LostMyPass
    LostMyPassPro
    Start Recovery
    Modern strong

    7-Zip AES-256 — Hashcat Mode 11600

    TL;DR — 7-Zip uses AES-256 in CBC mode with a SHA-256-based KDF that's intentionally expensive — typically 19 rounds of SHA-256 mixing, equivalent to ~524,288 hash operations per password attempt. Recovery feasibility depends entirely on password strength.

    7-Zip cryptographic design

    7-Zip's encryption is built around AES-256-CBC. The key is derived from the password through a SHA-256 chain with NumCyclesPower (typically 19, configurable 0-31). NumCyclesPower=19 means 2^19 = 524,288 hash operations per password attempt.

    The KDF design predates standard PBKDF2 but achieves similar slow-by-design properties. Modern 7-Zip versions retain this scheme for compatibility.

    Recovery characteristics

    Per-password GPU throughput against mode 11600 is substantially slower than against ZipCrypto, WinZip AES, or even RAR3. The high KDF cost is the primary throttle.

    Recovery for 7-Zip archives is feasible for short or predictable passwords. Strong random passwords are typically not recoverable.

    Files commonly using 7z

    7z is popular in software distribution (smaller archive size due to LZMA2 compression), backup workflows, and technical communities. Common sources: software releases, backup archives, technical content distribution.

    Frequently Asked Questions

    How does NumCyclesPower affect recovery?
    Linearly. NumCyclesPower=19 (default) means 2^19 = 524,288 SHA-256 ops per password. NumCyclesPower=22 would mean 2^22 = ~4M ops — 8x slower per attempt. Each step doubles or halves recovery time.
    Is 7-Zip more secure than RAR5?
    Comparable. Both use AES-256 with strong KDFs. 7-Zip's NumCyclesPower=19 is similar in cost to RAR5's PBKDF2-32768. Strong random passwords are infeasible to recover in either format.
    Are .7z files always mode 11600?
    When password-protected with the default settings, yes. 7-Zip can also produce non-encrypted archives (.7z extension, no password) — those don't have a recovery problem.
    Will the recovered file extract identically?
    Yes. After password recovery, the archive extracts byte-identical content to what an authenticated user would see.

    Related references

    m13000Modern strongm12500Legacy RAR generationm13600Modern strong encryption

    Have a file in this category?

    Start with a free analysis. The encryption type is detected automatically; a free check runs through fast techniques before any paid attempt. You only pay if recovery actually works.

    Run a free analysis