home *** CD-ROM | disk | FTP | other *** search
- Xref: sparky comp.compression:4559 sci.crypt:6651
- Newsgroups: comp.compression,sci.crypt
- Path: sparky!uunet!gatech!paladin.american.edu!howland.reston.ans.net!sol.ctr.columbia.edu!ira.uka.de!Sirius.dfn.de!news.DKRZ-Hamburg.DE!rzsun2.informatik.uni-hamburg.de!fbihh!bontchev
- From: bontchev@fbihh.informatik.uni-hamburg.de (Vesselin Bontchev)
- Subject: Re: ARJ "Security Envelopes" Broken
- Message-ID: <bontchev.726782688@fbihh>
- Sender: news@informatik.uni-hamburg.de (Mr. News)
- Reply-To: bontchev@fbihh.informatik.uni-hamburg.de
- Organization: Virus Test Center, University of Hamburg
- References: <1993Jan9.065934.4930@leland.Stanford.EDU>
- Date: 11 Jan 93 20:04:48 GMT
- Lines: 22
-
- kocherp@leland.Stanford.EDU (Paul Carl Kocher) writes:
-
- > I just tried hacking ARJ security envelopes, and discovered that
- > they are reasonably easy to forge. I have notified Robert Jung
-
- You had to ask me first - it would save you to duplicate the effort...
- :-) They are -extremely- easy to forge, even easier than ZIP's... :-(
- The encryption is also -extremely- weak, -MUCH- wheaker than the one
- in PKZIP...
-
- BTW, when considering the archivers that provide "toy authentication",
- I think that only PAK's authentication has not been broken yet, and
- probably only because nobody has bothered to crack it... If you want
- -real- authentication, use HPACK.
-
- Regards,
- Vesselin
- --
- Vesselin Vladimirov Bontchev Virus Test Center, University of Hamburg
- Tel.:+49-40-54715-224, Fax: +49-40-54715-226 Fachbereich Informatik - AGN
- < PGP 2.1 public key available on request. > Vogt-Koelln-Strasse 30, rm. 107 C
- e-mail: bontchev@fbihh.informatik.uni-hamburg.de D-2000 Hamburg 54, Germany
-
