Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CCS
2004
ACM
2004
ACM
Attacking and repairing the winZip encryption scheme
WinZip is a popular compression utility for Microsoft Windows computers, the latest version of which is advertised as having “easy-to-use AES encryption to protect your sensitive data.” We exhibit several attacks against WinZip’s new encryption method, dubbed “AE-2” or “Advanced Encryption, version two.” We then discuss secure alternatives. Since at a high level the underlying WinZip encryption method appears secure (the core is exactly Encryptthen-Authenticate using AES-CTR and HMAC-SHA1), and since one of our attacks was made possible because of the way that WinZip Computing, Inc. decided to fix a different security problem with its previous encryption method AE1, our attacks further underscore the subtlety of designing cryptographically secure software. Categories and Subject Descriptors D.4 [Operating Systems]: Security and Protection; E.3 [Data Encryption]: Code Breaking; H.3 [Information Storage and Retrieval]: General. General Terms Security. Keywords WinZip, Zi...
Real-time TrafficCCS 2004 | Easy-to-use Aes Encryption | Encryption Method | Security Privacy | WinZip Encryption Method |
| Added | 01 Jul 2010 |
| Updated | 01 Jul 2010 |
| Type | Conference |
| Year | 2004 |
| Where | CCS |
| Authors | Tadayoshi Kohno |
Comments (0)
Researcher Info
|
