Slashdot Mirror


Attacking WinZip AES Encryption

bden writes "As another tidbit from Bruce Schneier's Crypto-Gram, remember back in January when WinZip was Slashdotted for moving forward with its new AES-based encryption technology? Everything sounded good since we all knew that AES is secure, right? Well, a cryptographer took a look at how WinZip uses AES and found lots of problems. Regardless of how many people actually plan to use WinZip encryption, the lesson, according to Schneier, is that "cryptography is hard, and simply using AES in a product does not magically make it secure." So how can we distinguish between an application that simply uses the right buzzwords, like AES, from an application that is actually secure?"

6 of 227 comments (clear)

  1. First post! by Anonymous Coward · · Score: -1, Offtopic

    In soviet Russia AES Encryption Attacking WinZip is!

    1. Re:First post! by Anonymous Coward · · Score: -1, Offtopic

      My first FP, I'm so proud!!!1!!

  2. Re:The following is encrypted using AES by Anonymous Coward · · Score: -1, Offtopic
    Lqf#6Z5Q|LL5#DzGmL:$^!!AW8\wJE)hr{OMFm\\$^$]*mArkJ ^V!

    Frist Post?

  3. Re:is this a testament to today's computing power? by Q+Who · · Score: 0, Offtopic

    I took a class in cryptography last semester. The professor offered the best words of advice I ever heard in the subject: "Don't try to create new algorithms. We know how to do that already. What we have is secure. What you need to work on is the implementation. Just because something uses encryption, it is by no means secure."

    It wasn't a class in cryptography then. Topics in applied cryptography? Some mini-project?

  4. ffrist 5top by Anonymous Coward · · Score: -1, Offtopic
  5. Hidden encryption by Anonymous Coward · · Score: -1, Offtopic

    Whatever happened to *pizza* hiding encryption *beer* in data *fun* messages? I've always *lose clothes* thought that the best encryption *crazy* was that which no one *bombed* could see? I mean, *more beer* if you don't know it's *6 shots* there, then how can you *deck of cards* decipher it?