Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Winzip and Due Diligence
From: "Password Crackers, Inc." <pwcrack () pwcrack com>
Date: Fri, 9 Mar 2007 20:03:14 -0500

There are tools that can run a brute-force attack on Winzip files even if
they are AES-256 encrypted.  However, the attack is slower than with a
traditionally encrypted .zip file and therefore only effective (in a
reasonable length of time) on short, simple and/or easily guessable
passwords.

I would not describe this as a weakness of Winzip, since virtually all
encryption programs would be similarly vulnerable including RAR and PGP disk
encryption.  The bottom line is if your password is weak strong crypto isn't
going to help.

Bob Weiss
President
Password Crackers, Inc.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Matthew Webster
Sent: Thursday, March 08, 2007 3:49 PM
To: pen-test
Subject: Winzip and Due Diligence

Folks,

   I was poking around on Google and noticed there are some tools for
cracking WinZip passwords.  Does anyone know whether or not these tools also
work on AES-256 encryption.  My question is academic from a due diligence
standpoint.  Technically WinZip is FIPS compliant, but if it can be cracked
easily, is this something we should really be recommending?

Thanks,

Matt



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=70160000
0008bOW
------------------------------------------------------------------------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault