Hello!
There were some weaknesses in 7-ZIPs crypto implementation which were fixed in the latest release of 7-Zip 19.00. Are these fixes also implemented in TC 9.22, or can they be added?
Thanks for a reply and many thanks for the fix of the unace vulnerability which is IMO much better than many other products such as WinRAR or Powerarchiver which simply deleted the dll and cancelled ace-support instead of patching it like done here.
Moriarty
7-Zip Crypto-weaknesses fixed in latest TC release 9.22?
Moderators: white, Hacker, petermad, Stefan2
-
sqa_wizard
- Power Member
- Posts: 3864
- Joined: 2003-02-06, 11:41 UTC
- Location: Germany
Re: 7-Zip Crypto-weaknesses fixed in latest TC release 9.22?
7-zip fixes of crypto implementation are related to packing only.HISTORY of the 7-Zip wrote:19.00 2019-02-21
-------------------------
- Encryption strength for 7z archives was increased:
the size of random initialization vector was increased from 64-bit to 128-bit,
and the pseudo-random number generator was improved.
TC supports only unpacking of 7z archives natively. No action required.
For packing 7z archives you may use Total7zip plugin which allows to use the original DLL files of 7-zip.
#5767 Personal license
-
ghisler(Author)
- Site Admin
- Posts: 48083
- Joined: 2003-02-04, 09:46 UTC
- Location: Switzerland
- Contact:
Re: 7-Zip Crypto-weaknesses fixed in latest TC release 9.22?
User sqa_wizard is right, it's on the packing side, which isn't implemented in TC itself. It looks like 7zip was using a weak random number generator for initialization vectors, which would make it easier to break the encryption. See discussion here:
https://sourceforge.net/p/sevenzip/discussion/45797/thread/6f7607738c/?limit=25
https://sourceforge.net/p/sevenzip/discussion/45797/thread/6f7607738c/?limit=25
Author of Total Commander
https://www.ghisler.com
https://www.ghisler.com