Path: news.mitre.org!blanket.mitre.org!philabs!newsjunkie.ans.net!newsfeeds.ans.net!newsfeed.lightning.net!feeder.qis.net!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!newsfeed.ecrc.net!dispose.news.demon.net!demon!news.demon.co.uk!demon!g4ikj.demon.co.uk!marvin.g4ikj.demon.co.uk!ArjfHfre
From: ROT13 <ArjfHfre@t4vxw.qrzba.pb.hx>
Newsgroups: comp.security.misc
Subject: Re: Security of pkzip
Date: Tue, 16 Dec 1997 07:49:22 +0000
Organization: NewsUser *at* g4ikj *dot* demon *dot* co *dot* uk
Distribution: world
Message-ID: <ePCZ3xACKjl0Ewzk@marvin.g4ikj.demon.co.uk>
References: <348F1C3D.4D22@iides.com>
NNTP-Posting-Host: g4ikj.demon.co.uk
X-NNTP-Posting-Host: g4ikj.demon.co.uk [158.152.228.117]
MIME-Version: 1.0
X-Newsreader: Turnpike Version 3.04 <N8+7L4YQxmkVoMo3nrP3$t$j8C>
Lines: 17

In article <348F1C3D.4D22@iides.com>, Gerald Fiesser <fiesser@iides.com>
writes
>Pkzip offers a password-protection (-s switch). Does anybody know, how
>secure it is?

This is a FAQ here, so you may not get many responses if people are busy
with 'real security issues' :)

PKZIP is easy to break, especially if you have at least 13 bytes of the
ZIP archive - try looking at:
http://http://www.unix-ag.uni-kl.de/~conrad/krypto/pkcrack.html

Compare it to a postal letter/envelope - it provides privacy, but no
more, with almost no effort, but the bad guys can easily read it too.
-- 
ROT13 <ArjfHfre@t4vxw.qrzba.pb.hx>
OR     NewsUser *at* g4ikj *dot* demon *dot* co *dot* uk