Re: Investigating the Suspect Computer

["Brian W. Buchanan" <brian@smarter.than.nu>]

> THIS PACKAGE IS DISTRIBUTED TO LAW ENFORCEMENT AND 
> PRIVATE INVESTIGATORS ONLY!!  THE ARCHIVE FILE IS [PKZip] 
> ENCRYPTED, AND YOU WILL NEED A PASSWORD TO EXTRACT
> THE ARCHIVE.  IF YOU ARE NOT WORKING IN LAW ENFORCEMENT, 
> DON'T BOTHER TO DOWNLOAD THE FILE, WE WILL NOT DISTRIBUTE 
> THE PASSWORD UNLESS WE CAN VERIFY YOUR CREDENTIALS. 

6161234432565677 possibilities for up to 8 printable-characters (roughly 2^52)

217180147133 poss. for up to 8 lowercase letters (roughly 2^38)

54507958502609 poss. for up to 8 lower/upper letters (roughly 2^46)

221919451578029 poss. for up to 8 alphanumeric chars. (roughly 2^48)

Apparently, the password can be up to 80 printable characters in length...

715934338421370680344382998236434541670979942120825502830105586745112050\
939906381266091474511676185877408805164512571770773165479768270778933665\
90119714237357 possibilities worst-case (roughly 2^524)

According to one of the READMEs that comes with a public domain
implementation of the PKZIP crypto algorithm, there is a known-plaintext
attack against it described at http://www.cryptography.com/.

If it's 8 or less lower-case letters, it would seem that it's probably
crackable in a reasonable amount of time on a high-end desktop PC or
workstation.  Anything more would probably require a distributed attack.

-- 
Brian Buchanan                                      brian@smarter.than.nu

Never believe that you know the whole story.