![]() Now, if you use a tool which supports the newer, AES-based encryption, things will look better, provided that the format and implementation were not botched, and the password has sufficient entropy. ![]() Phil Katz was very good in his domain, but the best cryptographers in the world will tell you that it takes much more than one extremely good cryptographer to make a secure algorithm - it takes many cryptographers who feverishly propose designs and try to break the designs of the others, for a few years, until a seemingly robust design emerges (where "robust" means "none could find the slightest argument to support the idea that they may, possibly, make a dent in it at some unspecified date"). a reminder that you should not roll your own crypto.The attack on Zip encryption is actually: Some years ago (quite a few now, tempus fugit), I have seen a password cracking software by Ivan Golubev which put this science to good use, and could crack Zip encryption in an hour. The result has even been improved, notably because the files in an archive are encrypted separately but without proper key diversification. if one of the files in the archive is an image, it will probably be uncompressed and begin with a known header). 13 bytes are relatively easy to obtain (e.g. ![]() With 13 bytes of known plaintext, the complexity of the attack is about 2 38 operations, which is doable in a few hours on a PC. This is a homemade stream cipher, and it is weak. When creating a password-protected Zip file (with the "compressed folder" utility integrated in the OS), Windows XP uses the "standard" encryption algorithm for Zip files.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |