Improved Forensic Recovery of PKZIP Stream Cipher Passwords

Abstract

Data archives are often compressed following the PKZIP format and can optionally be encrypted with either the PKZIP stream cipher or the AES block cipher. In this article, we present new implementations of two attacks against the PKZIP stream cipher. To our knowledge, this is the first time those attacks have been demonstrated on Graphical Processing Unit (GPU). Our first implementation is retrieving archive passwords using the internal state of the PKZIP stream cipher obtained through the known-plaintext attack of Biham and Kocher. Passwords up to length 14 can be recovered within. month considering. single Nvidia 1080 Ti GPU. If one hundred of those cards are available, passwords up to length 15 would be recovered in less than 27 days. The second implementation is. more direct attack designed to retrieve an archive's password without requiring any additional knowledge than the ciphertext. Experimental results show that our two implementations are at least ten times faster than the state of the art. This is an undeniable asset for investigators who may be particularly interested in further deepening their forensic analysis on an encrypted archive.