SEEK: freeware to decrypt password-protected Winzip files

[Franklin]

I use Winzip ($$$ware) to encrypt personal files so that they are safe
when transitted over the net.

Some recipients cannot open these files even though they have the
password.

Which freeware which can open Winzip encypted files? And which method
of encryption (performed by Winzip) can they decrypt?

Winzip can encrypt using:
(a) Zip 2.0
(b) 128-bit AES
(3) 256-bit AES.

 

[Dave Turner]

the best one for ZIPs is probably Advanced ZIP Recovery made by that Russian
guy who's name escapes me at the moment - he was arrested when he went to
the US for developing the tool, causing a furore in the programming and
related communities.

However your question essentially boils down to "what freeware can I use to
break AES?". All I can say is - good luck.

 

[jimbok]

Which freeware which can open Winzip encypted files? And which method
of encryption (performed by Winzip) can they decrypt?

Winzip can encrypt using:
(a) Zip 2.0
(b) 128-bit AES
(3) 256-bit AES.

128 bit AES has 340282366920938463463374607431768211456 possible keys.
So, even if you could test one trillion keys per second, it would take
a while. Do the math.

 

[Terry Russell]

128 bit AES has 340282366920938463463374607431768211456 possible keys.
So, even if you could test one trillion keys per second, it would take
a while. Do the math.

10,790,283,070,806,014,189 years
154,146,901,011,514,488 lifetimes
1,348,785,384 times the age of the universe
$3,938,453,320,844,195,178,985.37 (retail power cost) to run the computer
for that long
164,102,221,702 times the annual world GDP



of course thats brute force decryption, more elegant methods seek to shave
that time
a tad

 

[Franklin]

the best one for ZIPs is probably Advanced ZIP Recovery made by
that Russian guy who's name escapes me at the moment - he was
arrested when he went to the US for developing the tool, causing a
furore in the programming and related communities.

However your question essentially boils down to "what freeware can
I use to break AES?". All I can say is - good luck.

Hi Dave, I think I may have explained my need badly.

Maybe it's my criminal-looking face that makes people think I want to
crack open password-protected zip files. Heh! This is what I
actually want to do:

(1) I create an ordinary zip file "archive" with Winzip ($$$ware).

(2) I password-protect the zip file. In other words, I encrypt it
using 'AES 256' built into Winzip. (AES 256 is stronger than AES 128
or Zip 2.0).

(3) I send the zip file to my recipient by email and I tell them the
password by phone. The recipient may vary and may be someone I have
not sent zip files to in the past.

(4) Sometimes the recipent CAN NOT OPEN MY ZIP FILE USING MY
PASSWORD. All my recipients will be using a WinXP PC provided by
their employer and the problem may be some limitation of the
unzipper.

(5) To get around this I would like my recipient to download a
freeware UNZIP utility in order to open my passworded/encrypted zip
file. Or I could send them a copy of the freeware with my zip file.

I keep hearing that there is a lot of extremely good zip freeware but
I know that not all of it can handle strong encryptionsuch as AES
256.

In my ideal world the zip freeware would work WITHOUT needing to be
installed because I'm sure not all my recipients will have WinXP
installation rights.

 

[Franklin]

128 bit AES has 340282366920938463463374607431768211456 possible
keys. So, even if you could test one trillion keys per second, it
would take a while. Do the math.

Hi Jimbok, I don't want to crack the file!

Please see a clearer explanation of what I want in the post I made to
Dave Turner in this thread. <
It is because AES is so good that I am using it to encrypt the file.

However I need a freeware util for my recipient to be able to open it
using my password. Seems they have trouble using whatever zip util
it is that they have on their machine.

 

[Terry]

I use Winzip ($$$ware) to encrypt personal files so that they are safe
when transitted over the net.

Some recipients cannot open these files even though they have the
password.

Which freeware which can open Winzip encypted files? And which method
of encryption (performed by Winzip) can they decrypt?

Winzip can encrypt using:
(a) Zip 2.0
(b) 128-bit AES
(3) 256-bit AES.

The only one of those that is generally supported is zip 2.0
encryption. Many (most?) freeware can open those.

The AES encryption is pretty much Winzip only -- I don't know of any
freeware that will open them. Note that some of your recipients may be
opening these files using the builti in zip-file handling of Windows
XP. This will handle zip 2.0 passwords only, and they may be reluctant
to install any additional zip program, whether freeware or not.

<OT>
Winzip can create self-extracting exe files, that use AES encryption.
This would let you use the stronger encryption, but not require any
zip program on the recipient's system. Essentially you are sending
them the decryption program along with your data.
</OT>

Terry

 

[Lou]

Hi Dave, I think I may have explained my need badly.

Maybe it's my criminal-looking face that makes people think I want to
crack open password-protected zip files. Heh! This is what I
actually want to do:

(1) I create an ordinary zip file "archive" with Winzip ($$$ware).

(2) I password-protect the zip file. In other words, I encrypt it
using 'AES 256' built into Winzip. (AES 256 is stronger than AES 128
or Zip 2.0).

(3) I send the zip file to my recipient by email and I tell them the
password by phone. The recipient may vary and may be someone I have
not sent zip files to in the past.

(4) Sometimes the recipent CAN NOT OPEN MY ZIP FILE USING MY
PASSWORD. All my recipients will be using a WinXP PC provided by
their employer and the problem may be some limitation of the
unzipper.

(5) To get around this I would like my recipient to download a
freeware UNZIP utility in order to open my passworded/encrypted zip
file. Or I could send them a copy of the freeware with my zip file.

I keep hearing that there is a lot of extremely good zip freeware but
I know that not all of it can handle strong encryptionsuch as AES
256.

In my ideal world the zip freeware would work WITHOUT needing to be
installed because I'm sure not all my recipients will have WinXP
installation rights.

If this is being used by and for business why not _pay_ for the stuff?
You may want to read the EULs of many sites that state free versions are
for NON-commercial use.

Lou

 

[Dave Turner]

yep, your best bet would be to create a self-extracting executable rather
than a zip image. It's basically the same thing, but with a program
prepended to it which includes the AES decryption code.

 

[Franklin]

If this is being used by and for business why not _pay_ for the
stuff? You may want to read the EULs of many sites that state free
versions are for NON-commercial use.

Lou

Lou, it is not up to me.

You should ask my recipients why they don't want to pay for the stuff.

You will probably find that many are not-for-profit charities and are
working on shoestring budgets.

Either way, it is I who has a problem when they can't read my files.

 

[Franklin]

The only one of those that is generally supported is zip 2.0
encryption. Many (most?) freeware can open those.

The AES encryption is pretty much Winzip only -- I don't know of
any freeware that will open them. Note that some of your recipients
may be opening these files using the builti in zip-file handling of
Windows XP. This will handle zip 2.0 passwords only, and they may
be reluctant to install any additional zip program, whether
freeware or not.

I tried FILZIP which claims to be able to decrypt AES but it does not
work well. These recipients are not computer-savvy and would
struggle if the needed to massage the results.

<OT>
Winzip can create self-extracting exe files, that use AES
encryption. This would let you use the stronger encryption, but not
require any zip program on the recipient's system. Essentially you
are sending them the decryption program along with your data.
</OT>

Yes, I had been thinking about this but I get the feeling that
getting my self-extracting EXE past the recipient's security might be
hard. (I suppose I could, errr, zip up the EXE file!)

Then ... getting my recipients to run a new and untried self-
extracting EXE for every document I send them might also need a bit
of persuading!

If there is no freeware to extract AES-encrypted data then ISTR there
was an ad-sponsored version of Winzip but it must be a figment of my
imagination as I can't find it.

Maybe there is a standalone freeware AES-decryptor?

 

[Al Klein]

Hi Jimbok, I don't want to crack the file!

Please see a clearer explanation of what I want in the post I made to
Dave Turner in this thread. <
It is because AES is so good that I am using it to encrypt the file.

