![[ICO]](/icons/blank.gif){kind=icon}
![[DIR]](/icons/back.gif){kind=icon}
![[TXT]](/icons/text.gif){kind=icon}
| Name | Last modified | Size | Description |
|---|---|---|---|---|
| Parent Directory | - | ||
| vimzipper.c | 27-Dec-2006 18:07 | 10K | |
Richard Jones, Physics Department
University of Connecticut, Storrs, CT
December 28, 2006
VimZipper is a command-line tool that reads in an encrypted text file created using the text editor vim with the option "-x" (or command :X) and wraps it in a zip archive so that it appears to have been encrypted by zip (or one of the many commercial Zip utilities). In this form it can be cracked using the widely-known zip encryption breakers like pkcrack.
This tool was written to facilitate the cracking of text files that have been encrypted using the "vim -x" facility of the popular vim editor. Such files will be known as "vim-x" files henceforth in this file. The encryption used by vim-x (as of v6.1) is identical to that of PKZIP (and InfoZip, NetZip, WinZip, etc.) so they can be decrypted without knowing the encryption password using the well-known plain text attack first described by Eli Biham and Paul Kocher in
The PKZIP standard encryption scheme has continued to be broadly used, in spite of its weak security, because of it was able to evade the strict U.S. export controls on encryption software that were in place in the 1990's. It was also favored because of its efficiency and its widely published implementations. The original "vi" editor (and its command line equivalent ex) on solaris had a -x argument which enabled users to encrypt disk images of text created in the editor with a password, based upon the unix "crypt" clib function. The authors of the vim "vi improved" editor for Linux/Windows (see web site http://www.vim.org) implemented a similar functionality, but based it on the PKZIP encryption algorithm instead of crypt. By the mid-1980's a text file encoded using crypt could be broken using automatic brute-force methods within a matter of hours on a desktop PC. Unfortunately, within another decade the PKZIP algorithm had suffered a similar fate. However, the makers of vim stuck with the zip algorithm, probably for compatibility reasons and to avoid legal export restrictions associated with strong encryption algorithms. As a result, those of us who like the convenience of "vi -x" are stuck with managing its weaknesses and making sure our most sensitive data are protected in other ways.
The attack described by Biham and Kocher relies on the user having access to a fragment of the decrypted file and knowing its offset in the file byte stream. This is not very useful if the attacker has no other way to guess the contents of a file than to look at the filename and size of the encrypted file. However, in an archive containing many files, there may be one for which an unencrypted copy can be found elsewhere. Once that is done, the archive encryption is all but broken. A number of programs implementing plain-text attacks on various types of zip files are widely available for download. A very good one is pkcrack by Peter Conrad.
pkcrack can work either on files inside zip archives or on the extracted contents, and requires only the first 13 bytes of one file in order to uniquely find the encryption key. The key is a set of 3 4-byte integers that completely contains the internal state of the encryption engine at the start of the file. Normally it is generated by the zip utility from a password chosen by the user, but it is the key itself that is needed to decrypt the archive, not the password. In cases where the user has chosen a very complex password, pkcrack can quickly report the initial keys. It also supports a reverse search for the password, but this is a brute-force attack and not very effective against good passwords. With the key only, the entire zip file can be instantly decrypted with no errors. The point of vimzipper is to wrap a vim-x file within a zip archive so that the pkcrack tools can be used to decipher it.
Commonly the zip utility compresses text files before it stores them in an archive. This should be a good defence against plain-text attacks because it makes the contents of the first few bytes of a file dependent on the contents of the entire file. However, the PKZIP encryption rules state that a 12-byte random string must be prepended to the encrypted data stream, and it seems that zip utility software authors have not been very careful about making it random. In 2001 Michael Stay (staym@accessdata.com) published a note reporting that the 12-byte string prepended by the popular WinZip program is highly predictable. Furthermore, the encryption engine is initialized afresh (with the same password) at the beginning of each archived file, so that combining these 12 characters with the header of any structured file can serve as the known plain-text for a plain-text attack. Using this knowledge it is possible to crack a zip archive that contains a typical user's home directory within a couple of hours on a desktop PC.
These efficient methods are not effective against most most vim-x files because (so far) there is no generally effective strategy for predicting the contents of a text file created in an editor. However, vim-x files are not compressed prior to encryption, so plain-text attacks using a short file fragment are still effective. This means that trying a random selection of common phrases (or computer language keywords for source files) placed at random offsets within the file has a good chance of success within a relatively short period of time. The basic weakness of PKZIP is that the key space is not very large, a fact that remains no matter how long a password is chosen.