Winzip's 256bit-AES encryption & self-extracting files

Winzip's 256bit-AES encryption & self-extracting files
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Winzip's 256bit-AES encryption & self-extracting files Bakko 12-29-2007
Posted by Sebastian G. on December 30, 2007, 4:32 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
zipeg wrote:

> it does not matter if it is self extracting or normal archive. AES is
> strong encryption.


Who cares if it's strong? Since nothing authenticates the SFX module, the
attacker can replace it with his own one, which, in addition to decrypting
the archive, sends him the entered password.

Posted by Bakko on January 3, 2008, 3:28 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On Sun 30 Dec 2007 17:06:04, zipeg
>
> it does not matter if it is self extracting or normal archive. AES
> is strong encryption. However a lot of mail servers/clients will be
> unhappy about .exe as an attachment. It is better to send just
> normal encrypted zip file and advise your recipients to use
> freeware like 7-zip or Zipeg 'Zipeg - Got pictures? Zip thru JPEG
> photo archives' (http://www.zipeg.com) to unpack them.


AES is strong. But has Winzip incorporated AES into self-extracting
files in a way that does not introduce weaknesses.

ISTR that the early AES 256 Zip files created by Winzip had some sort of
weakness due to the way it was implemented.

Posted by Sebastian G. on January 3, 2008, 5:20 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Bakko wrote:


> AES is strong. But has Winzip incorporated AES into self-extracting
> files in a way that does not introduce weaknesses.
>
> ISTR that the early AES 256 Zip files created by Winzip had some sort of
> weakness due to the way it was implemented.


Your memories are corrupt, but presumably this has been fixed. According to
the latest documentation, analysis tell that there's no weakness lesser than
AES itself.

The big problem still is that the authentication only covers the archive
part, not the SFX part. The SFX part might be changed to do anything,

Similar ThreadsPosted
What is the earliest version with full harddisk encryption (not only files) ? July 27, 2005, 9:05 am
Searching tool for FULL disc encryption (not only volume files) July 28, 2005, 11:06 am
SSL/https De-encryption July 6, 2004, 9:15 am
NTFS Encryption April 26, 2005, 6:31 pm
Encryption Key Storage August 25, 2005, 8:09 am
Email Encryption September 17, 2005, 12:20 am
Encryption size October 25, 2005, 3:13 am
Determine what encryption was used April 18, 2006, 8:52 am
Determine what encryption was used April 28, 2006, 4:50 am
Encryption for Powerpoint? May 19, 2006, 11:34 pm

The site map in XML format XML site map

Contact Us | Privacy Policy