Zip is a popular file format used for "lossless" compression of large files, like the little drawstring sack that can somehow contain your sleeping bag. ...I was that amateur cryptography. The attacks are described in this paper."The zip cipher was designed decades ago by an amateur cryptographer — the fact that it has held up so well is remarkable." But while some zip files can be cracked easily with off-the-shelf tools, The Guy wasn't so lucky.
That's partly why the work was priced so high. Newer generations of zip programs use the established and robust cryptographic standard AES, but outdated versions—like the one used in The Guy's case—use Zip 2.0 Legacy encryption that can often be cracked. The degree of difficulty depends on how it's implemented, though. "It’s one thing to say something is broken, but actually breaking it is a whole different ball of wax," says Johns Hopkins University cryptographer Matthew Green.
Update: You can view the DEFCON lecture on the crack on YouTube, or download the lecture and Q&A from the DEFCON site.
Wow! I didn't know that!
ReplyDeleteBest,
--Ajit