Search: [format]

The zip format encrypts using AES based on the user's password as the key. If the user's password is too long for the AES key, then it uses the hashed password instead. After hashing, there is no way to distinguish whether or not the key is a hash. This means both the original password or the hash can be used as the correct password.

I don't think it's a security vulnerability. Also, technically, these zip files may have more valid passwords, because by fixing the output of a hash function, there may be many inputs that produces the same output, although you can only find them if you know how to reverse a hash function.

format · interesting

August 24, 2022 at 10:43:33 GMT+8 * · permalink

https://www.bleepingcomputer.com/news/security/an-encrypted-zip-file-can-have-two-correct-passwords-heres-why/

The 0,5 MB of nothing in all Apple Music files

An interesting article on why there is half megabytes of empty bytes in every music file.

music · format · filesystem

April 11, 2022 at 14:46:39 GMT+8 * · permalink

https://www.ctrl.blog/entry/apple-music-nullbytes.html

Filters

Links per page

20 50 100

The Case for JPEG XL

QOI - Lossless Image Compression in O(n) Time

An encrypted ZIP file can have two correct passwords — here's why

The 0,5 MB of nothing in all Apple Music files

The 0,5 MB of nothing in all Apple Music files