on PBKDF2, and will therefore be significantly slower to brute-force. This was a fairly primitive, 96-bit encryption scheme that has been broken in a number of different ways, though most of these techniques seem to require at least 12-14 bytes of known plaintext (which seems difficult to get with these ZIP archives I stored inside the encrypted ZIP archive). These ZIP archives were stored using the original ZIP encryption method, often referred to as the 'traditional PKWARE encryption'. Unsurprisingly, after over 15 years many of the passwords to those archives are now long forgotten, and so cracking them somehow became interesting. If you wanted to hide filenames, folder names, etc., you had to first put everything into one ZIP archive, then store that single archive into another, encrypted ZIP file. The problem was that ZIP archives don't actually encrypt their directory, so the metadata was stored in plaintext. Years ago, when I wanted to store files with a reasonable amount of security/privacy, I would use encrypted ZIP archives to store files. A fast GPU-based password brute-forcing tool for ZIP archives (for macOS)
