BorlandTalk.com Borland discussion newsgroups   Archives   FAQ   Search   Memberlist   Usergroups   Register   Profile   Log in to check your private messages   Log in  Passworded zip files          BorlandTalk.com Forum Index -> C++ Builder (Non-Technical) View previous topic :: View next topic   Author Message Rhys Sage Guest Posted: Sun Aug 03, 2003 3:37 pm    Post subject: Passworded zip files Is it easy to crack the password on a winzip file? I'm thinking of distributing .dlls in winzip files with passwords in the hope (probably vain) that people will pay for the password required to unlock the files in order to use the .dlls. -- Yours, Rhys Sage. www.sageworld.freeserve.co.uk for code snippets and software downloads. -- Vini vidi vici -- (Team Zip) Back to top Remy Lebeau (TeamB) Guest Posted: Sun Aug 03, 2003 7:53 pm    Post subject: Re: Passworded zip files "Rhys Sage" <No.Spam@ta> wrote Quote: Is it easy to crack the password on a winzip file? Not easily, but doable. There are third-party hacking programs available for that. Currently, the only viable way to do so is to brute-force the file, basically trying every single password until eventually successful. If anything is known about the password, such as what kind of digits and characters is uses, or even which specific positions they are in, the process of trying every since pasword can be optimized, of course. Gambit Back to top Remy Lebeau (TeamB) Guest Posted: Sun Aug 03, 2003 7:55 pm    Post subject: Re: Passworded zip files Even worse, if the "hacker" has multiple CPU's available, whether on the same box or via a network, there are third-party programs for utilizing those multiple CPUs for brute-forcing different password sequences at the same time, thus speeding up the hack considerably. Gambit "Remy Lebeau (TeamB)" <gambit47 (AT) yahoo (DOT) com> wrote Quote: Not easily, but doable. There are third-party hacking programs available for that. Currently, the only viable way to do so is to brute-force the file, basically trying every single password until eventually successful. If anything is known about the password, such as what kind of digits and characters is uses, or even which specific positions they are in, the process of trying every since pasword can be optimized, of course. Back to top Rhys Sage Guest Posted: Sun Aug 03, 2003 8:23 pm    Post subject: Re: Passworded zip files So, a password that has lots of digits and symbols, including spaces would be better? For example: "&hhooo ={}$%&?lou8931$%!%!?%" -- Yours, Rhys Sage. www.sageworld.freeserve.co.uk for code snippets and software downloads. -- Vini vidi vici -- (Team Zip) "Remy Lebeau (TeamB)" <gambit47 (AT) yahoo (DOT) com> wrote Quote: Even worse, if the "hacker" has multiple CPU's available, whether on the same box or via a network, there are third-party programs for utilizing those multiple CPUs for brute-forcing different password sequences at the same time, thus speeding up the hack considerably. Gambit "Remy Lebeau (TeamB)" <gambit47 (AT) yahoo (DOT) com> wrote in message news:3f2d66db$1 (AT) newsgroups (DOT) borland.com... Not easily, but doable. There are third-party hacking programs available for that. Currently, the only viable way to do so is to brute-force the file, basically trying every single password until eventually successful. If anything is known about the password, such as what kind of digits and characters is uses, or even which specific positions they are in, the process of trying every since pasword can be optimized, of course. Back to top Ed Mulroy [TeamB] Guest Posted: Sun Aug 03, 2003 9:31 pm    Post subject: Re: Passworded zip files A gentleman I spoke to long ago who sold a program for data recovery when people had forgotten their passwords told me that for a ZIP file it was so easy and quick that he put a delay in his program so that people would actually believe that the program had cracked it. Phil Katz told me that the password in a ZIP file was something intended to keep out casual users and was never intended to be the equivalent of encription. He suggested using PHP on the ZIP file if you needed strong encryption. .. Ed Quote: Rhys Sage wrote in message news:3f2d2cbc (AT) newsgroups (DOT) borland.com... Is it easy to crack the password on a winzip file? I'm thinking of distributing .dlls in winzip files with passwords in the hope (probably vain) that people will pay for the password required to unlock the files in order to use the .dlls. Back to top Rhys Sage Guest Posted: Sun Aug 03, 2003 9:43 pm    Post subject: Re: Passworded zip files Interesting. What simple measure (without writing extra software) would you recommend I employ, bearing in mind I just want the files in my downloads directory on my site and that users simply pay for the password to access the data? Would most programmers do the honest thing and pay for software or would most just rip off .dlls etc? -- Yours, Rhys Sage. www.sageworld.freeserve.co.uk for code snippets and software downloads. -- Vini vidi vici -- (Team Zip) Back to top Remy Lebeau (TeamB) Guest Posted: Sun Aug 03, 2003 10:30 pm    Post subject: Re: Passworded zip files "Rhys Sage" <No.Spam@ta> wrote Quote: So, a password that has lots of digits and symbols, including spaces would be better? For example: "&hhooo ={}$%&?lou8931$%!%!?