I am curious about how password recovery works for password protected files. And I want to know the exact flow of the 7-zip encryption mechanism.
7-zip uses AES-256 encryption algorithm in CBC mode, to encrypt files or a folder. The key is generated from user supplied pass-phrase based on SHA-256 hash function. The SHA-256 is executed 219 (524,288) times to increase the cost of exhaustive search. Also, to help reduce the risk of dictionary attacks, salt is appended to original pass-phrase before generating hash.
My First question is how does key_derivation function work to generate a 256-bit key ? What is importance of IV for AES CBC mode and how it is generated?
My second and most important question is how key is verified to decrypt the 7-zip archive ? I mean how does its key_verification function work ?
The key derivation function is in the source of file 7zAes.cpp, it's called:
void CKeyInfo::CalculateDigest()
and it creates the key using a proprietary (rather dull) mechanism.
I haven't been able to find the key_verification method yet, if it exists. I'll let you know if I do find it.