|
|
|
Reviewing Quality of
Password Protection: Archivers |
Zip
ZIP archives allow setting passwords onto archives (moreover, each file
in an archive theoretically can have its own password). For its encryption
purposes, the application uses a home-made algorithm with a 96-bit key,
which runs very fast but doesn't provide due protection. In terms of security,
it has two major drawbacks: 1) The password validity check is very simple
and quick; therefore, searching passwords with Brute Force Attack goes
very fast (tens of millions of passwords per second). That means that
the password is to be longer than it normally is in order to ensure the
security. 2) It does allow the so-called Known Plain Text Attack. Suppose
you've got an archive with several files, and the archive is protected
with a password; moreover, as it normally happens, it is same for all
files in the archive. Suppose, one of the files contained in the password-protected
archive does not contain any secrets and remains unprotected. That makes
it possible to run the Known Plain Text Attack and within a very short
time span (a few hours in the worst case) recover the entire archive.
In some (rare enough) cases, the vulnerability for the Known Plain Text
Attack allows to recover the archive even if it doesn't have any files
in the open format. Such algorithm is implemented in Zip
Password. Thus, password protection in Zip archives is not as reliable
as it should be, although it's still not always possible to crack a password-protected
archive.
As the most popular ZIP archiver for Windows has been chosen WinZip.
Their implementation had an error that had allowed speeding up the
password search even further, and in certain special conditions - to
even guarantee the recovery of password-protected archives, regardless
of the password length.
That error was fixed in WinZip 8.0, and the subsequent versions of WinZip
have adopted AES-based encryption - such archives are truly reliable,
and if the password is long enough and is not a dictionary word-based,
it becomes literally impossible to crack such archives. However, this
protection method is a departure from the standard, and archives protected
this way can be opened with WinZip only. Further information: Zip
Password
WinRar
What took WinZip years to implement, Russian WinRar has demonstrated right
off: even the very first version of the archive offered quite an acceptable
quality of protection. And in the third version, the protection has been
strengthened even further, making perhaps the most powerful and competent
password protection among all popular programs. The only chance to crack
a password to a Rar archive is only if the password is very short (for
WinRar, even a four-character password will take considerable time) or
based upon a dictionary word. Further information: Rar
Password
< Previous
Page |
Continue to the next page >
Pages:
1
2
3
4 5
6
7
|
