If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
OT Encryption
How good is WinZip encryption?
How good as related to True Crypt? Any discussion of interest? --- news://freenews.netfront.net/ - complaints: --- |
Ads |
#2
|
|||
|
|||
OT Encryption
OldGuy wrote:
How good is WinZip encryption? How good as related to True Crypt? Any discussion of interest? This article says they use AES. http://www.winzip.com/aes_info.htm#comp-method http://en.wikipedia.org/wiki/Advance...ption_Standard And this article is slightly humorous, in that the word "cracked" is used, no matter the magnitude of the weakness found. The equivalent keylength here is only slightly shorter, so you don't have to stop using it or anything. http://www.theinquirer.net/inquirer/...yption-cracked The WinZip program implements the first and third one, but the "standard" defined allows all three AES optiom. Key size Salt size 128 bits 8 bytes --- WinZip supports 192 bits 12 bytes --- (defined in ZIP standard, WinZip decodes) 256 bits 16 bytes --- WinZip supports TrueCrypt has multiple methods. Some of which use a combination of AES plus a second method. http://en.wikipedia.org/wiki/Truecry...hic_algorithms "Cryptographic algorithms Individual algorithms supported by TrueCrypt are AES, Serpent, and Twofish. Additionally, five different combinations of cascaded algorithms are available: AES-Twofish, AES-Twofish-Serpent, Serpent-AES, Serpent-Twofish-AES and Twofish-Serpent. " And no, that doesn't make it better. You can actually weaken encryption by combining methods randomly, and each time you do something like that, it needs analysis. The TrueCrypt article mentions this site, some kind of project to actually audit what was done in the code. http://istruecryptauditedyet.com/ "Goals Conduct a public cryptanalysis and security audit of the TC 7.1a " Maybe in a few years, we'll know how good TrueCrypt is. Probably, a cryptographer can tell you right now, how good the theoretical approach is. An audit will examine the practical aspects (like, did anyone make mistakes in the implementation, that weaken or allow attacks other than theoretical ones). Maybe there's a user manual around for TrueCrypt somewhere, that delves into the choices the user should make. With broad sweeping statements about which method is best, and how much better it might be. If I want to break your WinZip encryption, it's probably faster for me to put a keylogger on your computer, and catch you typing the password :-) I don't think people interested in the contents of your WinZip, would choose to face it head on. It's easier to just steal the password, than to brute force it. You can now resume putting on a tinfoil hat :-) Paul |
#3
|
|||
|
|||
OT Encryption
On Mon, 11 Nov 2013 16:54:55 -0700, OldGuy wrote:
How good is WinZip encryption? How good as related to True Crypt? Any discussion of interest? For ANY encryption technique, I wouldn't hold my breath. Years ago in San Jose, CA at the ?? convention, it took the 'nerds' something like 22 hours to break the military's 'unbreakable' code. So, encryption is like locks on your doors, it keeps your friends out and slows the determined. |
#4
|
|||
|
|||
OT Encryption
Paul wrote :
OldGuy wrote: How good is WinZip encryption? How good as related to True Crypt? Any discussion of interest? This article says they use AES. http://www.winzip.com/aes_info.htm#comp-method http://en.wikipedia.org/wiki/Advance...ption_Standard And this article is slightly humorous, in that the word "cracked" is used, no matter the magnitude of the weakness found. The equivalent keylength here is only slightly shorter, so you don't have to stop using it or anything. http://www.theinquirer.net/inquirer/...yption-cracked The WinZip program implements the first and third one, but the "standard" defined allows all three AES optiom. Key size Salt size 128 bits 8 bytes --- WinZip supports 192 bits 12 bytes --- (defined in ZIP standard, WinZip decodes) 256 bits 16 bytes --- WinZip supports TrueCrypt has multiple methods. Some of which use a combination of AES plus a second method. http://en.wikipedia.org/wiki/Truecry...hic_algorithms "Cryptographic algorithms Individual algorithms supported by TrueCrypt are AES, Serpent, and Twofish. Additionally, five different combinations of cascaded algorithms are available: AES-Twofish, AES-Twofish-Serpent, Serpent-AES, Serpent-Twofish-AES and Twofish-Serpent. " And no, that doesn't make it better. You can actually weaken encryption by combining methods randomly, and each time you do something like that, it needs analysis. The TrueCrypt article mentions this site, some kind of project to actually audit what was done in the code. http://istruecryptauditedyet.com/ "Goals Conduct a public cryptanalysis and security audit of the TC 7.1a " Maybe in a few years, we'll know how good TrueCrypt is. Probably, a cryptographer can tell you right now, how good the theoretical approach is. An audit will examine the practical aspects (like, did anyone make mistakes in the implementation, that weaken or allow attacks other than theoretical ones). Maybe there's a user manual around for TrueCrypt somewhere, that delves into the choices the user should make. With broad sweeping statements about which method is best, and how much better it might be. If I want to break your WinZip encryption, it's probably faster for me to put a keylogger on your computer, and catch you typing the password :-) I don't think people interested in the contents of your WinZip, would choose to face it head on. It's easier to just steal the password, than to brute force it. You can now resume putting on a tinfoil hat :-) Paul Thanks. Where do I get tin foil? All I can find is aluminum foil. I that good enough? I did find gold foil at the art supply store. That looks nicer than any other foil. lol --- news://freenews.netfront.net/ - complaints: --- |
#5
|
|||
|
|||
OT Encryption
RobertMacy explained on 11/12/2013 :
On Mon, 11 Nov 2013 16:54:55 -0700, OldGuy wrote: How good is WinZip encryption? How good as related to True Crypt? Any discussion of interest? For ANY encryption technique, I wouldn't hold my breath. Years ago in San Jose, CA at the ?? convention, it took the 'nerds' something like 22 hours to break the military's 'unbreakable' code. So, encryption is like locks on your doors, it keeps your friends out and slows the determined. Understood. --- news://freenews.netfront.net/ - complaints: --- |
#6
|
|||
|
|||
OT Encryption
On 11/12/2013 9:04 AM, RobertMacy wrote:
On Mon, 11 Nov 2013 16:54:55 -0700, OldGuy wrote: How good is WinZip encryption? How good as related to True Crypt? Any discussion of interest? For ANY encryption technique, I wouldn't hold my breath. Years ago in San Jose, CA at the ?? convention, it took the 'nerds' something like 22 hours to break the military's 'unbreakable' code. So, encryption is like locks on your doors, it keeps your friends out and slows the determined. One of the most interesting OT encryption techniques that peaks my interests are those number stations on shortwave radio which has been going on since WWII. Ever heard of them? Pretty clever actually. Low frequency radio waves (shortwave) can reach around the world. They are hard to locate the transmission source. So you often don't know who is transmitting. Nor do you know where the intended receiver is at. And usually it is a short transmission of numbers. Which is supposed to be a coded form of words and instructions. Breaking the code is really tough. As it changes with each transmission and you don't even know what language it is supposed to be in to begin with. Heck it could be in more than one mixed into the code for all anybody knows? What makes this so fascinating is it has been going on for decades. And tracking down the sender and receiver are virtually impossible. And I never heard even once of anybody publicly claiming to crack one single transmission. Yet best of all, it is so low tech. -- Bill Gateway M465e ('06 era) - Thunderbird v12 Centrino Core2 Duo T7400 2.16 GHz - 4GB - Windows 8 Pro w/Media Center |
Thread Tools | |
Display Modes | |
|
|