Penetration Testing mailing list archives

Winzip and Due Diligence

From: Matthew Webster <awakenings () mindspring com>
Date: Thu, 8 Mar 2007 15:49:16 -0500 (GMT-05:00)

Folks,

   I was poking around on Google and noticed there are some tools for cracking WinZip passwords.  Does anyone know 
whether or not these tools also work on AES-256 encryption.  My question is academic from a due diligence standpoint.  
Technically WinZip is FIPS compliant, but if it can be cracked easily, is this something we should really be 
recommending?

Thanks,

Matt



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Current thread:

Winzip and Due Diligence Matthew Webster (Mar 09)
- Re: Winzip and Due Diligence Shreyas Zare (Mar 10)
  - Firewall testing tool - name forgotten ... Petr . Kazil (Mar 13)
    - RE: Firewall testing tool - name forgotten ... Clement Dupuis (Mar 14)
    - RE: Firewall testing tool - name forgotten ... Jeremiah Brott (Mar 14)
    - Re: Firewall testing tool - name forgotten ... David Jimenez (Mar 14)
    - Re: Firewall testing tool - name forgotten ... crazy frog crazy frog (Mar 18)
  - SAP Pen-testing - complexity - first ideas Petr . Kazil (Mar 13)
- RE: Winzip and Due Diligence Password Crackers, Inc. (Mar 10)