4

A person I know sent me an encrypted .zip archive and I do not know what data is inside. Is it legal to break the password and open the archive, for example, by using a brute force algorithm? The algorithm may need a long time, but it will reveal the password that was used for the encryption.

The file was sent directly to me and I know that I am meant to be the recipient. I assume that the file was protected by accident.

Would the answer be different if I am not the intended recipient and someone sent me the file by accident?

We both live in Germany.

pschill
  • 157
  • 3

2 Answers2

5

If you aren’t the intended recipient of the password-protected file:

  • StGB § 202a makes it illegal to access this file

  • StGB § 202c makes it illegal to obtain (e.g., by brute forcing) the password for this file, if you intend to access the file that way (in the sense of § 202a)

    (this is the so-called hacker paragraph)

If you are the intended recipient, this law doesn’t seem to apply, and it shouldn’t be illegal to brute-force the password.

Community
  • 1
unor
  • 1,154
  • 9
  • 22
2

I'm going to go with yes, it's legal but it's not advised. But first, allow me to explain:

I believe the contents of the file will be what determines whether or not you break the law. Whilst you may be the intended recipient of this encrypted file, the subject of "how" you access it will not the issue. Yes, you could crack the password on it but if you are only gaining access to an empty folder then you could argue that you have not gained unauthorised access to anything. If the folder happens to contain some confidential information from Area 51 (obviously as an example), then you have accessed data you are not authorised to access.

Now, you could argue that you cracked the password but didn't access any files within the folder. You can't say that just because you have access to something that you definitely used it - after all people have knives in their kitchens but they don't go stabbing people every day.

My opinion is that it's best to ask your friend what exactly the data is within this file. Until then, you risk infringing data protection laws. If you do crack the file, you are riding the edge of a very fine knife.

Horkrine
  • 283
  • 2
  • 10