a reminder that you should not roll your own crypto. The attack on Zip encryption is actually: Some years ago (quite a few now, tempus fugit), I have seen a password cracking software by Ivan Golubev which put this science to good use, and could crack Zip encryption in an hour. The result has even been improved, notably because the files in an archive are encrypted separately but without proper key diversification. if one of the files in the archive is an image, it will probably be uncompressed and begin with a known header). 13 bytes are relatively easy to obtain (e.g. With 13 bytes of known plaintext, the complexity of the attack is about 2 38 operations, which is doable in a few hours on a PC. This is a homemade stream cipher, and it is weak. When creating a password-protected Zip file (with the "compressed folder" utility integrated in the OS), Windows XP uses the "standard" encryption algorithm for Zip files.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |