[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: password protection of a file

> > I guess you use very bad passwords, with any decent password it would
> > take you much more than a few seconds to find it.
>
> No, even with a password of
> ``oI9fBqNi6MVSXBu1TzCrkIKmh67R4+DcNB0OPERo9yaaHwUt/f7ytv4nLqZs'' (head -n 2
> /dev/urandom | uuencode -m - | head -n 2 | tail -n 1) it cracked the zip
> file in less than 1 sec.
>
> The problem isn't getting the password (like it is with salted md5/sha1
> breaking), but encryption collisions. The encryption algorithm used by zip
> is extremely weak, and there were *thousands* of 5 character passwords that
> have the exact same effect as the one above.

Can you prove it? I'm attaching a very small encrypted password with a very 
simple password. Please return to me the unzipped file.


begin 644 test.zip
M4$L#!!0`"0`(`,IX+S+%NAW/<P<``-4D```+`!4`;6EN:6-O;2YL;V=55`D`
M`XM-Z4'YIIY!57@$`.@#Z`/858J[XG+$Q8),G1<J,N3]A?EOP@'-,6M0A[;G
MDS7#A5@H\]`K^H6)4U"*U]?W#\ZNEJ!PAN^9)$WZ8=H1W^"5SV/YGW;]Q*DU
MU"*KC91#^Y5]\.(7*IUW*C\D-]DE_'2G=>8,6^\%L4C4WSPH>,,DR#(,A[,A
MQL.GTP7=;9)GSWS1['H#^=YF,\C9\43"DJXAS-Z9*G"04V3*XV3T2C\L@5Z,
M`B3!?+A8J/517&+.B\P=9BU*<.*RAN^:3/1L)#<JF>&?#AY[F*5[((UUR1N&
MU&30H]X<Y5^0%:'T3!PFP&9:L>6H`AP1]2('Q9<PSQ3:&PT9GN17%+CIEM'C
MWCE)[R,_"#>OI%:H<8#--*B7P9%5+<8(-8/E?-1-C6J&:;@5]S6TX!A.+@\[
M8;6MNVCRZZ?D$D6Q'AP"0R/-R70A863`<%?@+;JY6#+&R>OU7+BU.7'K2V.+
MWX9K[)Z+!P6I,R,*VM/5Z("Y(PB-LDB]173V/2R:?V9)'9\_L#$\4W%B+Q;!
M%S'RG..L3///OY!Y#)B>HI3AMRK4\!I7@W[#W(^&XUY2'RSI)/:KQQX!ZE`;
M6$:014:.M;Q9%^CQN5G2L^_2]LTO,6Z\(Z7=U[/X6`G'M>H6`=G\N.VF#2HO
ME-LV"&*$?Y`F,$"IE'G/T.OD";6',#^.WP++3B-0Z5,62;AER![8T'UH3?L2
MNBR^4V(G%$(.0ZRZ[:2J^76/7C;@6?)C!J2;%!3P*`YB*C)-U.@[.ZV;L0+\
ML9H,V52&7R/?T-C&VJ6V.=S1,\+!&](75UM[3.H;OL2DO/(Z`OX)J="Z0]38
MV/8J*(",)`@P^/)MT.JCL%NO/2K:+MYX;TA[!!C^[#KG<]"2$C2OL,P8]/6T
MK%VFV?#LRM(_7Z?JQQ?Q^@S;6Z^6.9U'''Y^5O"!6>KZW1+V8`6^KO,0&?@Z
MI?5<.;L,ZNJV0)QD"'1'YY+QN"0CIXB\_Y4_S<5'UYY>Q766&O:L/3V9]MTN
M#744_\2/;'_$J^`*=5\3W652Z6/C?:=W9]M'>3&GPM8$`P7^$,8YCE*=J=0A
ML#3_]K(!]I>&!3AY(DA,!:DL=(CGN;+YR-_C8:1G-_GJR-)^10F&EKE#KH5T
MT[ZOM"-?S"KQ,ON^''4G-(I1/CX=R$6TQ--HNO(+`NW'%^JY*C+:L)#?]VS,
M)NAR<X6PE!(A)U9F7!Q'`68\M,]_"@X:'CK@RUF[QN!V\S0FKF_Y++@T-EQ#
MM1Y@/Z?WQ)%^:RJL)%Z@+N?+LVTH\>POVS\KA8CV]XB2$[.[V.TP\\QZ!9SM
M6?#;PB3H/M05H[**X17WAX&4ZBT:X<NXF<WAHKJXLGNL:?6Z(.+_"8WE[DD`
M!@H/(,@]13T#[*=KJ/.TUIU39]F-P'U`=LCJ2<9)FF`69.1YY)*3CN`KQM%A
M1)97'"*DN@SK+O@.!U<YT#J<<5[BA7S_I8R*6PQAPE>#V/3+3(A=@6P/%XG9
MC7L(,&J;C+Q*(@-$2P;LV*L$C#0#`=&UZF/#$R44Z2+P)ZBO&@@.+($W'S"S
M<@V?AA&F-5G3$3*]ZRX2'M5IAPEEN5J<JG14YGNQ$9GFVG+<])O[-2@S+R[I
M;LT?#CJ(5D$"MWZ16$<J!I)"O5(YW`K5[C_TYD4W&+[A5Y7/`;"32U1W?F1$
M@>UI?MPHFXPR\@K*FH)2F>K1`N(813-AJ\%N[\S80QER7FJ&.(:NIK(\"9A5
MOA4FO..]F"@Z@L#+Q\\)ZH:->BY]8(IUP&+N'O\?Y%Y)T]4VTOK@,#2"&.ET
MP2B*DF#Q"/V..P43H+@FFVEY.VV,S57Y05EL-9.M?5R\!Q%JC!=)$K]LS#+J
M.ZN9?BM`^CEP;61:Z"^ZJ^WP6T($E_:B!@*4MSR=H0UTF[E^?4NHO_7@9+T(
MXFD+QI/>+"1^3(4>/EF#$D@%/<9`L00+_"V'9E&(#&DP[]JT0;[R,V0MY,ZZ
M70)*3-R"H78MU14':^*E3V!8_CY_ZW9B9I\0K@X@MF[Z+-PNLY.<KQ1#;$"J
MAF$V4+P/"\L/^J$L4A@9U#NX%0L<[NMDZIL-*/=T3G_G6EU%:/H,JOR.T1K0
MY98-3;ZW-%5AY9$G>X.7(_T9,^F&&>I25J:3@=+P6\-4?@*8K80&5658VJX.
MQ0<83(`/$C4B7DN40@\,F^LP2ND?XX36I<K`J5/WV<?Y@G[W2UFX^/.*Q_!Y
M4<(]'U4]Y6D\"7O:4BOV]@'_`:_NXA8-5/O":O;=G%Q._.F3WO"QSWF9@7LH
M^]I(3:%Z:&*)VS1HK?#]&1-@-G%#7]O2%U6$!L.13S75J[F1F-6X3**(G;@K
MO*/[[/!P=&X\5FX'$,_":J;K`='PKL_JDR%`.BA9N'G&D7$:Y6/LM:B*K_9@
M#!\@GAAETWKZ'D."B^DND1]01D]@C8$LMWKLXV)A=`0%4<GDYS/ZO:N.<_YP
MY.N#B-^>;QLPN#:P_^G%[^7BG_1UJ];"3[O*8A50;C+\K-V]`E:9OBS+E<D+
M>M4P)6UD&:B#06Y$!V=3,F42'T.YZ8_`S2_P253]UV`[)U!+!PC%NAW/<P<`
M`-4D``!02P$"%P,4``D`"`#*>"\RQ;H=SW,'``#5)```"P`-```````!````
MI($`````;6EN:6-O;2YL;V=55`4``XM-Z4%5>```4$L%!@`````!``$`1@``
'`,$'````````
`
end
Reply to: