Paper 2004/078

Analysis of the WinZip encryption method

Tadayoshi Kohno

Abstract

WinZip is a popular compression utility for Microsoft Windows computers, the latest version of which is advertised as having "easy-to-use AES encryption to protect your sensitive data." We exhibit several attacks against WinZip's new encryption method, dubbed "AE-2" or "Advanced Encryption, version two." We then discuss secure alternatives. Since at a high level the underlying WinZip encryption method appears secure (the core is exactly Encrypt-then-Authenticate using AES-CTR and HMAC-SHA1), and since one of our attacks was made possible because of the way that WinZip Computing, Inc.~decided to fix a different security problem with its previous encryption method AE-1, our attacks further underscore the subtlety of designing cryptographically secure software.

Metadata
Available format(s)
PDF PS
Category
Applications
Publication info
Published elsewhere. Unknown where it was published
Keywords
WinZipZipcompressionencryptionapplied cryptographyattackssecurity fixes.
Contact author(s)
tkohno @ cs ucsd edu
History
2004-05-09: last of 5 revisions
2004-03-14: received
See all versions
Short URL
https://ia.cr/2004/078
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2004/078,
      author = {Tadayoshi Kohno},
      title = {Analysis of the WinZip encryption method},
      howpublished = {Cryptology ePrint Archive, Paper 2004/078},
      year = {2004},
      note = {\url{https://eprint.iacr.org/2004/078}},
      url = {https://eprint.iacr.org/2004/078}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.