this post was submitted on 29 Aug 2024
67 points (98.6% liked)
Privacy
32103 readers
723 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Encrypted ZIPs are very trivial to break. I can break it with a simple python script.
For instance, Microsoft does that for all encrypted ZIPs
https://arstechnica.com/information-technology/2023/05/microsoft-is-scanning-the-inside-of-password-protected-zip-files-for-malware/
ZIP isn't a good way to encrypt, but what Microsoft is doing is simply reading the email, and decrypting zips with the password found in the email body.
All encryptions schemes can be trivially broken if you have the key. It's not even breaking, it's just normal decryption.
No, zip encryption is very weak. Thus is because million of combinations can be tried very quickly
While that's true, but there's no indication of Microsoft brute forcing with million of combinations.
The article you link says Microsoft is only trying a few obvious passwords: the filename, and words found in the plaintext message.
Proper encryption isn't just about using a strong algorithm. It's also about proper key management, ie not sending the password in the clear via the same channel as the encrypted files.
Well no ZIP is not secure. There is a plethora of software that can brute force it.
Do not trust zip encryption. It is not secure and it will likely never be secure. It is like storing your passwords on a spreadsheet