View Single Post
  #52  
Old May 21st 17, 03:10 PM posted to rec.photo.digital
Diesel
external usenet poster
 
Posts: 346
Default Where I keep my spare cats.

gray_wolf
Sun, 21 May 2017 04:15:17 GMT in rec.photo.digital, wrote:

I thought all the big boys use .rar At least on the Usenet binary
groups. I also had a crypto man tell that a properly passworded
rar file was almost impossible to break. He said zip was very
insecure.


If your friend can crack AES256 bit, the NSA has a job opening for
him. As do many other organizations. And, I do use .rar for scene
distribution purposes, myself. But, that has nothing to do with this
subject.


https://www.stormfront.org/forum/t931854/

How secure is Winzip and Winrar encryption?

Both programs WinZip and WinRar use AES (Advanced Encryption
Standard) for encryption, when implemented correctly and in
conjunction with a long alphanumerical hard to guess passphrase, the
AES cipher is impossible to crack in a reasonable amount of time,
that means in your lifetime.

State sponsored agencies are also not able to crack a password
protected Zip or Rar file if this has been encrypted with a hard to
guess pass, the law of mathematics just like the law of physics, is
equal for everyone.

Recovering a password protected .zip or .rar file

The only known method to recover a forgotten password from a password
protected .zip or .rar file created using the latest WinZip and
WinRar versions, is to use a brute force attack. In a brute force
attack an automated software will use up all of the dictionary words
and run all of them attempting to match the file password.

Knowing if special characters and numbers were used in the
passphrase, as well as knowing the length of the password, is very
helpful while setting up the program to launch a brute force attack
against the encrypted .zip or .rar file.Cracking a .zip file
protected with encryption can take minutes, months or a hundred
years, depending on processing power and how hard to guess the
password is.

I have copies of various flavors of the passware kit, and, brute
forcing is the only viable option (which is a waste of time if the
key was properly created) if it's used against a modern .zip file.
The one I created is by no means a modern version, doesn't use AES
(that version of PKZIP didn't support it) and it has no password. so,
it's quite easy to unzip it.

Your friend needs to brush up on his/her knowledge.


--
I would like to apologize for not having offended you yet.
Please be patient. I will get to you shortly.