Help with a password on zip file

itchy said:
But to get into the file, all files and his password will be encrypted.

NM he has remembered it. ;)
Click to expand...

His password just needs to be entered, if he knows the words used he could have guessed/tried the various possible combinations, you've confused guessing a password with breaking encryption.
 
dowie said:
His password just needs to be entered, if he knows the words used he could have guessed/tried the various possible combinations, you've confused guessing a password with breaking encryption.
Click to expand...

But you would not find the password through hex editing as all would be encrypted, no matter now.

Just don't forget passwords when packing files. ;)
 
itchy said:
But you would not find the password through hex editing as all would be encrypted, no matter now.
Click to expand...

You're still confusing things. He's not trying to hack the encrypted password from the encrypted file, he's just trying to brute-force the password by running a program that simply enters passwords until it finds the right combination of numbers/letters. That's just a straightforward dictionary attack.

He's not trying to break into the safe, he's trying to guess where someone has hidden the key so he doesn't have to crack the safe.
 
itchy said:
But you would not find the password through hex editing as all would be encrypted, no matter now.

Just don't forget passwords when packing files. ;)
Click to expand...

Eh? He's not trying to break the encryption??? It's like we're going around in circles here.

Do you not understand that he was trying to guess the password - the encryption is irrelevant... he just needed to enter the right combination of (known) words with some numbers between them, you're still confusing this with breaking encryption when it has nothing to do with it.
 
I have tried brute force and it has never worked, you would use more power than what the file is worth.

He remembered so all is well, you ever tried to brute force a password. A long process which renders your PC unusable when searching. Unless you lower cpu process priority.
 
itchy, you're still not thinking about this, perhaps re-read the OP. Brute force in this case requires only a small set of possible combinations - known words with some digits between them (presumably all his passwords are some combination in that format). Him getting it right it after trying a few combinations essentially is (manually) finding a solution via brute force.
 
itchy said:
I have tried brute force and it has never worked, you would use more power than what the file is worth.
Click to expand...

The file may be irreplaceable photos/documents, or something valuable like a bitcoin wallet. It's not really for anyone else to say how valuable it is to the OP when they don't even know what the contents are.

itchy said:
He remembered so all is well, you ever tried to brute force a password. A long process which renders your PC unusable when searching. Unless you lower cpu process priority.
Click to expand...

I've brute forced passwords and it can work if the password isn't too long or what you're trying to attack doesn't lock you out or increase times between password entry. It's not that big a deal and doesn't make your PC run slow, as it's typically a linear task that will likely use one core as it's always waiting for the program to respond.
 
Steampunk said:
I've brute forced passwords and it can work if the password isn't too long or what you're trying to attack doesn't lock you out or increase times between password entry. It's not that big a deal and doesn't make your PC run slow, as it's typically a linear task that will likely use one core as it's always waiting for the program to respond.
Click to expand...

Depends on password? I always use the same password with spelling mistakes, using upper and lower case also and numbers, or using the same password backwards with a 4 digit number at the beginning or end.

If you could even find a program to break my passwords then PM me. ;)
 
itchy said:
Depends on password? I always use the same password with spelling mistakes, using upper and lower case also and numbers, or using the same password backwards with a 4 digit number at the beginning or end.

If you could even find a program to break my passwords then PM me. ;)
Click to expand...

There's loads of them around, just have a google. If you know it's a very limited set of alpha-numerics, you can restrict the dictionary search to that, and it's just a question for waiting for all the combinations to run through. It's nothing special, it's just a way to get a PC to try every combination very fast.
 
itchy said:
I have tried brute force and it has never worked, you would use more power than what the file is worth.

He remembered so all is well, you ever tried to brute force a password. A long process which renders your PC unusable when searching. Unless you lower cpu process priority.
Click to expand...

Try to find a cracking software with GPU acceleration support, and it can improve the cracking speed a lot. I've ever used a GPU-accelerated tool iTunesKey and it can find my iTunes backup password. So I think you need to find a similar tool to crack your lost password.
 
itchy said:
Depends on password? I always use the same password with spelling mistakes, using upper and lower case also and numbers, or using the same password backwards with a 4 digit number at the beginning or end.

If you could even find a program to break my passwords then PM me. ;)
Click to expand...

Similar to what Steampunk said, but if you use the same password for all websites then your biggest issue is one of them getting compromised. You could use a 128 character random password but if your password is stored in plain text or with a weak encryption against your email address then it's game over. From there they have your email password which they can use get into other sites.

Use Lastpass, it's free, automatically integrates into all your browsers, devices, and phones or KeePass as above (but it's not as slick) to generate random passwords everywhere. The only password I have to remember is my master password. So if a site gets compromised they can get no further.
 
MrRoper said:
Now you know why password managers are so important.

I would recommend getting KeePass or similar
Click to expand...

I'll look at that. Given the monetary value that was involved in this for me, I'd actually be happy to pay a couple of quid for a decent service.

Also, it's got me thinking... I've added 2fa onto everything and I use Google Authentication. What's going to happen if I lose my phone? How do you guys manage stuff like that?
 
String said:
I'll look at that. Given the monetary value that was involved in this for me, I'd actually be happy to pay a couple of quid for a decent service.

Also, it's got me thinking... I've added 2fa onto everything and I use Google Authentication. What's going to happen if I lose my phone? How do you guys manage stuff like that?
Click to expand...

https://myaccount.google.com/signinoptions/two-step-verification

Go to the backup codes section and click show codes. Save these somewhere safe / print them out and you can use them to login if you've lost your phone. I've also added my landline number as a backup option here.
 
You must log in or register to reply here.
Back
Top Bottom