Attacking and repairing the winZip encryption scheme

25 October 2004

proceedings article
Published by Association for Computing Machinery (ACM)

p. 72-81
https://doi.org/10.1145/1030083.1030095

Abstract

WinZip is a popular compression utility for Microsoft Windows computers, the latest version of which is advertised as having "easy-to-use AES encryption to protect your sensitive data." We exhibit several attacks against WinZip's new encryption method, dubbed "AE-2" or "Advanced Encryption, version two." We then discuss secure alternatives. Since at a high level the underlying WinZip encryption method appears secure (the core is exactly Encrypt-then-Authenticate using AES-CTR and HMAC-SHA1), and since one of our attacks was made possible because of the way that WinZip Computing, Inc. decided to fix a different security problem with its previous encryption method AE-1, our attacks further underscore the subtlety of designing cryptographically secure software.

Keywords

This publication has 8 references indexed in Scilit:

Authenticated-encryption with associated-data
Published by Association for Computing Machinery (ACM) ,2002
How to decrypt or even substitute DES-encrypted messages in 228 steps
Information Processing Letters, 2002
Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG
Published by Springer Nature ,2002
Compression and Information Leakage of Plaintext
Published by Springer Nature ,2002
The Order of Encryption and Authentication for Protecting Communications (or: How Secure Is SSL?)
Published by Springer Nature ,2001
Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm
Published by Springer Nature ,2000
Encode-Then-Encipher Encryption: How to Exploit Nonces or Redundancy in Plaintexts for Efficient Cryptography
Published by Springer Nature ,2000
Agent Systems, Mobile Agents, and Applications
Published by Springer Nature ,2000