1993-08-03 - PKZIP Encryption is worthless

Header Data

From: nobody@pmantis.berkeley.edu
To: cypherpunks@toad.com
Message Hash: 32bc7a9660128bd3122fa4f8fb7b02c2dc8148f90eaed5ac6c172478235adc49
Message ID: <9308032211.AA21345@pmantis.berkeley.edu>
Reply To: N/A
UTC Datetime: 1993-08-03 22:11:41 UTC
Raw Date: Tue, 3 Aug 93 15:11:41 PDT

Raw message

From: nobody@pmantis.berkeley.edu
Date: Tue, 3 Aug 93 15:11:41 PDT
To: cypherpunks@toad.com
Subject: PKZIP Encryption is worthless
Message-ID: <9308032211.AA21345@pmantis.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


To the best of my knowledge, PKZip uses a simple Vigenere algorithm for its
encryption. There is a program called "zipcrack", widely available on BBSes,
that does cryptanalysis of encrypted PKZip files. The rumor is that the 
"zipcrack" program originated in Russia, but really, cryptanalysis of the stuff
that PK is using is relatively trivial.
 
There are many good implementations of DES, including Symantec's in the Norton
Utilities. You could also use PGP. But don't rely on PKZip to protect your 
privacy. That's not what it's designed for.
 
Note the reply-to address above if you wish to reply.





Thread