Slashdot Mirror


Attacking WinZip AES Encryption

bden writes "As another tidbit from Bruce Schneier's Crypto-Gram, remember back in January when WinZip was Slashdotted for moving forward with its new AES-based encryption technology? Everything sounded good since we all knew that AES is secure, right? Well, a cryptographer took a look at how WinZip uses AES and found lots of problems. Regardless of how many people actually plan to use WinZip encryption, the lesson, according to Schneier, is that "cryptography is hard, and simply using AES in a product does not magically make it secure." So how can we distinguish between an application that simply uses the right buzzwords, like AES, from an application that is actually secure?"

3 of 227 comments (clear)

  1. How to tell if a product is secure. by teasea · · Score: 5, Funny

    Wait for a cryptographer to analyze the product, then read about it on /.

  2. stronger encryption by Anonymous Coward · · Score: 5, Funny

    We need 2048-bit buzzwords.

  3. Re:Simple by Anonymous Coward · · Score: 5, Funny

    Yes, like sendmail.