As I promised, here's my paper on breaking WinZip, to appear in the FSE 2001 proceedings.

http://www.accessdata.com/zipattacks.zip

Abstract. In [BK92] Biham and Kocher demonstrated that the PKZIP stream cipher was weak and presented an attack requiring thirteen bytes of known plaintext. The deflate algorithm “zippers” now use to compress the plaintext before encryption makes it difficult to get known plaintext. We consider the problem of reducing the amount of known plaintext by finding other ways to filter key guesses. In most cases we can reduce the amount of known plaintext from the archived file to two or three bytes, depending on the zipper used and the number of files in the archive. For the most popular zippers on the Internet, there is a fast attack that does not require any information about the files in the archive.

could you please provide this document in a format that can be read on non-win32 platforms and on win32 platforms without a full installation of MS Word/Office? both .pdf and .html would do the job. thanks.

hi

can u provide in html format ? i don't have word or others shits, btw i can't get the program for access data to work here i added 5 files put password on them and the program seens to get the passwd but didnt show do i hvae to be registered ?

tnx

Yeah, sorry about the format. The publisher required either TeX or Word, and I didn't know how to use the former when I wrote this. I'm converting it to TeX w/ .eps graphics now, including some corrections that the editors asked for. From there I can generate .ps and .pdf versions. I sent Tsehp an HTML version sans graphics and he's going to post it in the new essays section of the Fravia site. When I get the conversion done, I'll post again.

As for the demo proggy, it's version 4 of the toolkit. It only recovers 10-character passwords. We've been on version 5 for a while, but didn't want to get hacked so it's not on the site yet for downloading

If any of you can come up with a viable business model that includes open-sourcing the password cracking code, I'd love to hear it.

Here's zipped postscript. No figures yet.

http://www.accessdata.com/zipattacks.ps.zip

Einride/Phrozen Crew has made a zip cracker based on this known attack and it actually works very well.

PC ZipCrack 0.2b pc_zc02b.zip

They may have implemented Biham & Kocher's known-plaintext attack, but I doubt they implemented this one, since I discovered it! But I'd be interested in getting a copy of that, just to make sure. The only links I've found are dead. Can you mail it to me?

www.cs.oberlin.edu/students/mstay/PRTKHome.exe

This is AccessData's Password Recovery Toolkit with the WinZip Divide & Conquer attack, PKZip dictionary and PGP secret keyring dictionary attacks activated.

It'll open any WinZip with 5 or more files in about 2 hrs regardless of password length. Enjoy!

WARNING: 7.5 Megabytes!