, 9 tweets, 6 min read Read on Twitter
So I wanted to encrypt some files. Thought about using 7z+password. Stackexchange folks said "Didn't review it but it should be fine. You can browse the code yourself". So I did. After a few mins I noticed they use 8byte "random" IV. Yes, half of IV is zeroes. But it gets worse.
Aside from the fact that 7z XORs plaintext with zeroes, I was curious about the "RandomGenerator" which generates IV. That's when I vomited. The first comments say "This is not very good random number generator. Please use it only for salt." It is not used only for salt.
Yes, it uses PID and time(null) as seed. Yes, this is 7zip's random generation code running on your computers in 2019. More "cursed" code below. #7zip #encryption #facepalm #randomness #entropy #RNG #crypto #cryptofail
Now that was just the Init() of RandomGenerator which happens once, the next random values are generated as shown here. Yep, it mixes in a totally random hardcoded salt to previous SHA256 state. Then returns up to 16 "random bytes". Doesn't check that 'size' argument < 16.
And there you have it folks. Open-source "many eyes have looked at it for years so it must be secure" crypto code. AES256-CBC but supplied with IVs half of which are zeroes, and the other generated by a toy RNG. That's just from a 30min review. #7zip #7z #opensource #FOSS #crypto
If you think it's better to use zip encryption instead of 7z in 7zip, here's a recent @whitequark tweet to prove you wrong:
I thought about reporting this at 7zip Sourceforge forums but then I vomited again when I saw a long thread of largely incoherent exchanges on how 7z should be using Twofish instead of AES-256 because obviously NSA backdoored AES back in 2001 didn't you hear
Seems typical of crypto/security code reviews in general - a bunch of folks fighting over which hipster encryption/hashing/signing algos to use, while overlooking the most obvious vulns and holes visible to anyone with half a brain and a few mins to spare. End of rant. #security
Reported the bug here: sourceforge.net/p/sevenzip/bug…
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Michal Stanek
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!