Home > Archive > Compression > November 2007 > Secure method of ZIP
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Secure method of ZIP
|
|
| Ali Chambers 2007-11-10, 9:56 pm |
| Hello,
Can anyone recommend a utility which allows me to compress files and
folders, and encrypt them securely with a password.
I have WinZip but am told it is easy to crack encrypted zip files.
I would like to compress personal information and make it difficult to
crack.
Many thanks,
Alex
| |
| Mark Adler 2007-11-11, 3:56 am |
| On Nov 10, 7:10 pm, Ali Chambers <i...@alexchambers.co.uk> wrote:
> Can anyone recommend a utility which allows me to compress files and
> folders, and encrypt them securely with a password.
Use whatever compressor you like, and then GnuPG ( http://www.gnupg.org/
).
Mark
| |
| Phil Carmody 2007-11-11, 7:56 am |
| Ali Chambers <info@alexchambers.co.uk> writes:
> Hello,
>
> Can anyone recommend a utility which allows me to compress files and
> folders, and encrypt them securely with a password.
>
> I have WinZip but am told it is easy to crack encrypted zip files.
>
> I would like to compress personal information and make it difficult to
> crack.
Then encrypt your compressed files with PGP. What is this
perverse obsession with having both functions in the same
package?
Phil
--
Dear aunt, let's set so double the killer delete select all.
-- Microsoft voice recognition live demonstration
| |
| Industrial One 2007-11-11, 6:56 pm |
| On Nov 11, 5:09 am, Phil Carmody <thefatphil_demun...@yahoo.co.uk>
wrote:
> Then encrypt your compressed files with PGP. What is this
> perverse obsession with having both functions in the same
> package?
....? Shut the hell up, tits.
| |
| Mr.Bolshoyhuy 2007-11-12, 6:56 pm |
| On Nov 10, 10:10 pm, Ali Chambers <i...@alexchambers.co.uk> wrote:
> Hello,
>
> Can anyone recommend a utility which allows me to compress files and
> folders, and encrypt them securely with a password.
>
> I have WinZip but am told it is easy to crack encrypted zip files.
uh, ye, if you connect 4 powerful PCs and run them 24hrs/day for 10
days.
download one of those password recoverers. create a 5 character
password, and see how long it takes to crack it.
| |
| Jim Leonard 2007-11-12, 6:56 pm |
| On Nov 12, 3:48 pm, "Mr.Bolshoyhuy" <bolshoy...@hotmail.com> wrote:
>
> uh, ye, if you connect 4 powerful PCs and run them 24hrs/day for 10
> days.
> download one of those password recoverers. create a 5 character
> password, and see how long it takes to crack it.
I don't know what extensions Winzip stuck into the zip format and what
strength they are, but I can brute-force crack a 1991 DOS-era pkzip
2.04g .zip password in about two w s with my year-2007 machine. So
his concern is not entirely invalid.
| |
| Mark Nelson 2007-11-13, 7:56 am |
| On Nov 12, 4:39 pm, Jim Leonard <MobyGa...@gmail.com> wrote:
> I don't know what extensions Winzip stuck into the zip format and what
> strength they are, but I can brute-force crack a 1991 DOS-era pkzip
> 2.04g .zip password in about two ws with my year-2007 machine. So
> his concern is not entirely invalid.
Does the brute force attack on a pkzip password require a test run of
inflate and then a comparison of checksums / password?
|
| Mark Nelson - http://marknelson.us
|
| |
| Mark Adler 2007-11-13, 6:56 pm |
| On Nov 13, 2:13 am, Mark Nelson <snorkel...@gmail.com> wrote:
> Does the brute force attack on a pkzip password require a test run of
> inflate and then a comparison of checksums / password?
For the most part, no. The original zip "encrypted" format provides a
short (12 byte if I recall correctly) encrypted header that's supposed
to end in one or two bytes from the CRC in the local header. You can
rapidly check passwords against that header, and if it matches (which
is uncommon), then you keep going with the inflation to see if that
works.
Mark
| |
| Jim Leonard 2007-11-13, 6:56 pm |
| On Nov 13, 4:13 am, Mark Nelson <snorkel...@gmail.com> wrote:
> On Nov 12, 4:39 pm, Jim Leonard <MobyGa...@gmail.com> wrote:
>
>
> Does the brute force attack on a pkzip password require a test run of
> inflate and then a comparison of checksums / password?
As far as I know, yes (I am not the author of the programs I have used
to do this), although in the past I have used programs that have ways
to narrow down the key search range or eliminate it entirely. For
example, with an archive where at least one of the files is available
unencrypted, that one unencrypted file can be used for a known
plaintext attack to drastically reduce the amount of time it takes to
find the key.
I regret I can't give you a complete explanation of exactly how all
the various methods are performed, sorry...
| |
| Thomas Pornin 2007-11-13, 6:56 pm |
| According to Jim Leonard <MobyGamer@gmail.com>:
> I regret I can't give you a complete explanation of exactly how all
> the various methods are performed, sorry...
See http://math.ucr.edu/~mike/zipattacks.pdf
Basically, the symmetric encryption is a stream cipher (a finite state
machine) with a number of weaknesses which allow the attacker to
"unravel" it layer by layer. The basic attack requires 13 bytes of known
plaintext, eight of which being consecutive. If several files are
archived with the same password, then the headers yield much information
and the number of known plaintext bytes drops. Work factor is about 2^39
elementary operations; this is workable in a few hours on a modern PC.
Of course, modern Zip implementations tend to use other symmetric
cipher algorithm, such as the AES, which do not have that kind of
weakness.
--Thomas Pornin
| |
| Phil Carmody 2007-11-13, 6:56 pm |
| Thomas Pornin <pornin@bolet.org> writes:
> According to Jim Leonard <MobyGamer@gmail.com>:
>
> See http://math.ucr.edu/~mike/zipattacks.pdf
>
> Basically, the symmetric encryption is a stream cipher (a finite state
> machine) with a number of weaknesses which allow the attacker to
> "unravel" it layer by layer. The basic attack requires 13 bytes of known
> plaintext, eight of which being consecutive. If several files are
> archived with the same password, then the headers yield much information
> and the number of known plaintext bytes drops. Work factor is about 2^39
> elementary operations; this is workable in a few hours on a modern PC.
Excellent, thanks for that link and that summary, Thomas, I'd
not encountered it before.
> Of course, modern Zip implementations tend to use other symmetric
> cipher algorithm, such as the AES, which do not have that kind of
> weakness.
And of course, software engineers being software engineers rather
than security engineers (and I say that as a softie), and often
these uses of AES are badly implemented and have holes. I think
WinZip had its first AES implementation trashed by one of the
usual suspects.
Phil
--
Dear aunt, let's set so double the killer delete select all.
-- Microsoft voice recognition live demonstration
| |
| Mark Nelson 2007-11-13, 9:56 pm |
| On Nov 13, 1:11 pm, Phil Carmody <thefatphil_demun...@yahoo.co.uk>
wrote:
> Thomas Pornin <por...@bolet.org> writes:
>
>
Thanks Thomas, that is a very instructive paper. Very much
appreciated!
I guess it's a tribute to deflate that a relatively weak cipher holds
up as well as it does. I wonder how hard it would be to crack when
applied to a format like BWT, where it would be nearly impossible to
find any known plaintext. Maybe in that case you'd be forced to
repeatedly decompress the entire file.
But this is dangerously near trolling, I'm stopping right here.
|
| Mark Nelson - http://marknelson.us
|
|
|
|
|
|