Why Can a ZIP Archive Have Two Valid Passwords? The PBKDF2 Secret Explained
An experiment by a security researcher shows that AES‑256 encrypted ZIP files can be opened with two completely different passwords because passwords longer than 64 bytes are hashed with PBKDF2, turning the hash into the actual key used for encryption and decryption.
Positive Technologies researcher Arseniy Sharoglazov demonstrated that an encrypted ZIP archive can be extracted with two distinct passwords, both producing the same result.
7z a http://x.zip/etc/passwd -mem=AES256 -p Long password used for creation: Nev1r-G0nna-G2ve-Y8u-Up-N5v1r-G1nna-Let-Y4u-D1wn-N8v4r-G5nna-D0sert-You 7z e http://x.zip Alternative password for extraction: pkH8a0AqNbHcdw8GrmSp
The long password is a 1987 pop‑song pun, but when the ZIP is created with AES‑256, the format applies PBKDF2 to any password longer than 64 bytes, hashing it and using the hash as the actual encryption key. The alternative password is the ASCII representation of the SHA‑1 hash of the long password, so both passwords resolve to the same key.
During extraction, if a password longer than 64 bytes is entered, the ZIP program hashes it again and compares the resulting hash with the stored key. A shorter password that matches the stored hash is accepted directly.
Thus, the phenomenon of two possible passwords does not indicate a vulnerability; it is a consequence of PBKDF2’s handling of long passwords.
For deeper technical insight, see the PBKDF2 HMAC collisions discussion on Wikipedia: https://en.wikipedia.org/wiki/PBKDF2#HMAC_collisions
Programmer DD
A tinkering programmer and author of "Spring Cloud Microservices in Action"
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.