![]() Be random not contain any dictionary, common words or namesĤ. ![]() So with WinZip AES encryption, the password strength is the key aspect to the security of the encryption, therefore my own suggestion is for the following password rules provide a business level of strong encryption (Are you reading this HMRC?)Ģ. There is another attack which could be used which attack the AES encryption algorithm itself, however AES is so powerful at these sorts of bit lengths, that these sorts of attacks aren’t really a viable option for business security at the moment, and there certainly aren’t any known issues with AES, which used and approved by leading banks and the military, therefore I’m not going to go into further detail within this post. I previously posted about using PS3 to brute force passwords, as a PS3’s multi-thread type processor (which is used by the new generation of PCs), can try several combinations at the same time and therefore be very efficient for brute force attacks. The bad guys can increase their processing power by networking several computers and using them in tandem to reduce the time to find the password. The main factor to consider with the brute force attack is the processing power (the speed) of the computer trying the combinations. So I would say 8 character passwords just aren’t strong enough for WinZip AES password encryption. ![]() For every digit length of the password the longer it takes to brute force, so when I tried to brute force a 7 digit password it took several days and I think it would take a couple of months to crack an 8 digit password on my not so powerful home computer. I carried out some testing for this post on my home PC, I was able to crack a 6 digit password of a completely random upper case, lower case and numeric values in 1 hour 15 minutes (see image below). ![]() One of the password breaking attacks these bad guys use is a dictionary attack, which is as it sounds, tries regular words found in the dictionary, as well as commonly used passwords, usually the cracker (the bad guy), has his own specific database of commonly used and known passwords, so passwords like “Pa55word” are extremely weak and just doesn’t cut it.Īnother attack to crack WinZip passwords is a “Brute Force” attack this attack tries every single combination of characters possible e.g. Therefore complexity and strength of the password are “the” protection and weak point, as the bad guys have unlimited attempts at guessing and trying password combinations to decrypt the WinZip archive. The weakness in using WinZip AES encryption is it uses “Symmetric” encryption, which means it uses a single private password to encrypt and decrypt the Zip archive. The application provides the choice of several strengths (bit length – the longer the stronger), AES-128, AES-192 and AES-256, you may as well pick the strongest bit level AES-256, although AES-128 is currently strong enough to the do the job to industry best practice and standards. WinZip version 9 and above has the option to use an industry strength and NIST approved encryption algorithm, namely AES (Advance Encryption Protocol). Essentially data archived with WinZip version 8 or below, using “WinZip Encryption” with passwords of any strength can very easily be recovered. With WinZip encryption, it is important to understand older versions of WinZip, pre-version 9, uses its own proprietary encryption, which simply broken. So can WinZip do the job to encrypt sensitive data held on disks posted through public postal systems? Well, the answer is Yes, but only if used properly… ![]() Recently I have received several Emails asking about WinZip encryption, and specifically, whether it is good enough for business use, especially in light of the current climate of data breaches in the UK, where serious data breaches involving public information are announced almost on a weekly basis. Post Updated - See WinZip Encryption Password Security (2017) ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |