It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

NSA says Use Winzip to Encrypt your files!

page: 1
2

log in

join
share:

posted on Jul, 14 2009 @ 09:22 AM
link   
I thought this was interesting. Apparently the NSA advises to use...winzip to encrypt it's files.




WinZip is a popular file compression program for Windows users. WinZip versions 9.0 and higher also offer file encryption with AES using a 128-bit or 256-bit key derived from a user-entered password. An evaluation of file encryption with WinZip versions 10.0 and 11.0 resulted in the recommendations for use listed below.
Files within a WinZip encrypted archive are protected on a removable medium that contains only the encrypted archive. Files within a WinZip encrypted archive are protected when the archive is attached to an email. Any computer where the contents
of a WinZip encrypted archive have been viewed or extracted will contain copies of the decrypted files in memory.


NSA PDF

Erm...is this Really the best that is being used by US Government to encrypt their files?




posted on Jul, 14 2009 @ 09:36 AM
link   
It's not what they use, it's what they want you to use!


And what about us Mac users?



posted on Jul, 14 2009 @ 09:41 AM
link   
SUre, it's a lot easier to bust winzip passwords than many other programs. Of course they want YOU to use winzip, it's easier for them to get into your files.



posted on Jul, 14 2009 @ 09:42 AM
link   
see, they're running out of disk space from all their snooping, so they want you to compress the data, so they can spend their processor time on more important stuff, like cracking real code rather than zipping terabytes every hour.

i mean why not find a simple explanation?


[edit on 2009.7.14 by Long Lance]



posted on Jul, 14 2009 @ 09:59 AM
link   

Originally posted by Long Lance
see, they're running out of disk space from all their snooping, so they want you to compress the data, so they can spend their processor time on more important stuff, like cracking real code rather than zipping terabytes every hour.

i mean why not find a simple explanation?


[edit on 2009.7.14 by Long Lance]


lol
and in other words, they have just developed winUNzip. Or maybe this was a memo intended for the military?? "Encryption?? You mean it's not enough to rename it '12345.pdf' and cleverly hide it in the drivers folder??"



posted on Jul, 14 2009 @ 01:27 PM
link   
This thread is a monument to ignorance of encryption techniques.



posted on Jul, 15 2009 @ 03:59 AM
link   

Originally posted by trace_the_truth
This thread is a monument to ignorance of encryption techniques.



Q: how much of a decryption effort does it take to unlock something you have the code for?? the only wy to be sure of your encryption would be to write your own - in assembler, because you can't trust the compiler.

if you're really serious about encryption, use a one time pad and ffs, do it manually. history is littered with people and nations whose trust in their automated encryption techniques proved unfounded.

PS: i wouldn't file under 'ignorance', but rather 'carelessness'.

[edit on 2009.7.15 by Long Lance]



posted on Jul, 15 2009 @ 05:03 AM
link   
Well if it's just to keep common people snooping I'd suggest winrar at least then you can't even tell whats in the archive as far as I know if you pass protect zip files you can still observe the contents until you try to extract although you could go to the extreme and use something like freearc.

For serious encryption I don't think you can really rely on anything commercial when it comes to governments the best it's going to do is keep common people out If I had to give any serious advice it would be opensource checking the code and compiling yourself.

Unless your an organisation trying to keep secrets from competitors there's probably no need to worry to much about it though although winzip could easily be cracked by anyone if they wanted.



posted on Jul, 15 2009 @ 05:20 AM
link   
WinZip? Har har har har..

I'm just an average Joe and I don't even use WinZip. Honestly, why would the Government think WinZip was a good encrypting tool?



posted on Jul, 15 2009 @ 04:35 PM
link   

Originally posted by Nventual
WinZip? Har har har har..

I'm just an average Joe and I don't even use WinZip. Honestly, why would the Government think WinZip was a good encrypting tool?


It's not WinZip, but the type of the encryption that it uses which is the focus. When most people think of cracking encryption they are thinking of brute force or dictionary attacks. These types of attacks rely on the user using a simple to guess password. However, if you used a password such as: 1jklsDfkL6%$63kFd9S034@$23kfsd034, which is 33 (r) characters or a possible 62 (n) chars (26 capital, 26 lowercase, 10 special chars).

Keep in mind that the "full strength" of AES 256-bit is considered TWICE (-1) as many characters as the above while reading the HUGE numbers below.

So, you have 62^33 (n^r) which is the amount of permutations you'd have to go through:

14,090,478,900,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 possible permutations.

Assuming that you had to go through ALL of them, and that the very last one was the real password. If each guess took 1/1,000,000,000 (1 billion tries a second)..

That's: 0.000000001 * 14,090,478,900,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000

It would take

01,409,047,890,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 seconds to arrive at the final guess.

So, that's.

4,465,098,690,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 years.

and... The estimated age of the universe is only

14,500,000,000 years.

So, it would take

30,793,784,100,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 times the age of our universe to crack our complex password.

So you should all be able to see clearly why computation cracking of complex passwords is not impossible, but is entirely impractical with our current and future processing power for some time to come.

AND there are no known cryptanalytic methods which can break AES faster than brute forcing.

AND considering that the AES algorithm is PUBLICLY available... why is it that only the big bad government would be the only one to figure it out?

EVEN if you could brute force at yottahertz speed, which is ONE TRILLION GIGAHERTZ, i'll skip the math. It would take:

44,650,986,900,000,000,000,000,000,000,000,000,000,000,000,000,000,000 years!

Again, the universe is only 14,500,000,000,000 years.

The fastest processor in the world as of two months ago operates at the equivalent of
12.8 Ghz and that isn't at all dedicated to cracking passwords.

FACT: Our sun will explode before even a quantum computer could brute force the above password.

Even if you can imagine that the government has a 1,000,000,000,000 Ghz processor, it doesn't matter unless some jackass used an idiotic password like "solarsail".

Like another user said, ONLY the one time pad is theoretically unbreakable, and it's nearly impossible to implement in a real world situation since it has to be truly random.

So, brute force is a waste of time. If someone is idiotic enough to use a password that can be forced in under a lifetime, then you can probably just send them an PM claiming to be an alien who needs their password to save the world.



posted on Jul, 15 2009 @ 05:54 PM
link   
Do a google search for "Winzip password file cracking". WinZip has many backdoors, and as a computer programmer, I would never use winzip.

About 7 years ago I used winzip to protect my files and I had forgotten the password, then 3 years ago I cracked the password using a free download program and cracked the file in under 2 minutes.

Best bet is to use Linux OS, the NWO elites know nothing about Linux.

[edit on 15-7-2009 by BugByte]



posted on Jul, 15 2009 @ 06:23 PM
link   

Originally posted by BugByte
Do a google search for "Winzip password file cracking". WinZip has many backdoors, and as a computer programmer, I would never use winzip.

About 7 years ago I used winzip to protect my files and I had forgotten the password, then 3 years ago I cracked the password using a free download program and cracked the file in under 2 minutes.

Best bet is to use Linux OS, the NWO elites know nothing about Linux.

[edit on 15-7-2009 by BugByte]


Winzip wasn't using the AES encryption standard back then! Winzip was using a highly ineffective algorithm.

You're either deliberately ignoring this fact, or you're just being ignorant.

... and considering that Linux today still uses AES to encrypt files...

I must say that you have no idea what you are talking about.

The simple fact is that NOBODY, ANYWHERE, EVER, IN THE HISTORY OF OUR EARTH has broken AES encryption by any means other than brute forcing IDIOTIC PASSWORDS that consist of easy to guess/force passwords.

encryption consists of much more than just the algorithm.

a password of "a" isn't going to get you very far by any means whatsoever!!



posted on Jul, 15 2009 @ 06:43 PM
link   

Originally posted by trace_the_truth
The simple fact is that NOBODY, ANYWHERE, EVER, IN THE HISTORY OF OUR EARTH has broken AES encryption by any means other than brute forcing IDIOTIC PASSWORDS that consist of easy to guess/force passwords.


While that may be true for what I'm gonna call 'true' AES encryption can you confidently say that WinZip does not encrypt with a master key? I mean I don't think WinZip is an open source app is it? A nice big backhander to the developers and who knows - the average Joe would never be able to back engineer WinZip... It would take considerable expertise and even then could anyone ever be sure??



posted on Jul, 15 2009 @ 07:00 PM
link   

Originally posted by Now_Then

Originally posted by trace_the_truth
The simple fact is that NOBODY, ANYWHERE, EVER, IN THE HISTORY OF OUR EARTH has broken AES encryption by any means other than brute forcing IDIOTIC PASSWORDS that consist of easy to guess/force passwords.


While that may be true for what I'm gonna call 'true' AES encryption can you confidently say that WinZip does not encrypt with a master key? I mean I don't think WinZip is an open source app is it? A nice big backhander to the developers and who knows - the average Joe would never be able to back engineer WinZip... It would take considerable expertise and even then could anyone ever be sure??


If you know the correct password, you can discern the algorithm.

"Master keys" don't even apply to the territory you are talking about.

It's been tested and retested.

Name me a "secret" master key and I'll show you one you just made up.



posted on Jul, 16 2009 @ 02:14 AM
link   
Remember, any software that encrypts using any means was still created by human hands and thus imperfect.

There is no such thing as an unhackable program, what can be done, can be undone or bypassed, just ask any professional hacker worth their trade.


as it was wisely pointed out, TPTB just want to make it easier to get your files as fast as possible, encryptions are just an annoyance, a time staller.

Wouldn't saving sensitive info on a removable source such as a CD or disk work better?


CX

posted on Jul, 16 2009 @ 02:44 AM
link   

Originally posted by Deep-Throat
It's not what they use, it's what they want you to use!



Not so sure about that one, i reckon Gary McKinnon would have something to say on the matter.


CX.



posted on Jul, 16 2009 @ 05:58 PM
link   

Originally posted by trace_the_truth
Winzip wasn't using the AES encryption standard back then! Winzip was using a highly ineffective algorithm.

You're either deliberately ignoring this fact, or you're just being ignorant.

... and considering that Linux today still uses AES to encrypt files...

I must say that you have no idea what you are talking about.

The simple fact is that NOBODY, ANYWHERE, EVER, IN THE HISTORY OF OUR EARTH has broken AES encryption by any means other than brute forcing IDIOTIC PASSWORDS that consist of easy to guess/force passwords.

encryption consists of much more than just the algorithm.

a password of "a" isn't going to get you very far by any means whatsoever!!


So you're saying that when you open a password protected zip file that the password is not loaded into "Memory" and can not be hack by memory readers? I think your the one in ignorance my friend.

If AES is so powerful why is software piracy at an all time high? Why don't they use AES to protect their software?

I don't care what encryption or AES or software protection you use to protect your password, if you open a file, you can read it through the memory that get's loaded into your RAM. Once it's been loaded into memory/RAM you can access the root password VIA binary code.

Your the one ignoring the facts. You talk about computers like you know what your talking about, but your just spreading misconceptions.



posted on Jul, 16 2009 @ 10:11 PM
link   

Originally posted by BugByte

Originally posted by trace_the_truth
Winzip wasn't using the AES encryption standard back then! Winzip was using a highly ineffective algorithm.

You're either deliberately ignoring this fact, or you're just being ignorant.

... and considering that Linux today still uses AES to encrypt files...

I must say that you have no idea what you are talking about.

The simple fact is that NOBODY, ANYWHERE, EVER, IN THE HISTORY OF OUR EARTH has broken AES encryption by any means other than brute forcing IDIOTIC PASSWORDS that consist of easy to guess/force passwords.

encryption consists of much more than just the algorithm.

a password of "a" isn't going to get you very far by any means whatsoever!!


So you're saying that when you open a password protected zip file that the password is not loaded into "Memory" and can not be hack by memory readers? I think your the one in ignorance my friend.

If AES is so powerful why is software piracy at an all time high? Why don't they use AES to protect their software?

I don't care what encryption or AES or software protection you use to protect your password, if you open a file, you can read it through the memory that get's loaded into your RAM. Once it's been loaded into memory/RAM you can access the root password VIA binary code.

Your the one ignoring the facts. You talk about computers like you know what your talking about, but your just spreading misconceptions.


By your attitude and what you consider knowledge of computer systems, I'll hazard a guess and say you are between 12 and ... 17 years old. Am I right?

None of those ill-contrived, non-nonsensical, abstract & badly worded "things" you've described defeats the encryption.

They aren't decrypting anything. Until you can decrypt the data yourself have you defeated the encryption mechanism.

Standing over someones shoulder, installing a key logger, reading their ram, killing them after they've entered the password, scanning hard drive sectors for non-free unallocated sectors of once encrypted data, etc.. etc.. has nothing to do with the encryption/decryption process.

You are confusing insecure environments with encryption/decryption techniques.

... and you say I don't know what I'm talking about?



Pathetic.



posted on Jul, 16 2009 @ 10:21 PM
link   
reply to post by BugByte
 


I'm not a security expert by any means. I have done a good bit of cracking back before I got a real job. Cracking is the brute force way of going about things, and completely relies on user ignorance. That is how that Gary UFO guy got in.

But I encrypt the passwords themselves in my things/programs, so if they were to load it up in memory, all they would get was the encrypted password.

It's not like it would keep the password in the file without encryption. So loading it into memory would just load up the encrypted password.

Even if your password was something simple like "dog", it would never show up in the program, even in the memory as "dog". Instead it would be a really really long line of characters.

Personally, when it comes to protecting myself in the nature of these things I don't worry about if the "NSA" is going to read my files. I don't even have files I'd want to keep secret from them anyway. But if I did, I seriously doubt they would be using these kinds of primitive means for getting the data from me. They would just snoop my lines and do other things IMO. Besides, who normally keeps a bunch of zip data of such things?

I view this stuff more as theft protection from average users. I write programs, so I might would encrypt a zip file of my programs if I was going to put it on the web etc.

It's kind of like the whole 'cookie' tracking arguments. Why would the NSA need to resort to such primitive techniques? IMO, they wouldn't.

When someone says - That's what the NSA wants you to use, then I have to believe that is a bit of ignorance.

I'm kind of curious to those who say that, exactly what kind of files do you think you have that need such things?

Again, I'm not a security expert, but I do use encryptions and such from time to time and have a bit of general knowledge on the topic. I do know what he said as far as brute force/cracking goes the person is correct. But I have no idea what the memory will show. I know I would never keep a bare password like that in a program though, outside mudane things where I don't care about encryption. Like sometimes I'll just hardcode a password into a program etc when it's not important - of course, I realize it's not encrypted etc.



new topics

top topics



 
2

log in

join