Winzip and Due Diligence

From: Matthew Webster (awakenings@mindspring.com)
Date: Thu Mar 08 2007 - 15:49:16 EST

• Next message: Matthew Snider: "Re: The legal / illegal line?"
• Previous message: Javier Jarava: "RE: Windows XP salted hashed verification of domain passwords"
• Next in thread: Shreyas Zare: "Re: Winzip and Due Diligence"
• Reply: Shreyas Zare: "Re: Winzip and Due Diligence"
• Reply: Password Crackers, Inc.: "RE: Winzip and Due Diligence"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Folks,

   I was poking around on Google and noticed there are some tools for cracking WinZip passwords. Does anyone know whether or not these tools also work on AES-256 encryption. My question is academic from a due diligence standpoint. Technically WinZip is FIPS compliant, but if it can be cracked easily, is this something we should really be recommending?

Thanks,

Matt

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: Matthew Snider: "Re: The legal / illegal line?"
• Previous message: Javier Jarava: "RE: Windows XP salted hashed verification of domain passwords"
• Next in thread: Shreyas Zare: "Re: Winzip and Due Diligence"
• Reply: Shreyas Zare: "Re: Winzip and Due Diligence"
• Reply: Password Crackers, Inc.: "RE: Winzip and Due Diligence"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:38 EDT