Solved

How secure the Winzip Password is?

Posted on 2001-07-19
5
1,894 Views
Last Modified: 2007-12-19
1)is it possible for hackers to hack a winzip password?

2)if yes, then will the hacking process very complex or easy?

3) is it only those expert hackers able to hack the winzip password?

thanks
0
Comment
Question by:applenie
5 Comments
 
LVL 19

Expert Comment

by:jools
ID: 6301325
I believe there are cracking tools for winzip passwords and it is likely that it'll be as easy as a mouse click.

If you want more security for your files use winzip to compress and by all means keep the password but you might want to consider encryption using something like PGP.

0
 
LVL 4

Expert Comment

by:garisoain
ID: 6303145
1)Yes, it's possible to hack almost everything
2)It's imposible to decrypt a password of this kind (it's called one-hash encryption, some of the information used to encrypt it is lost during the procces), but there is always the simple 'brute-force' method.
3)Yes and No, Some 'crackers' have programmed utilities to make the 'brute-force' method automatic.

Winzip passwords are VERY secure... but, like any password, it will be securer if it's a good password...

The programs to hack a Winzip password use a Brute-Force Method (try, try and try... and then try, until the password is found).

So, if you use a password like 'john', it will be very easy to crack (few hours), besides, if you use a password like 'e3d$fx?25:bd@', it will be almost uncrackeable, this programs can take WEEKS to crack this kind of passwords.

I have tried to crack a password like this:
'http://www.geocities.com/mypage/', I let the programa try for 4 days, and didn't got it.

Hope this helps
-garisoain
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6303856
As aluded to above, systems protected by passwords often are cracked because password guessing programs can first search through a pre-programmed list of common words.  This gets about 30% of all passwords.

In some systems, including winzip, a password always hashes to the same value, so the word-list (or "dictionary") can be shipped pre-hashed.  This makes it trivial to crack any password contained in the word-list.

So, if you use passwords that are not names, words, or simple variations of the above (J0hn will probably be in the list too), then you're OK.  But if you use less then steller passwords, then you want something that's key based rather than password based.  And in that case you probably want PGP or GPG (free implementation of PGP from GNU).
0
 
LVL 1

Accepted Solution

by:
tonimargiotta earned 50 total points
ID: 6336897
Also ...

I believe that ZIP passwords take less effort to brute force than some others, but if you make them long and complex enough as recommended above then this shouldn't be a problem.  I use zip with 12+ characters mixed case by putting two words together (easy to remember).

In theory, zip encrytpion is vulnerable to a known plaintext attack.  This means that if an attacker knows enough of the file content (say 40 characters) then he can crack the rest.  

In practice, I don't think the tools are around to carry out this theoretical attack on such small chunks of text - only to try the brute force.

I have seen one zip cracker that claims to be able to recover an encrypted file if you can provide a plaintext copy of another file that is protected with the same password.  I didn't try it.

End result is that as long as you are careful with how you choose and manage passwords ZIP should be more than adeqaute for normal personal/commercial communications.

0
 
LVL 2

Expert Comment

by:NEOsporin
ID: 7274915
Brute force is the main way into any one way hash. MS office however has some unique work arounds.
Office is another matter entirely...

This key is generated from the password
"VelvetSweatshop". What a nice
   joke by Microsoft! Try to protect a MS Excel
workbook with this
   password. The most surprising thing is that no
password is required to
   open the document.


winzip is a good encryption- +12 chars are highly recommended- pgp is better than good, it's great. Use a 3rd party to encypher your files, and then do your home work on that 3rd party. Google ownz. MS goes out of their way for ease of use, and security is usually the last thing on their mind.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How safe is emailing credit card information? 10 77
How do I remove / delete my personal information from a website? 9 91
md5 password 3 62
PCI compliance 16 33
The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
With healthcare moving into the digital age with things like Healthcare.gov, the digitization of patient records and video conferencing with patients, data has a much greater chance of being exposed than ever before.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question