Re: Self Decrypting Archive Freeware?

From: Paul Rubin (//phr.cx_at_NOSPAM.invalid)
Date: 04/29/05 

Date: 28 Apr 2005 18:40:51 -0700

Jean-Luc Cooke <jlcooke@engsoc.org> writes:
> Windows .EXEs prompt for password. Password is salted, and passed
> through 2^16 iterations of the hash function. Encryption uses CTR mode.
> Try it out, see if you like it. I'd welcome comments.

What about authentication? Is there none? You know what a silly idea
THAT is. Is there some? In that case, you expect the file may have
been tampered with by an attacker. Are you REALLY telling your
customers to run .exe's that they think might have been concocted by
attackers?

Self decrypting archive = bad, bad, bad.

Relevant Pages

  • Re: Encrypted containers
    ... security (as long as the output of the hash function is as large as ... encryption, but storing it encrypted with user's password, not as ... but you can safely use a simple XOR cipher in this case. ... The attacker does not know the password Q, but he might know H, ...
    (comp.os.linux.security)
  • Vulnerability in encrypted loop device for linux
    ... An attacker is able to modify the content of the encrypted device ... considered a aim of the encryption mode, so most modes (e.g. ECB, CFB, ... As we need to authenticate the device across mounts and not while it is ... It slows down mount operations but they are ...
    (Bugtraq)
  • [UNIX] Vulnerability in Encrypted Loop Device for Linux
    ... Encrypting a disk device aims to protect against an off-line attacker who ... The encryption mode used by encrypted loop device is CBC. ... We propose 2 types of fixes: one that authenticate at mount time (see ...
    (Securiteam)
  • Re: Question about rsync
    ... The most important aspect of security is improving your weakest links - when you are at the stage that the easiest methodof attack is physical, or personal, then your job as IT security is pretty much done. ... It makes sense to take easy steps to increase security if you can - an attacker might not have the same opinion about the easiest methodof attack as you. ... but it contains information about an algorithm aimed precisely at transferring only those parts of a file that have changed. ... So unless you are doing a backup of a nuclear missile design, encryption on an rsync backup will only make a realistic difference if your network topology is such that the traffic is accessible by more people. ...
    (comp.os.linux.networking)
  • Re: How good an encryption algorithm is this?
    ... in the scenario I described. ... which the attacker gets her hands on that data. ... It's the fact that your algorithm makes it fairly easy to deduce the key ... And don't forget that you started by asking "How good an encryption ...
    (microsoft.public.dotnet.languages.csharp)