Zip 2.0 Encryption Scheme (Legacy)

Started by Stolas, November 19, 2012, 11:13:52 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Stolas

November 19, 2012, 11:13:52 AM Last Edit: November 19, 2012, 11:51:17 AM by Stolas
Hello Guys,

Currently I am doing a pentest for a small company.
They seem to find it smart to encrypt there data using zip files (instead of TrueCrypt or simulair software).

This is all fine and dandy if they want to do this, but they don't use the newest AES Encryption in ZIP.
But the Zip 2.0 (Legacy) Encryption.. Therefore I want to recommend that they fix this.

But as any pentester knows, you can't make claims without proof. Due to this I want to prove that these can be cracked easily.
So I've been googling about this plain text attack..

See:
http://www.securiteam.com/securitynews/5LP0A0096O.html

My question is, does anyone have these tools I can't seem to find them on the web.
If not I guess I'll have to reimplement the attack. (I know the header of the files thus enough bytes (%PDF-1.4 Magic ^^)

What do you guys recommend? Search for the tools or reimplement them? (I am kinda scared for scope creep thats why I am considering skipping the cracking and just recommending without proof).


[Edit: Found it]
http://www.unix-ag.uni-kl.de/~conrad/krypto/pkcrack/pkcrack-readme.html
Seems I need to adhere to the slogan of offencive security.. Try harder..
Whenever you think you can or can't your right.

ZEROF

#1
November 19, 2012, 05:36:59 PM
Hi man,

I liked your question and reponse :). Good share in same time. Nice to see our community members working around in security research.

Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*
Print
Go Up Pages1
User actions