home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.compression
- Path: sparky!uunet!stanford.edu!nntp.Stanford.EDU!kocherp
- From: kocherp@leland.Stanford.EDU (Paul Carl Kocher)
- Subject: Re: How do AV Codes Work? (PKZIP)
- Message-ID: <1992Dec12.042955.18961@leland.Stanford.EDU>
- Sender: news@leland.Stanford.EDU (USENET News System)
- Organization: DSG, Stanford University, CA 94305, USA
- References: <usgcjsx.723851067@gsusgi1.gsu.edu> <1992Dec9.223633.24425@leland.Stanford.EDU> <bontchev.724072736@fbihh>
- Date: Sat, 12 Dec 92 04:29:55 GMT
- Lines: 24
-
- In article <bontchev.724072736@fbihh> bontchev@fbihh.informatik.uni-hamburg.de writes:
- >> (Fortunately) there are no programs around that crack AV codes, except
- >> for a few brute-force hacks, but these don't produce correct checksums.
- >
- >Huh? I have one of those here; it requests a string (company name) and
- >a three-character checksum and produces all possible registration
- >numbers with that string/checksum combination.
- >
- >> However, it only took a couple hours for me to find the exact AV number
- >> used by PKWARE.
- >
- >The program mentioned above achieved the same in slightly less than a
- >minute on a 4.77 MHz XT clone.
-
- I didn't know that someone had released a program to do this, but I suppose
- it is hardly surprising, since the algorithm was so easy to break. I don't
- really know what PKWARE *ought* to do for the next release, since political
- considerations make RSA unusable. Possibly some public-key system that has
- been broken could be used successfully, since very little plaintext (and
- essentially no chosen plaintext) would be available to crackers? Or maybe
- they should just do away with the feature altogether...
-
- -- Paul Kocher
- kocherp@leland.stanford.edu
-
