Then, have him run FCIV on it, to get the SHA-1 hash of the file. Send the self-decrypting archive to your client, and have him save it as a file ( without executing it, of course).
#Is winzip safe install#
It still needs your client to install a new piece of software, but at least it is straight from Microsoft: the File Checksum Integrity Verifier - a pompous name for a tool which computes file hashes. Nevertheless, there is a way, in your specific situation, to make a self-decrypting archive reasonable. If he does open a self-decrypting archive you send him, then he will just, by this action, demonstrate that he is vulnerable to the myriad of virus/worms/whatevers which roam the wild Internet, and he is probably already infected with various malware, including keyloggers. launching an executable which he received by email. If an external tool is required, you might as well rely on a tool which has been thoroughly analyzed for security, both in the format specification and the implementation in other words, as suggests: GnuPG.Īs for self-decrypting archives, they are all wrong, since they rely on the user doing exactly what should never be done, i.e. However, such Zip files will not be opened by the stock WinXP explorer. Now, if you use a tool which supports the newer, AES-based encryption, things will look better, provided that the format and implementation were not botched, and the password has sufficient entropy. Phil Katz was very good in his domain, but the best cryptographers in the world will tell you that it takes much more than one extremely good cryptographer to make a secure algorithm - it takes many cryptographers who feverishly propose designs and try to break the designs of the others, for a few years, until a seemingly robust design emerges (where "robust" means "none could find the slightest argument to support the idea that they may, possibly, make a dent in it at some unspecified date"). a reminder that you should not roll your own crypto.The attack on Zip encryption is actually: Some years ago (quite a few now, tempus fugit), I have seen a password cracking software by Ivan Golubev which put this science to good use, and could crack Zip encryption in an hour. The result has even been improved, notably because the files in an archive are encrypted separately but without proper key diversification. if one of the files in the archive is an image, it will probably be uncompressed and begin with a known header). 13 bytes are relatively easy to obtain (e.g. With 13 bytes of known plaintext, the complexity of the attack is about 2 38 operations, which is doable in a few hours on a PC. This is a homemade stream cipher, and it is weak.
#Is winzip safe zip file#
When creating a password-protected Zip file (with the "compressed folder" utility integrated in the OS), Windows XP uses the "standard" encryption algorithm for Zip files.