|
Posted by Bakko on December 29, 2007, 3:46 pm
If you were Registered and logged in, you could reply and use other advanced thread options
I am thinking of using Winzip 11 to send some files securely and will
use Winzip's 256bit-AES encryption.
My recipients may not have Winzip, so I will use Winzip to make a self-
extracting archive.
Would a 256bit-AES self-extracting archive with be more crackable than a
256bit-AES ordinary zip archive?
|
|
Posted by Sebastian G. on December 29, 2007, 7:08 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Bakko wrote:
> Would a 256bit-AES self-extracting archive with be more crackable than a
> 256bit-AES ordinary zip archive?
Yes, trivially, under the assumption of a modifying attacker. He could
modify the SFX part to transmit the password the user entered, then either
rewrite itself to the original SFX module or rootkitting the target system
to present itself as the original SFX. With the transmitted password, he can
decrypt the content.
|
|
Posted by Bakko on January 3, 2008, 3:25 pm
If you were Registered and logged in, you could reply and use other advanced thread options > Bakko wrote:
>
>
>> Would a 256bit-AES self-extracting archive with be more crackable
>> than a 256bit-AES ordinary zip archive?
>
>
> Yes, trivially, under the assumption of a modifying attacker. He
> could modify the SFX part to transmit the password the user
> entered, then either rewrite itself to the original SFX module or
> rootkitting the target system to present itself as the original
> SFX. With the transmitted password, he can decrypt the content.
Could this problem be overcome by having the PC disconnected from the
Internet?
|
|
Posted by Sebastian G. on January 3, 2008, 3:38 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>> Yes, trivially, under the assumption of a modifying attacker. He
>> could modify the SFX part to transmit the password the user
>> entered, then either rewrite itself to the original SFX module or
>> rootkitting the target system to present itself as the original
>> SFX. With the transmitted password, he can decrypt the content.
>
>
> Could this problem be overcome by having the PC disconnected from the
> Internet?
Most likely not, due to covert channels. Video display, audio noise, varying
power consumption, ...
|
|
Posted by VanguardLH on December 30, 2007, 4:41 am
If you were Registered and logged in, you could reply and use other advanced thread options >I am thinking of using Winzip 11 to send some files securely and will
> use Winzip's 256bit-AES encryption.
>
> My recipients may not have Winzip, so I will use Winzip to make a
> self-
> extracting archive.
>
> Would a 256bit-AES self-extracting archive with be more crackable
> than a
> 256bit-AES ordinary zip archive?
So how are you going to transmit the password for the recipient to
decrypt the file that would be just as secure as the encrypted file?
Since it sounds like you will be sending the file via e-mail to the
"recipients", have them get an e-mail cert, they send you their public
key, you use it to encrypt your file, and only they can decrypt it
using their private key. Otherwise, are you going to send them the
password in the clear in the same e-mail as has the attached encrypted
email? Are you going to send the password in a different email
despite the same malcontent that is sniffing your traffic to get the
encrypted attachment would also be sniffing it for another email with
the password? Call them over an unencrypted phone call? If you
password encrypt the file, just how are you going to get the password
to the recipient?
|
| Similar Threads | Posted | | What is the earliest version with full harddisk encryption (not only files) ? | July 27, 2005, 9:05 am |
| Searching tool for FULL disc encryption (not only volume files) | July 28, 2005, 11:06 am |
| SSL/https De-encryption | July 6, 2004, 9:15 am |
| NTFS Encryption | April 26, 2005, 6:31 pm |
| Encryption Key Storage | August 25, 2005, 8:09 am |
| Email Encryption | September 17, 2005, 12:20 am |
| Encryption size | October 25, 2005, 3:13 am |
| Determine what encryption was used | April 18, 2006, 8:52 am |
| Determine what encryption was used | April 28, 2006, 4:50 am |
| Encryption for Powerpoint? | May 19, 2006, 11:34 pm |
|
XML site map