Sciweavers

CCS
2004
ACM

Attacking and repairing the winZip encryption scheme

14 years 5 months ago
Attacking and repairing the winZip encryption scheme
WinZip is a popular compression utility for Microsoft Windows computers, the latest version of which is advertised as having “easy-to-use AES encryption to protect your sensitive data.” We exhibit several attacks against WinZip’s new encryption method, dubbed “AE-2” or “Advanced Encryption, version two.” We then discuss secure alternatives. Since at a high level the underlying WinZip encryption method appears secure (the core is exactly Encryptthen-Authenticate using AES-CTR and HMAC-SHA1), and since one of our attacks was made possible because of the way that WinZip Computing, Inc. decided to fix a different security problem with its previous encryption method AE1, our attacks further underscore the subtlety of designing cryptographically secure software. Categories and Subject Descriptors D.4 [Operating Systems]: Security and Protection; E.3 [Data Encryption]: Code Breaking; H.3 [Information Storage and Retrieval]: General. General Terms Security. Keywords WinZip, Zi...
Tadayoshi Kohno
Added 01 Jul 2010
Updated 01 Jul 2010
Type Conference
Year 2004
Where CCS
Authors Tadayoshi Kohno
Comments (0)