Error - template LAYOUT-DATA-WRAPPER not found

A configuration error was detected in the CGI script; the LAYOUT-DATA-WRAPPER template could not be found.

Error - template STYLE-SHEET not found

A configuration error was detected in the CGI script; the STYLE-SHEET template could not be found.

Error - template SUB-TOP-BANNER not found

A configuration error was detected in the CGI script; the SUB-TOP-BANNER template could not be found.
Subject:
Re: Password XP
From:
Chris Ryan <[log in to unmask]>
Reply To:
PCSOFT - Personal Computer software discussion list <[log in to unmask]>
Date:
Fri, 24 Jun 2005 05:23:16 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (88 lines) 
Date:    Tue, 21 Jun 2005 14:58:16 -0500
From:    Anna Summers <[log in to unmask]>
Subject: Re: Password XP


---I read the information at the site (is this a site selling a particular
encryption program?), and I am still confused.

Is it saying that selecting 256-bit AES encryption in WinZip is meaningless
unless you use a password 32 characters long?

Is it saying that WinZip 256-bit AES encryption (using a 12-char password)
can be deciphered WITHOUT the password, by de-crypting the encryption, in 4
hours?

What role do my hardware and software firewalls play in this?  If Zone Alarm
prevents anything being sent from my computer without my knowlege and
permission, how could someone get the information that was on my computer in
the first place?

Thanks for the help - I feel like dummy about this,
AnnaSummers---

Sorry I didn't try to respond sooner, but I was away from my PC for awhile
and am just able to retrieve my mail.
I'm not an expert with encryption Anna, but what I understand about it is
the more characters and the more random they are the stronger the
encryption. Kind of like a combination lock, the more numbers, the harder it
is to open. Winzip (8.0) readily admits it's encryption is weak:

"Password Security-
WinZip® uses the standard Zip 2.0 encryption format, a format that is also
supported by most other Zip utilities.
Password protecting files in a Zip file provides a measure of protection
against casual users who do not have the password and are trying to
determine the contents of the files. However, the Zip 2.0 encryption format
is known to be relatively weak, and cannot be expected to provide protection
from individuals with access to specialized password recovery tools.
        Passwords can also be used for ARJ files; in this case, the external ARJ
program is responsible for all data encryption.
·       In general, longer passwords (for example, passwords with 8 or more
characters) are more secure than shorter passwords, and passwords that
contain a mixture of alphabetic characters, numeric characters, and
punctuation characters are more secure than passwords containing only
alphabetic characters.
·       Be sure to remember any passwords you use, so that you can extract your
files!"

I don't know which version of WinZip you use but the main thing here is that
any of the decrypting programs that could be used on cracking a password
(several are used commercially to use a method called "brute force" to
retrieve lost passwords, ie: lost admin password on a server or a lost
password for a MS document - which by the way can be "cracked" with
copy/paste ) involve direct access to the PC. It's possible that a rogue
program picked up online could be a password recovery program, but it's
hardly likely that one running on your PC would go unnoticed. Depending on
the type of encryption algorithm a program uses, and again I'm no expert,
with a password the more characters used the greater combinations possible.
Simply put a password with two characters only has four possibile
combinations ( AB, BA, AA, BB) and so on. The first site I listed describes
diffent types of encryption and various levels of security based on it. I
think you misread;
"And just because 250 computers testing 100,000 or so passwords every second
can find the password of a 40-bit algorithm in 4 hours, does not mean that
your encryption at 40 bits is not secure enough (unless you expect a similar
attack)."
as meaning any computer could hack a password in 4 hours. It's not likely
that anyone would face this scenario, but there are programs available that
given enough time on a PC can break simple encryption. The idea is to use a
password that contains as many random characters as possible. Some need 32
characters for 256 bit, some require 22 for 128, such as the program listed
at the second link. Encryption is based on bits (8bits per character) so 16
characters equals 128 bits, 32 for 256. (I think the extra characters
required for the program in the second link is based in part by the encoding
used for that program (?)) It's a freeware program (recommended by a few
rags), and the link to the second site is one I found that explained
encryption in detail, but in no way am I endorsing the purchase or d/l of
either program. Just wanted to be helpful :-o!

Chris Ryan
E-Mail: [log in to unmask] <mailto:[log in to unmask]>
                [log in to unmask] <mailto:[log in to unmask]>

               The NOSPIN Group Promotions is now offering
                 our special coffee cups and mouse pads
              with the PCSOFT logo...  at a great price!!!
             http://freepctech.com/goodies/promotions.shtml

ATOM RSS1 RSS2

LISTSERV.ICORS.ORG Secured by F-Secure Anti-Virus CataList Email List Search Powered by LISTSERV