Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sun-barr!olivea!mintaka!bloom-beacon!eru!hagbard!sunic!mcsun!inesc!unl!unl!jpc From: jpc@fct.unl.pt (Jose Pina Coelho) Newsgroups: comp.binaries.ibm.pc.d Subject: Re: Why are McAffee Antivirals repacked using ZOO? Message-ID: Date: 9 May 91 10:32:04 GMT References: <1042@iiasa.UUCP> Sender: news@fct.unl.pt (USENET News System) Distribution: comp Organization: Universidade Nova de Lisboa -- Lisbon, Portugal Lines: 44 In-Reply-To: wnp@iiasa.AT's message of 29 Apr 91 07:34:35 GMT In article <1042@iiasa.UUCP> wnp@iiasa.AT (Wolf PAUL ) writes: > Because it is C.B.I.P. policy to package all postings in ZOO format. > ZOO has the advantage of being fully functional in a wider range of > hardware/software environments (including UNIX on practically any CPU) > than ZIP or any of the other PC Archivers. It is available in source > and is FREEWARE rather than Shareware. Yes, I like to check CRC's right on the UNIX machine, (after all my DOS machine is five miles away). > Anyway, how could any option to an archiver really guard against > tampering? All you would have to do is unpack them (w/ pkunzip), > tamper with them, and repack them (w/ zip -av), and you would be none > the wiser. Put it does, when you register under a certain name, PKware takes that name an generates a KEY, that will be your key. When you pack things with -av you give both the name and the key. When somebody extracts the files, there is only the name and the cripted file. It's a plain problem of public keys. There is a public key: MacAfee Associates There is a private key: WhatDoIKnow ? The zip file carries only the public key. PKunzip can from the file and the public key check if a file has the correct crc. You can't from the public key and the cripted file guess what the private key. The time and effort necessary to break the system would be quite superior to the one necessary to make a fake pkunzip that would pretend to confirm the safeness of the zip file. -- Jose Pedro T. Pina Coelho | BITNET/Internet: jpc@fct.unl.pt Rua Jau N 1, 2 Dto | UUCP: ...!mcsun!unl!jpc 1300 Lisboa, PORTUGAL | Home phone: (+351) (1) 640767 - If all men were brothers, would you let one marry your sister ?