Re: Utility to open WINZIP with AES encyption

On Feb 21, 9:50 pm, Sebastian Gottschalk <s...@xxxxxxxxx> wrote:
one-o wrote:
One-o wrote:

I use Winzip Pro 10.0.6698 and create standard archives with a ZIP
file extension which I send as an email attachment. I do not
create self- extracting EXE files as many company firewalls block
EXEs attached to emails.

On 20 Feb 2007, Sebastian Gottschalk <s...@xxxxxxxxx> wrote:

Of course, in terms of encryption this would be utterly stupid.

Please explain what you mean.

Presume an attacker which has the capability to change the file. He
attaches his own payload, which captures the password, unpacks the content
and modifies the target system to report this file without the payload,
then sends ou the captures password.

For sensitive data, I use either 128-bit AES or 256-bit AES
encryption in Winzip.

Nah, can't be that sensitive.

Actually it is.

No, it isn't, because the implementation in WinZip is well-known to be
broken. Thus, you might leak some data.

Actually according to NIST WinZip's AES implementation is FIPS 192