1

Stock 7-Zip AES-256 encryption runs your password through a hash function 524,288 times ($2^{19}$).

Source 1 Source 2

This is considered to be

Not very good compared to a standard amount of Argon2 or Scrypt

and

not safe from massive parallelization

The 7zAes.cpp file helpfully says that the upper hashing limit is $2^{24}$ (16,777,216).

I have compiled 7-Zip using that upper limit, changing this line to 24.

The question is; does this make a material difference to the previous assessments?

Side-notes: 7-Zip for linux has been available since 23.01 (2023-06-20). Picocrypt is typically recommended as an alternative to 7-Zip, it is now unmaintained

Edit: The actual upper limit seems to be $2^{63}$ (9,223,372,036,854,775,808). $2^{64}$ & greater result in a Headers Error when attempting to decrypt.

You can review the cost factor of a given 7-Zip file using this tool.

user125888
  • 11
  • 2

1 Answers1

1

It makes a difference of 2^5 :)

In slightly less glib terms, it makes any given password 32x harder to crack, but does not much to qualitatively change the difficulty of attack. SOTA password stretching schemes are designed to use memory and branching to make brute force by GPUs or ASICs harder which this scheme lacks. However, for a reasonably good password, this scheme is not too bad, in that it will require very substantial effort to break.

For example, with a fully random 10 character alphanumeric password, on average it will take about 2^84 sha256 operations to crack which is impenetrable for the foreseeable future.

Oscar Smith
  • 391
  • 1
  • 11