Winzip and Due Diligence

To:	pen-test <pen-test@securityfocus.com>
Subject:	Winzip and Due Diligence
From:	Matthew Webster <awakenings@mindspring.com>
Date:	Thu, 8 Mar 2007 15:49:16 -0500 (GMT-05:00)
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	pentest-list2@consult.net
Delivered-to:	mailing list pen-test@securityfocus.com
Delivered-to:	moderator for pen-test@securityfocus.com
Domainkey-signature:	a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=mindspring.com; b=SWjYUINapoO1SgvjV8+mGgG31kcvarMpSo4iniKfAB5dcfnox8WyFoJ8TVlMwlY/; h=Message-ID:Date:From:Reply-To:To:Subject:Mime-Version:Content-Type:Content-Transfer-Encoding:X-Mailer:X-ELNK-Trace:X-Originating-IP;
List-help:	<mailto:pen-test-help@securityfocus.com>
List-id:	<pen-test.list-id.securityfocus.com>
List-post:	<mailto:pen-test@securityfocus.com>
List-subscribe:	<mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list:	contact pen-test-help@securityfocus.com; run by ezmlm
Reply-to:	Matthew Webster <awakenings@mindspring.com>
Resent-date:	Fri, 9 Mar 2007 14:22:52 -0700 (MST)
Resent-from:	pen-test-return-1078483736@securityfocus.com
Resent-message-id:	<20070309212252.3678B245E41@outgoing3.securityfocus.com>
Resent-sender:	listbounce@securityfocus.com
Sender:	listbounce@securityfocus.com

Folks,

   I was poking around on Google and noticed there are some tools for cracking 
WinZip passwords.  Does anyone know whether or not these tools also work on 
AES-256 encryption.  My question is academic from a due diligence standpoint.  
Technically WinZip is FIPS compliant, but if it can be cracked easily, is this 
something we should really be recommending?

Thanks,

Matt



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
Winzip and Due Diligence, Matthew Webster <= Re: Winzip and Due Diligence, Shreyas Zare Firewall testing tool - name forgotten ..., Petr . Kazil RE: Firewall testing tool - name forgotten ..., Clement Dupuis RE: Firewall testing tool - name forgotten ..., Jeremiah Brott Re: Firewall testing tool - name forgotten ..., David Jimenez Re: Firewall testing tool - name forgotten ..., crazy frog crazy frog SAP Pen-testing - complexity - first ideas, Petr . Kazil RE: Winzip and Due Diligence, Password Crackers, Inc.

Previous by Date:	RE: Windows XP salted hashed verification of domain passwords, Javier Jarava
Next by Date:	Re: The legal / illegal line?, Matthew Snider
Previous by Thread:	Info about Pen Testing, Gerrit @ DeadSet Internet Technologies
Next by Thread:	Re: Winzip and Due Diligence, Shreyas Zare
Indexes:	[Date] [Thread] [Top] [All Lists]