Slashdot Mirror
Attacking WinZip AES Encryption
bden writes "As another tidbit from Bruce Schneier's Crypto-Gram, remember back in
January when WinZip was Slashdotted for moving forward with its new
AES-based encryption technology? Everything sounded good
since we all knew that AES is secure, right? Well, a cryptographer
took a look at how WinZip uses AES and found lots of problems.
Regardless of how many people actually plan to use WinZip encryption, the lesson, according to Schneier, is that "cryptography is hard, and
simply using AES in a product does not magically make it secure."
So how can we distinguish between an application that simply uses
the right buzzwords, like AES, from an application that is actually
secure?"
Lqf#6Z5Q|LL5#DzGmL:$^!!AW8\wJE)hr{OMFm\\$^$]*mArkJ ^V!
:P
You know, I read the subject as The Following is encrypted using ASS....as in you're talking out of your ass!
Join the TWIT army now!
Wait for a cryptographer to analyze the product, then read about it on /.
We need 2048-bit buzzwords.
I just designed and submitted a corporate security infrastructure built solely on zipping everything. I guess it's time to get back to community security college.
Yes, like sendmail.
He then proceeded to explain how easily NTLM can be defeated in a brute force attack.
:)
Suddenly the students started listening and taking notes!!!
The NSA has no backdoors into Microsoft products.
Everyone here knows that the NSA is just a tool of Big Business.
Clearly you meant to say Microsoft has a backdoor into the NSA.
This issue is a bit more complicated than you think.
wait for those who know more than you to do the same, and read about it
The easy way to avoid having someone else break your encryption is to put some copyrite data in the files, then sue them into oblivion under the DMCA if anyone tries it:)