%" The more you mix up the password, and the longer you make the password in general, then yes, it will take longer to break, but it is still breakable eventually, if a person is willing to put in the time to break it. Gambit Back to top Remy Lebeau (TeamB) Guest Posted: Sun Aug 03, 2003 10:34 pm    Post subject: Re: Passworded zip files "Ed Mulroy [TeamB]" <ed (AT) mulroyREMOVETHESECHARS (DOT) org> wrote Quote: A gentleman I spoke to long ago who sold a program for data recovery when people had forgotten their passwords told me that for a ZIP file it was so easy and quick that he put a delay in his program so that people would actually believe that the program had cracked it. Interesting. I had not heard of that being accomplished yet. I was wanting to research awhile back how Zip files work in general, but had not done so yet. I know that brute-force and word-list breakers are readily available, but have not seen anything that would break a password instantaneously (unless the actual password was very very very easy to guess). Quote: Phil Katz told me that the password in a ZIP file was something intended to keep out casual users and was never intended to be the equivalent of encription. That is no longer the case. The latest version of the Zip specification as provided by PKWare, as well as the popular WinZip client, natively support RSA encryption for zip files now. Gambit Back to top Remy Lebeau (TeamB) Guest Posted: Sun Aug 03, 2003 10:37 pm    Post subject: Re: Passworded zip files "Rhys Sage" <No.Spam@ta> wrote Quote: Interesting. What simple measure (without writing extra software) would you recommend I employ, bearing in mind I just want the files in my downloads directory on my site and that users simply pay for the password to access the data? The best approach would be to simply not give away the real data files until payment was actually received. Produce a slimmed down version for evaluation use. Make sure that you are actually excluding functionalitity during compiling, not simply blocking functionality with a runtime user-provided key. That way, full-version code cannot be hacked into as it does not exist in the eveal version in the first place. Gambit Back to top Pete Fraser Guest Posted: Tue Aug 26, 2003 9:36 am    Post subject: Re: Passworded zip files There is a utility to crack passwords in WinZip files so I think the aswer is YES. Sorry, Pete "Rhys Sage" <No.Spam@ta> wrote Is it easy to crack the password on a winzip file? I'm thinking of distributing .dlls in winzip files with passwords in the hope (probably vain) that people will pay for the password required to unlock the files in order to use the .dlls. Back to top Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First         BorlandTalk.com Forum Index -> C++ Builder (Non-Technical) All times are GMT Page 1 of 1   Jump to: Select a forum C++ Builder Newsgroups----------------C++ BuilderC++ Builder (ActiveX)C++ Builder (Announcements)C++ Builder (Command Line Tools)C++ Builder DatabasesC++ Builder Databases (ADO)C++ Builder Databases (Desktop)C++ Builder Databases (InterBase Express)C++ Builder Databases (Multi-Tier)C++ Builder Databases (SQL Servers)C++ Builder (Graphics)C++ Builder (IDE)C++ Builder (Internet)C++ Builder (Internet Socket)C++ Builder (Internet Web)C++ Builder (Jobs)C++ Builder (Language)C++ Builder (Language C++)C++ Builder (Compatibility with MFC)C++ Builder (Native API)C++ Builder (Non-Technical)C++ Builder (Students)C++ Builder (Third Party Tools)C++ Builder (Upgrade)C++ Builder (VCL)C++ Builder (VCL Components Usage)C++ Builder (VCL Components Development)C++ Builder (VCL Usage)C++ Builder (WinAPI)C++ Builder Installation Delphi Newsgroups----------------Delphi (General)Delphi ActiveX Controls UsageDelphi ActiveX Controls DevelopmentDelphi As400Delphi DatabasesDelphi Databases (ADO)Delphi Databases (dbExpress)Delphi Databases (Desktop)Delphi Databases (InterBase Express)Delphi Databases (Multi-Tier)Delphi Databases (SQL Servers)Delphi DeploymentDelphi GraphicsDelphi IDEDelphi InternationalizationDelphi InternetDelphi Internet Isapi-WebBrokerDelphi Internet WebSnapDelphi Internet WinsockDelphi JobsDelphi Language BASMDelphi Language ObjectPascalDelphi Model Driven Architecture (General)Delphi Model Driven Architecture (Third Party)Delphi MultimediaDelphi Native APIDelphi Non-TechnicalDelphi ObjectPascalDelphi OLE AutomationDelphi OO designDelphi OpenToolsAPIDelphi Reporting-ChartingDelphi RTLDelphi StudentsDelphi TeamSourceDelphi Thirdparty ToolsDelphi Thirdparty Tools (General)Delphi Thirdparty Tools (IntraWeb)Delphi Thirdparty Tools (RaveReports)Delphi UpgradeDelphi VCLDelphi VCL ComponentsDelphi VCL Components UsingDelphi VCL Components WritingDelphi WebServices SOAPDelphi WinAPIDelphi XMLDelphi Installationcomp.lang.pascal.delphi.components.misccomp.lang.pascal.delphi.components.usagecomp.lang.pascal.delphi.components.writingcomp.lang.pascal.delphi.databasescomp.lang.pascal.delphi.misccomp.sources.delphi JBuilder Newsgroups----------------JBuilderJBuilder AnnouncementsJBuilder Applet IssuesJBuilder As400JBuilder CompilerJBuilder CORBA/RMIJBuilder DatabasesJBuilder DB SwingJBuilder DebuggerJBuilder DeploymentJBuilder DocumentationJBuilder EnterpriseJBuilder HandheldJBuilder IDEJBuilder JavaJBuilder JavaAPIJBuilder Java LanguageJBuilder Java SwingJBuilder Java BeansJBuilder Java Beans UsageJBuilder Java Beans DevelopmentJBuilder JBCLJBuilder JDataStoreJBuilder JobsJBuilder LinuxJBuilder MacintoshJBuilder & MobileSetJBuilder MultiLingual AppsJBuilder Non-TechnicalJBuilder OpenToolsJBuilder Servlets (JSP)JBuilder StudentsJBuilder Team DevelopmentJBuilder Thirdparty ToolsJBuilder UpgradeJBuilder Installation InterBase Newsgroups----------------InterBaseInterBase Bug DiscussionInterBase GeneralInterBase IBConsoleInterBase OpenSourceInterBase ReplicationInterBase SQLInterBase ThirdpartyInterBase Installation Miscellaneous Borland Newsgroups----------------AppCenterAppServerEnteraVisiBroker  You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum Powered by phpBB © 2001, 2006 phpBB Group SEO toolkit © 2004-2006 webmedic.