Cracking Rick Astley: Nev1r-G0nna-G2ve-Y8u-Up-N5v1r-G1nna-Let-Y4u-D1wn-N8v4r-G5nna-D0sert-You
There was a fun tweet by Arseniy Sharoglazov outlining a possible backdoor in ZIP files [here]:
But, there’s an easy solution to this, and where the 7zip app basically just hashes the password when it is over 40 characters. For this, it uses the SHA-1 (160-bit) hash to perform this conversion and then just converts the byte values to ASCII characters. And, so, it is not a backdoor but just another way to represent the password. For the tweet, the input used is:
Nev1r-G0nna-G2ve-Y8u-Up-N5v1r-G1nna-Let-Y4u-D1wn-N8v4r-G5nna-D0sert-You
and the output is:
pkH8a0AqNbHcdw8GrmSp
Here is the Python code to implement this:
from cryptography.hazmat.primitives import hashesimport binasciifrom cryptography.hazmat.backends import default_backendst="Nev1r-G0nna-G2ve-Y8u-Up-N5v1r-G1nna-Let-Y4u-D1wn-N8v4r-G5nna-D0sert-You"try: data=st.encode()