Xref: utzoo comp.compression:202 sci.crypt:4416
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!elroy.jpl.nasa.gov!jarthur!nntp-server.caltech.edu!madler
From: madler@nntp-server.caltech.edu (Mark Adler)
Newsgroups: comp.compression,sci.crypt
Subject: Re: Security of PKZIP's encryption
Message-ID: <1991Apr3.070045.22296@nntp-server.caltech.edu>
Date: 3 Apr 91 07:00:45 GMT
References: <1991Mar26.150049.20882@athena.cs.uga.edu> <1991Apr2.070810.10812@maverick.ksu.ksu.edu> <1991Apr3.041950.20991@bellcore.bellcore.com>
Organization: California Institute of Technology, Pasadena
Lines: 21


>> At first glance, it doesn't look all that strong to me since all of
>> the operations appear to be linear.

Linear?  In what field?  I have an implementation of it in C if anyone
would like to take a crack at it (pun intended).  I have put some
thought into it (not much, but some), and I can't see how to reverse
the pseudo-random sequence, given the encrypted and the clear.

>> Although the PKZIP feature is fast
>> and convenient, when I want real security I encrypt the entire .ZIP
>> archive with DES.

Sounds pretty secure.  Then again, I'm not sure I'd trust any encryption
method that was approved by the NSA.  Especially since they will not say
how the various arbitrary-looking bit flipping was derived.

Is there any source out there for RSA encryption?

Mark Adler
madler@pooh.caltech.edu