applenie
asked on
How secure the Winzip Password is?
1)is it possible for hackers to hack a winzip password?
2)if yes, then will the hacking process very complex or easy?
3) is it only those expert hackers able to hack the winzip password?
thanks
2)if yes, then will the hacking process very complex or easy?
3) is it only those expert hackers able to hack the winzip password?
thanks
1)Yes, it's possible to hack almost everything
2)It's imposible to decrypt a password of this kind (it's called one-hash encryption, some of the information used to encrypt it is lost during the procces), but there is always the simple 'brute-force' method.
3)Yes and No, Some 'crackers' have programmed utilities to make the 'brute-force' method automatic.
Winzip passwords are VERY secure... but, like any password, it will be securer if it's a good password...
The programs to hack a Winzip password use a Brute-Force Method (try, try and try... and then try, until the password is found).
So, if you use a password like 'john', it will be very easy to crack (few hours), besides, if you use a password like 'e3d$fx?25:bd@', it will be almost uncrackeable, this programs can take WEEKS to crack this kind of passwords.
I have tried to crack a password like this:
'http://www.geocities.com/mypage/', I let the programa try for 4 days, and didn't got it.
Hope this helps
-garisoain
2)It's imposible to decrypt a password of this kind (it's called one-hash encryption, some of the information used to encrypt it is lost during the procces), but there is always the simple 'brute-force' method.
3)Yes and No, Some 'crackers' have programmed utilities to make the 'brute-force' method automatic.
Winzip passwords are VERY secure... but, like any password, it will be securer if it's a good password...
The programs to hack a Winzip password use a Brute-Force Method (try, try and try... and then try, until the password is found).
So, if you use a password like 'john', it will be very easy to crack (few hours), besides, if you use a password like 'e3d$fx?25:bd@', it will be almost uncrackeable, this programs can take WEEKS to crack this kind of passwords.
I have tried to crack a password like this:
'http://www.geocities.com/mypage/', I let the programa try for 4 days, and didn't got it.
Hope this helps
-garisoain
As aluded to above, systems protected by passwords often are cracked because password guessing programs can first search through a pre-programmed list of common words. This gets about 30% of all passwords.
In some systems, including winzip, a password always hashes to the same value, so the word-list (or "dictionary") can be shipped pre-hashed. This makes it trivial to crack any password contained in the word-list.
So, if you use passwords that are not names, words, or simple variations of the above (J0hn will probably be in the list too), then you're OK. But if you use less then steller passwords, then you want something that's key based rather than password based. And in that case you probably want PGP or GPG (free implementation of PGP from GNU).
In some systems, including winzip, a password always hashes to the same value, so the word-list (or "dictionary") can be shipped pre-hashed. This makes it trivial to crack any password contained in the word-list.
So, if you use passwords that are not names, words, or simple variations of the above (J0hn will probably be in the list too), then you're OK. But if you use less then steller passwords, then you want something that's key based rather than password based. And in that case you probably want PGP or GPG (free implementation of PGP from GNU).
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Brute force is the main way into any one way hash. MS office however has some unique work arounds.
Office is another matter entirely...
This key is generated from the password
"VelvetSweatshop". What a nice
joke by Microsoft! Try to protect a MS Excel
workbook with this
password. The most surprising thing is that no
password is required to
open the document.
winzip is a good encryption- +12 chars are highly recommended- pgp is better than good, it's great. Use a 3rd party to encypher your files, and then do your home work on that 3rd party. Google ownz. MS goes out of their way for ease of use, and security is usually the last thing on their mind.
Office is another matter entirely...
This key is generated from the password
"VelvetSweatshop". What a nice
joke by Microsoft! Try to protect a MS Excel
workbook with this
password. The most surprising thing is that no
password is required to
open the document.
winzip is a good encryption- +12 chars are highly recommended- pgp is better than good, it's great. Use a 3rd party to encypher your files, and then do your home work on that 3rd party. Google ownz. MS goes out of their way for ease of use, and security is usually the last thing on their mind.
If you want more security for your files use winzip to compress and by all means keep the password but you might want to consider encryption using something like PGP.