[delphizip] Password checking

• From: "James Turner" <james.d.h.turner@xxxxxxxxxxxx>
• To: <delphizip@xxxxxxxxxxxxx>
• Date: Fri, 9 May 2003 18:07:47 +0100

Irrespective of specifications, the algorythm is definitive and the
algorythm appears to support a16bit integrity check rather than an 8bit
integrity check for passwords.

I may be mistaken, but if the algorythm does indeed support 16 bit checks
then it seems sensible to me that 16bit checks should indeed be used rather
than 8bit.

The password checking code is extremely twisted and I doubt there are more
than a few dozen people on the planet that actually understand it (and I am
certainly not one of them) but it is not always necessary to understand how
a piece of computer code works, but rather you simply need to understand
what it does. My analysis of what the code does (not how or why it does it)
lead me to use 16 bit checks rather than 8bit.

James Turner
SKARO.NET

----- Original Message -----
From: "markus stephany" <delphizip@xxxxxxxxx>
To: <delphizip@xxxxxxxxxxxxx>
Sent: Friday, May 09, 2003 4:51 PM
Subject: [delphizip] Re: Memory leak in Inflate.c in Unzip.dll


>
> well, i am not a math guru...
>
> but... in the pkzip specs i found the following:
>
> ----------------------------------------------------------------------
> After the header is decrypted,  the last 1 or 2 bytes in Buffer
> should be the high-order word/byte of the CRC for the file being
> decrypted, stored in Intel low-byte/high-byte order. Versions of
> PKZIP prior to 2.0 used a 2 byte CRC check; a 1 byte CRC check is
> used on versions after 2.0. This can be used to test if the password
> supplied is correct or not.
> ----------------------------------------------------------------------
>
> since in pkzip 2.0 only ONE byte (the last key byte) seems to be used
> for crc checking, is it really correct to check against the last TWO
> key bytes?
>
>
>

-----------
To unsubscribe from this list, send an empty e-mail 
message to:
  delphizip-request@xxxxxxxxxxxxx 
and put the word unsubscribe in the subject.

• Follow-Ups:
  • [delphizip] Re: Password checking
    • From: R. Peters

• References:
  • [delphizip] Memory leak in Inflate.c in Unzip.dll
    • From: Roger Aelbrecht
  • [delphizip] Re: Memory leak in Inflate.c in Unzip.dll
    • From: James Turner
  • [delphizip] Re: Memory leak in Inflate.c in Unzip.dll
    • From: Roger Aelbrecht
  • [delphizip] Re: Memory leak in Inflate.c in Unzip.dll
    • From: James Turner
  • [delphizip] Re: Memory leak in Inflate.c in Unzip.dll
    • From: Roger Aelbrecht
  • [delphizip] Re: Memory leak in Inflate.c in Unzip.dll
    • From: James Turner
  • [delphizip] Re: Memory leak in Inflate.c in Unzip.dll
    • From: markus stephany

Other related posts:

• » [delphizip] Password checking
• » [delphizip] Re: Password checking
• » [delphizip] Re: Password checking
• » [delphizip] Re: Password checking
• » [delphizip] Re: Password checking

1. Home
2. delphizip
3. Archive
4. 05-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---