dilettante
MIS
I hope I chose the right forum.
I am trying to determine whether or not I can use Zip encryption for an application I have. My data is sensitive, but hardly at the "military secret" level. Please don't just blow this off right away, I realize what the "common sense" feeling is about Zip encryption.
I've done a lot of research on this (the digging through books, newsgroups, and the web type research, i.e. reading) and I have found a lot of bluster, some rumor, and a few facts.
Bluster:
It all comes down to this I'm afraid.
B1.) Standard Zip archive (PKZip) encryption is insecure. Use PGP (etc., etc.) instead.
Rumor (Fact?):
R1.) Some common file formats such as Word and WordPerfect documents contain fairly predictable header information. This can be used to create useful snippets of "plain compressed text." This generic compressed text is good enough to permit technique (F4.) below to be used if an archive contains documents of those types even without an unencrypted copy of the archived documents to work with.
Facts:
F1.) There are dictionary attacks against Zip passwords that are effective in cases of poorly-chosen (short, simple words, simple words concatenated) passwords.
F2.) There are brute-force attacks against Zip passwords that are effective in cases where passwords are short, were created from small alphabets (i.e. only lowercase letters), or are comprised of a known small range of lengths (i.e. password is known to be 7 to 10 characters long).
F3.) There is a special attack against WinZip-created encrypted Zip archives containing 4 or more files.
F4.) There are two (possibly really just one) "known plain-text" attacks against encrypted Zip archives that require somewhere from 10 to 20 bytes of the compressed, not yet encrypted text from a file in the archive.
F5.) There are several non-commerical Zip crackers floating around. Most specialize in technique (F1.) or (F2.) while a few implement (F3.) or (F4.) above.
F6.) There are several commercially available Zip crackers on the market. Some of these start by trying (F3.), then possibly to (F4.) assisted by (R1.). These may perhaps employ straight (F4.) if provided with appropriate plain-text file input. They also can use (F1.) often accepting custom dictionaries or able to use multiple dictionaries from the vendor. I believe the last resort is (F2.), sometimes allowing password-length ranges or alphabets to be specified.
In general the (F6.) products seem to have easy to use "auto" modes that take stabs at breaking the Zip file starting with quicker-when-they-work methods and then trying the progressively slower techniques. They probably all have "manual mode" operation allowing more tailoring of parameters and more input to the process.
I personally I have no experience with these products, but have done what research I can by reading product info and reviews, as well as scouring the sci.crypt newsgroup and others. I did DL and test a demo version of one product, but it was pretty sad and got noplace after 72 hours on a PII 350 machine running Win2K.
My Scenario:
So here is what I want to do. I have about 100 data files. These are ASCII text data, fixed-field and CSV type stuff. They compress pretty well, but they are large. All 100 after Zip compression are about 450MB in total, though individual files range from 200KB to 100MB each, compressed. No special document format, just text.
Each file is to be Zipped with encryption separately. WinZip will not be used, probably InfoZip's stuff based upon PKZip 2.04G and later but nothing "recent" from PKZip. Each archive will use a unique password. The passwords will be formed using ASCII characters from the standard printable set: 95 different symbols. Passwords will be generated randomly in lengths varying from 10 to 20 characters each.
The encrypted archives will be placed on an Internet-visible web site. The web site would require a user logon with user ID and password (not the Zip password). SSL would be used to cover the Basic Authentication of the logon. Each authorized user will be permitted to download only the archives they are supposed to have (generally only 1 archive). Downloading will also be via SSL.
Passwords (logon and encyption) will not be on the site, but distributed separately via snail mail or fax. No plain-text of the data will be on the web server or on other machines in the DMZ.
The user community will be comprised of anything from knowledgable computer users to clerical staff. The target platforms may vary from Macs or Windows PCs to Unix servers and mainframes. They are all outside of my organization. These are the reasons to choose Zip: ease of use, ubiquity, universality.
My Question:
Just how vulnerable is this data to interception and decryption?
I'm not concerned here with somebody getting access to machines on my internal network that might have some of the plain-text. No, I'm not blowing this off, I realize internal physical and logical security is very relevant to this application. I'm asking about Internet users getting at the stuff here though.
Clearly the web server security comes into play, but that was intended as simply another easy-to-add layer of security. For all intents and purposes I am asking about the Zip encryption itself.
I'd welcome any informed opinions. I might even consider sending someone a sample of dummy data "protected" as described if they want to invest the effort to show me how vulernable the scheme is.
I'd rather not wade through a lot of additional FUD as in (B1.) up above though. My own opinion right now is that commercial products rely on the WinZip vulnerability, possession of plain-text, and dict/brute attacks against poor passwords. A lot has been made of the fact that standard PKZip encryption was not export-resticted by the U.S. government. I'm not even certain that was true. In any case I assume that the reason it might not have been seen as a "threat" has more to do with typically poor password choices that can leave it vulnerable, combined with the "common knowledge" that it is insecure.
I am trying to determine whether or not I can use Zip encryption for an application I have. My data is sensitive, but hardly at the "military secret" level. Please don't just blow this off right away, I realize what the "common sense" feeling is about Zip encryption.
I've done a lot of research on this (the digging through books, newsgroups, and the web type research, i.e. reading) and I have found a lot of bluster, some rumor, and a few facts.
Bluster:
It all comes down to this I'm afraid.
B1.) Standard Zip archive (PKZip) encryption is insecure. Use PGP (etc., etc.) instead.
Rumor (Fact?):
R1.) Some common file formats such as Word and WordPerfect documents contain fairly predictable header information. This can be used to create useful snippets of "plain compressed text." This generic compressed text is good enough to permit technique (F4.) below to be used if an archive contains documents of those types even without an unencrypted copy of the archived documents to work with.
Facts:
F1.) There are dictionary attacks against Zip passwords that are effective in cases of poorly-chosen (short, simple words, simple words concatenated) passwords.
F2.) There are brute-force attacks against Zip passwords that are effective in cases where passwords are short, were created from small alphabets (i.e. only lowercase letters), or are comprised of a known small range of lengths (i.e. password is known to be 7 to 10 characters long).
F3.) There is a special attack against WinZip-created encrypted Zip archives containing 4 or more files.
F4.) There are two (possibly really just one) "known plain-text" attacks against encrypted Zip archives that require somewhere from 10 to 20 bytes of the compressed, not yet encrypted text from a file in the archive.
F5.) There are several non-commerical Zip crackers floating around. Most specialize in technique (F1.) or (F2.) while a few implement (F3.) or (F4.) above.
F6.) There are several commercially available Zip crackers on the market. Some of these start by trying (F3.), then possibly to (F4.) assisted by (R1.). These may perhaps employ straight (F4.) if provided with appropriate plain-text file input. They also can use (F1.) often accepting custom dictionaries or able to use multiple dictionaries from the vendor. I believe the last resort is (F2.), sometimes allowing password-length ranges or alphabets to be specified.
In general the (F6.) products seem to have easy to use "auto" modes that take stabs at breaking the Zip file starting with quicker-when-they-work methods and then trying the progressively slower techniques. They probably all have "manual mode" operation allowing more tailoring of parameters and more input to the process.
I personally I have no experience with these products, but have done what research I can by reading product info and reviews, as well as scouring the sci.crypt newsgroup and others. I did DL and test a demo version of one product, but it was pretty sad and got noplace after 72 hours on a PII 350 machine running Win2K.
My Scenario:
So here is what I want to do. I have about 100 data files. These are ASCII text data, fixed-field and CSV type stuff. They compress pretty well, but they are large. All 100 after Zip compression are about 450MB in total, though individual files range from 200KB to 100MB each, compressed. No special document format, just text.
Each file is to be Zipped with encryption separately. WinZip will not be used, probably InfoZip's stuff based upon PKZip 2.04G and later but nothing "recent" from PKZip. Each archive will use a unique password. The passwords will be formed using ASCII characters from the standard printable set: 95 different symbols. Passwords will be generated randomly in lengths varying from 10 to 20 characters each.
The encrypted archives will be placed on an Internet-visible web site. The web site would require a user logon with user ID and password (not the Zip password). SSL would be used to cover the Basic Authentication of the logon. Each authorized user will be permitted to download only the archives they are supposed to have (generally only 1 archive). Downloading will also be via SSL.
Passwords (logon and encyption) will not be on the site, but distributed separately via snail mail or fax. No plain-text of the data will be on the web server or on other machines in the DMZ.
The user community will be comprised of anything from knowledgable computer users to clerical staff. The target platforms may vary from Macs or Windows PCs to Unix servers and mainframes. They are all outside of my organization. These are the reasons to choose Zip: ease of use, ubiquity, universality.
My Question:
Just how vulnerable is this data to interception and decryption?
I'm not concerned here with somebody getting access to machines on my internal network that might have some of the plain-text. No, I'm not blowing this off, I realize internal physical and logical security is very relevant to this application. I'm asking about Internet users getting at the stuff here though.
Clearly the web server security comes into play, but that was intended as simply another easy-to-add layer of security. For all intents and purposes I am asking about the Zip encryption itself.
I'd welcome any informed opinions. I might even consider sending someone a sample of dummy data "protected" as described if they want to invest the effort to show me how vulernable the scheme is.
I'd rather not wade through a lot of additional FUD as in (B1.) up above though. My own opinion right now is that commercial products rely on the WinZip vulnerability, possession of plain-text, and dict/brute attacks against poor passwords. A lot has been made of the fact that standard PKZip encryption was not export-resticted by the U.S. government. I'm not even certain that was true. In any case I assume that the reason it might not have been seen as a "threat" has more to do with typically poor password choices that can leave it vulnerable, combined with the "common knowledge" that it is insecure.
