The Design of Rijndael
Authenticated-encryption with associated-data
Proceedings of the 9th ACM conference on Computer and communications security
How to decrypt or even substitute DES-Encrypted messages in 228 steps
Information Processing Letters
(Not So) Random Shuffles of RC4
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
ZIP Attacks with Reduced Known Plaintext
FSE '01 Revised Papers from the 8th International Workshop on Fast Software Encryption
Compression and Information Leakage of Plaintext
FSE '02 Revised Papers from the 9th International Workshop on Fast Software Encryption
Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG
ISC '02 Proceedings of the 5th International Conference on Information Security
A chosen ciphertext attack against several e-mail encryption protocols
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Analysis of the SSL 3.0 protocol
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
A Security Analysis of the Internet Chess Club
IEEE Security and Privacy
A natural language approach to automated cryptanalysis of two-time pads
Proceedings of the 13th ACM conference on Computer and communications security
Nonce Generators and the Nonce Reset Problem
ISC '09 Proceedings of the 12th International Conference on Information Security
Crypt analysis of two time pads in case of compressed speech
Computers and Electrical Engineering
On the security of the WinRAR encryption method
ISC'05 Proceedings of the 8th international conference on Information Security
Designing the API for a cryptographic library: a misuse-resistant application programming interface
Ada-Europe'12 Proceedings of the 17th Ada-Europe international conference on Reliable Software Technologies
Γ-MAC[H, P]: a new universal MAC scheme
WEWoRC'11 Proceedings of the 4th Western European conference on Research in Cryptology
McOE: a family of almost foolproof on-line authenticated encryption schemes
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
| Hi-index | 0.00 |
WinZip is a popular compression utility for Microsoft Windows computers, the latest version of which is advertised as having "easy-to-use AES encryption to protect your sensitive data." We exhibit several attacks against WinZip's new encryption method, dubbed "AE-2" or "Advanced Encryption, version two." We then discuss secure alternatives. Since at a high level the underlying WinZip encryption method appears secure (the core is exactly Encrypt-then-Authenticate using AES-CTR and HMAC-SHA1), and since one of our attacks was made possible because of the way that WinZip Computing, Inc. decided to fix a different security problem with its previous encryption method AE-1, our attacks further underscore the subtlety of designing cryptographically secure software.