0

I use sha256 hash value to encrypt a password( no matter digit form or char form ). when I unzip the password-protected file, I can use at least two different hash to unzip my file -- it occurs a Hash collision. Although there is no searching point out this situation, I know md5 and sha-1 have hash collision. so what is the problem?

Case1: I use 5566 sha256 hash zip my file

zip -P be41b7f1fa56ba2b0582910053c86cf6ee7e311efc51300220df0918bb9a287b abc.zip abc

Reference Sha256(0138) = 687d579d0992a7895190ad126ba8051704753bdc85d52481a83da4670e2321d7

Reference Sha256(5566) = be41b7f1fa56ba2b0582910053c86cf6ee7e311efc51300220df0918bb9a287b

However, apart from 5566 hash value, I also can use 0138 hash value to unzip this file. The following code both success in file extraction.

     unzip -P 687d579d0992a7895190ad126ba8051704753bdc85d52481a83da4670e2321d7 abc.zip
     unzip -P be41b7f1fa56ba2b0582910053c86cf6ee7e311efc51300220df0918bb9a287b abc.zip

Case2: I can use 'daniel' sha256 hash and 'pivate' sha256 hash to unzip a file.

Thank you for your attention. Hope someone can solve my problems. I am doing a password brute-forcing assignment, and I cannot get the correct cracked password because of the above problem.

PHOTO

enter image description here

Hang Wui
  • 27
  • 5
  • Can it unzip using other strings as the password? Was your version of zip built with support for encryption? – Shawn Nov 20 '19 at 12:16
  • Can you replicate this with other compression tools that understand the zip format, like `7z`? – Shawn Nov 20 '19 at 12:27
  • And are you sure the zip file you're using has encrypted files (`zipinfo -v T3/quiz_cvs.zip` should tell you)? – Shawn Nov 20 '19 at 12:34

1 Answers1

0

[Solved] empty zip files may lead to problems in unzip.

Hang Wui
  • 27
  • 5