Question 1

How much plaintext do I need for bkcrack to work?

Accepted Answer

bkcrack requires at least 12 bytes of known plaintext, with a minimum of 8 contiguous bytes. More contiguous plaintext speeds up the attack, as specified in the README's usage section on recovering internal keys.

Question 2

bkcrack vs fcrackzip: which is better for cracking ZIP passwords?

Accepted Answer

bkcrack excels with known plaintext attacks on ZipCrypto, offering faster recovery if plaintext is available. fcrackzip uses brute-force or dictionary attacks and may support more encryption types, so choose bkcrack for ZipCrypto with plaintext; otherwise, fcrackzip is more versatile.

Question 3

How to install bkcrack on Windows?

Accepted Answer

Download the precompiled package from GitHub releases, extract it, and install Microsoft Visual C++ Redistributable if needed. Alternatively, compile from source using CMake, as described in the README's install section with step-by-step commands.

Question 4

Can bkcrack decrypt ZIP files with AES encryption?

Accepted Answer

No, bkcrack is specifically designed for the legacy ZipCrypto algorithm and cannot handle AES-encrypted ZIP files. For AES, you need other tools like John the Ripper or hashcat that target different encryption methods.

Question 5

What's the success rate of bkcrack if I have the plaintext?

Accepted Answer

With sufficient known plaintext (at least 12 bytes), bkcrack's attack is theoretically sound and has a high success rate in recovering keys, as it implements a proven cryptographic weakness from Biham and Kocher's research, assuming no errors in input.

Question 6

How long does password recovery take with bkcrack?

Accepted Answer

Recovery time depends on password length and charset; brute force can be slow for long passwords, but mask-based recovery with -m option drastically speeds it up by restricting search space, as explained in the password recovery section with examples.

bkcrack

What is bkcrack?

Overview

Use Cases

Best For

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions