[15431] in cryptography@c2.net mail archive
Vulnerability in the WinZip implimentation of AES?
daemon@ATHENA.MIT.EDU (Dave Howe)
Tue May 25 15:38:48 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Dave Howe" <DaveHowe@gmx.co.uk>
To: "Email List: Cypherpunks" <cypherpunks@al-qaeda.net>,
"Email List: Cryptography" <cryptography@metzdowd.com>
Date: Mon, 17 May 2004 17:37:08 +0100
http://www.cse.ucsd.edu/users/tkohno/papers/WinZip/
Abstract: WinZip is a popular compression utility for Microsoft Windows
computers, the latest version of which is advertised as having
"easy-to-use AES encryption to protect your sensitive data." We exhibit
several attacks against WinZip's new encryption method, dubbed "AE-2" or
"Advanced Encryption, version two." We then discuss secure alternatives.
Since at a high level the underlying WinZip encryption method appears
secure (the core is exactly Encrypt-then-Authenticate using AES-CTR and
HMAC-SHA1), and since one of our attacks was made possible because of the
way that WinZip Computing, Inc.~decided to fix a different security
problem with its previous encryption method AE-1, our attacks further
underscore the subtlety of designing cryptographically secure software.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com