Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!bu.edu!snorkelwacker.mit.edu!bloom-beacon!eru!kth.se!cyklop.nada.kth.se!news From: d88-jwa@cyklop.nada.kth.se (Jon W{tte) Newsgroups: comp.compression Subject: Re: Security of PKZIP's encryption Message-ID: Date: 31 Mar 91 19:01:08 GMT References: <1991Mar28.111130.1092@kcbbs> Sender: news@nada.kth.se (Mr News) Organization: Royal Institute of Technology, Stockholm, Sweden Lines: 32 In-reply-to: Peter_Gutmann@kcbbs.gen.nz's message of 28 Mar 91 11:11:30 GMT In article <1991Mar28.111130.1092@kcbbs> Peter_Gutmann@kcbbs.gen.nz (Peter Gutmann) writes: with no success). Anyway, about the PKZIP encryption: From memory this encrypts some short checksum using the CRC tables, which is then decrypted to check that the supplied password is correct. IMHO this is a major flaw, since it does away with the need for any sort of fancy attack on the encryption security (eg known plaintext). All you need to do is use the (very fast) encryption technique to do a brute-force attack on the checksum until the password drops out. One might argue that this can be good at some times. Word Perfect has an encryption scheme that uses XOR between the text and the data you enter as password. It took me one night of brute force to break three six-letter passwords for a bankruptcy investigation (though the E.O. that had encrypted hos illegal business letters might have lost his trust in computer security :-) It's always a trade-off between a) how important the data is if you forget the key b) speed and c) how long the information has to be secure. A) and C) obviously contradict each other... Hmm. Maybe followups should go to sci.crypt... h+@nada.kth.se Jon W{tte -- "The IM-IV file manager chapter documents zillions of calls, all of which seem to do almost the same thing and none of which seem to do what I want them to do." -- Juri Munkki in comp.sys.mac.programmer