OT Encryption

How good is WinZip encryption?

How good as related to True Crypt?

Any discussion of interest?



--- news://freenews.netfront.net/ - complaints: ---

OldGuy wrote:
How good is WinZip encryption?

How good as related to True Crypt?

Any discussion of interest?


This article says they use AES.

http://www.winzip.com/aes_info.htm#comp-method

http://en.wikipedia.org/wiki/Advance...ption_Standard

And this article is slightly humorous, in that the
word "cracked" is used, no matter the magnitude of the
weakness found. The equivalent keylength here is
only slightly shorter, so you don't have to stop
using it or anything.

http://www.theinquirer.net/inquirer/...yption-cracked

The WinZip program implements the first
and third one, but the "standard" defined
allows all three AES optiom.

Key size Salt size
128 bits 8 bytes --- WinZip supports
192 bits 12 bytes --- (defined in ZIP standard, WinZip decodes)
256 bits 16 bytes --- WinZip supports

TrueCrypt has multiple methods. Some of which
use a combination of AES plus a second method.

http://en.wikipedia.org/wiki/Truecry...hic_algorithms

"Cryptographic algorithms

Individual algorithms supported by TrueCrypt are
AES, Serpent, and Twofish. Additionally, five different
combinations of cascaded algorithms are available:
AES-Twofish, AES-Twofish-Serpent, Serpent-AES,
Serpent-Twofish-AES and Twofish-Serpent.
"

And no, that doesn't make it better. You can actually
weaken encryption by combining methods randomly, and each
time you do something like that, it needs analysis.

The TrueCrypt article mentions this site, some
kind of project to actually audit what was done
in the code.

http://istruecryptauditedyet.com/

"Goals

Conduct a public cryptanalysis and security audit of the TC 7.1a
"

Maybe in a few years, we'll know how good TrueCrypt is.
Probably, a cryptographer can tell you right now,
how good the theoretical approach is. An audit will
examine the practical aspects (like, did anyone
make mistakes in the implementation, that weaken
or allow attacks other than theoretical ones).

Maybe there's a user manual around for TrueCrypt
somewhere, that delves into the choices the
user should make. With broad sweeping statements
about which method is best, and how much better
it might be.

If I want to break your WinZip encryption, it's probably
faster for me to put a keylogger on your computer, and
catch you typing the password :-) I don't think people
interested in the contents of your WinZip, would
choose to face it head on. It's easier to just
steal the password, than to brute force it.

You can now resume putting on a tinfoil hat :-)

Paul

On Mon, 11 Nov 2013 16:54:55 -0700, OldGuy wrote:

How good is WinZip encryption?

How good as related to True Crypt?

Any discussion of interest?


For ANY encryption technique, I wouldn't hold my breath.

Years ago in San Jose, CA at the ?? convention, it took the 'nerds'
something like 22 hours to break the military's 'unbreakable' code.

So, encryption is like locks on your doors, it keeps your friends out and
slows the determined.

Paul wrote :
OldGuy wrote:
How good is WinZip encryption?

How good as related to True Crypt?

Any discussion of interest?


This article says they use AES.

http://www.winzip.com/aes_info.htm#comp-method

http://en.wikipedia.org/wiki/Advance...ption_Standard

And this article is slightly humorous, in that the
word "cracked" is used, no matter the magnitude of the
weakness found. The equivalent keylength here is
only slightly shorter, so you don't have to stop
using it or anything.

http://www.theinquirer.net/inquirer/...yption-cracked

The WinZip program implements the first
and third one, but the "standard" defined
allows all three AES optiom.

Key size Salt size
128 bits 8 bytes --- WinZip supports
192 bits 12 bytes --- (defined in ZIP standard, WinZip decodes)
256 bits 16 bytes --- WinZip supports

TrueCrypt has multiple methods. Some of which
use a combination of AES plus a second method.

http://en.wikipedia.org/wiki/Truecry...hic_algorithms

"Cryptographic algorithms

Individual algorithms supported by TrueCrypt are
AES, Serpent, and Twofish. Additionally, five different
combinations of cascaded algorithms are available:
AES-Twofish, AES-Twofish-Serpent, Serpent-AES,
Serpent-Twofish-AES and Twofish-Serpent.
"

And no, that doesn't make it better. You can actually
weaken encryption by combining methods randomly, and each
time you do something like that, it needs analysis.

The TrueCrypt article mentions this site, some
kind of project to actually audit what was done
in the code.

http://istruecryptauditedyet.com/

"Goals

Conduct a public cryptanalysis and security audit of the TC 7.1a
"

Maybe in a few years, we'll know how good TrueCrypt is.
Probably, a cryptographer can tell you right now,
how good the theoretical approach is. An audit will
examine the practical aspects (like, did anyone
make mistakes in the implementation, that weaken
or allow attacks other than theoretical ones).

Maybe there's a user manual around for TrueCrypt
somewhere, that delves into the choices the
user should make. With broad sweeping statements
about which method is best, and how much better
it might be.

If I want to break your WinZip encryption, it's probably
faster for me to put a keylogger on your computer, and
catch you typing the password :-) I don't think people
interested in the contents of your WinZip, would
choose to face it head on. It's easier to just
steal the password, than to brute force it.

You can now resume putting on a tinfoil hat :-)

Paul

Thanks.

Where do I get tin foil?
All I can find is aluminum foil. I that good enough?
I did find gold foil at the art supply store.
That looks nicer than any other foil.

lol



--- news://freenews.netfront.net/ - complaints: ---

RobertMacy explained on 11/12/2013 :
On Mon, 11 Nov 2013 16:54:55 -0700, OldGuy wrote:

How good is WinZip encryption?

How good as related to True Crypt?

Any discussion of interest?


For ANY encryption technique, I wouldn't hold my breath.

Years ago in San Jose, CA at the ?? convention, it took the 'nerds' something
like 22 hours to break the military's 'unbreakable' code.

So, encryption is like locks on your doors, it keeps your friends out and
slows the determined.

Understood.



--- news://freenews.netfront.net/ - complaints: ---

On 11/12/2013 9:04 AM, RobertMacy wrote:
On Mon, 11 Nov 2013 16:54:55 -0700, OldGuy wrote:

How good is WinZip encryption?

How good as related to True Crypt?

Any discussion of interest?


For ANY encryption technique, I wouldn't hold my breath.

Years ago in San Jose, CA at the ?? convention, it took the 'nerds'
something like 22 hours to break the military's 'unbreakable' code.

So, encryption is like locks on your doors, it keeps your friends out
and slows the determined.

One of the most interesting OT encryption techniques that peaks my
interests are those number stations on shortwave radio which has been
going on since WWII. Ever heard of them?

Pretty clever actually. Low frequency radio waves (shortwave) can reach
around the world. They are hard to locate the transmission source. So
you often don't know who is transmitting. Nor do you know where the
intended receiver is at. And usually it is a short transmission of
numbers. Which is supposed to be a coded form of words and instructions.

Breaking the code is really tough. As it changes with each transmission
and you don't even know what language it is supposed to be in to begin
with. Heck it could be in more than one mixed into the code for all
anybody knows?

What makes this so fascinating is it has been going on for decades. And
tracking down the sender and receiver are virtually impossible. And I
never heard even once of anybody publicly claiming to crack one single
transmission. Yet best of all, it is so low tech.

--
Bill
Gateway M465e ('06 era) - Thunderbird v12
Centrino Core2 Duo T7400 2.16 GHz - 4GB - Windows 8 Pro w/Media Center