Why Encrypted ZIP Files Can Have Two Valid Passwords – The PBKDF2 Hash Trick

Positive Technologies researcher Arseniy Sharoglazov shared an experiment showing that an encrypted ZIP file can be opened with two different passwords, both yielding the same extracted result.

He created x.zip using 7‑Zip with AES‑256 encryption and a long password that is a pun on a 1987 English song:

7z a x.zip -mem=AES256 -pNev1r-G0nna-G2ve-Y8u-Up-N5v1r-G1nna-Let-Y4u-D1wn-N8v4r-G5nna-D0sert-You

When extracting with the short password: 7z e x.zip -p pkH8a0AqNbHcdw8GrmSp No error is reported, and the archive extracts successfully.

BleepingComputer reproduced the experiment using p7zip (macOS 7‑Zip) and Keka, confirming that both passwords work because ZIP with AES‑256 uses PBKDF2. If the supplied password exceeds 64 bytes, the implementation hashes the password (using SHA‑1) and uses that hash as the actual key.

The long password’s SHA‑1 checksum is 706b4838613041714e62486364773847726d5370, which when expressed as ASCII becomes the short password pkH8a0AqNbHcdw8GrmSp. Thus the two “different” passwords are actually the same underlying hash.

Only passwords longer than 64 bytes trigger this pre‑hashing; shorter passwords are used directly. Therefore, the phenomenon does not indicate a vulnerability, merely the intended behavior of the PBKDF2‑based key derivation.

For more technical details see the PBKDF2 HMAC collisions section on Wikipedia: https://en.wikipedia.org/wiki/PBKDF2#HMAC_collisions