Newsgroups: sci.crypt
Path: msuinfo!caen!zaphod.mps.ohio-state.edu!menudo.uh.edu!lobster!nuchat!texhrc!rls
From: rls@texhrc.uucp (Bob Simmons)
Subject: Re: Ethics and software to find ZIP archive passwords
Message-ID: <1992Feb28.184507.2351@texhrc.uucp>
Organization: Texaco EPTD
References: <1992Feb28.112824.18265@leland.Stanford.EDU>
Date: Fri, 28 Feb 1992 18:45:07 GMT

In article <1992Feb28.112824.18265@leland.Stanford.EDU> kocherp@leland.Stanford.EDU (Paul Carl Kocher) writes:
>     I have written some fairly fast routines that use a brute-force
>approach to check passwords against the 16-bit checksum in zip files' 
>encryption headers.  On my '386-33, testing all 4-digit lowercase 
>combinations takes 76 seconds, including the time to generate
>passwords, meaning that ten million attempts could easily be done
>in half an hour.  
>
>     I fear that if I release this, it will be mostly used by people
>to get unauthorized access to others' data.  On the other hand, anyone 
>who is determined enough could easily write a similar program.  Does
>anyone have experience releasing programs, like this, that could be
>misused?  My present inclination is to not release it, but I would 
>welcome suggestions.
>
>-- Paul Kocher

Well, I have been beating my head against the wall for about two months
trying to remember the password I used a year ago to zip some files I
thought I was pretty much through with. Now I want them again. Your program
would be a godsend to my failing memory. I hope you release it.
-- 
_______________________________________________________________
Bob Simmons          | Standard    | rls@Texaco.COM
E&P Technology Dept. | disclaimers | uunet!nuchat!texhrc!rls
Texaco Inc.          | apply.      | (Inside Texaco) rls@texhrc