However I need a freeware util for my recipient to be able to open it
using my password. Seems they have trouble using whatever zip util
it is that they have on their machine.

If you encrypted it using Winzip and they can't open it using Winzip,
the file is corrupt. That means that it can't be "opened", it can
only be cracked, assuming that only the password was corrupted.

If your recipient is trying to open the file some other way, that's
the problem. The solution is to have your recipient open the file
with Winzip.

There's no "utility" that can "open" a file that was encrypted with
AES - it has to be cracked. If there were utilities that could open
it, what good would the encryption be? And, as Terry Russell already
said, unless your recipient is very lucky, the universe won't last
long enough, with current computing power, to crack the file. (Of
course, in a thousand years or so, computers will probably be powerful
enough that AES256 will be as difficult to break as a piece of wet
tissue. But that won't do your recipient any good.)

 

[Al Klein]

Yes, I had been thinking about this but I get the feeling that
getting my self-extracting EXE past the recipient's security might be
hard. (I suppose I could, errr, zip up the EXE file!)

Or you could just rename it .txt, and tell them to rename it back to
..exe.

 

[Dan]

Either way, it is I who has a problem when they can't read my files.

How about this:

Create a non-encrypted zip file. Then encrypt that file with a
separate freeware encrypting utility which your recipients can use for
decrypting.

 

[jimbok]

It is because AES is so good that I am using it to encrypt the file.

However I need a freeware util for my recipient to be able to open it
using my password. Seems they have trouble using whatever zip util
it is that they have on their machine.

Due to different methods of implimentation, it is improbable that you
will find different programs that will decrypt each other's AES
encryption. Most programs will embed an identifier in the encrypted
file. If that identifier is not found by the intended decrypting
program, it will do nothing.
As suggested by others, if you must use WinZip then either create self
extracting files, or a standard zip that can be encrypted by a
freeware open source encryption program, such as "Blowfish Advanced
CS" which can use AES, Blowfish, Twofish, etc. to encrypt. BACS can
be found here.
http://www.hotpixel.net/software.html

 

[Franklin]

If you encrypted it using Winzip and they can't open it using
Winzip, the file is corrupt. That means that it can't be "opened",
it can only be cracked, assuming that only the password was
corrupted.

If your recipient is trying to open the file some other way, that's
the problem. The solution is to have your recipient open the file
with Winzip.

I have no idea if they are using Winzip or not. That is because they
are straightforward end-users and they themselves do not know.
However, Winzip's archive format is known openly and many utilities
can use that. AES is not so widely implemented.

I suspect that buying Winzip for each PC is too costly for them.

There's no "utility" that can "open" a file that was encrypted with
AES - it has to be cracked. If there were utilities that could
open it, what good would the encryption be? And, as Terry Russell
already said, unless your recipient is very lucky, the universe
won't last long enough, with current computing power, to crack the
file. (Of course, in a thousand years or so, computers will
probably be powerful enough that AES256 will be as difficult to
break as a piece of wet tissue. But that won't do your recipient
any good.)

It's probably best if you have a look at the explanation I refer to
above because I rather suspect you and I are using "open" very
differently.

 

[Franklin]

Due to different methods of implimentation, it is improbable that
you will find different programs that will decrypt each other's AES
encryption. Most programs will embed an identifier in the
encrypted file. If that identifier is not found by the intended
decrypting program, it will do nothing. As suggested by others, if
you must use WinZip then either create self extracting files, or a
standard zip that can be encrypted by a freeware open source
encryption program, such as "Blowfish Advanced CS" which can use
AES, Blowfish, Twofish, etc. to encrypt. BACS can be found here.
http://www.hotpixel.net/software.html

jimbok, this has the makings of a nice solution for my needs.

I installed BACS myself and need to make sure it is not too
complicated for an end-user to use. The BACS icon in the system tray
is the sort of thing which some people (like my girlfriend) has never
really understood even after they used PCs for many years in an
office.

Also the BACS dialog is slightly confusing ("Save" refers to the
report and not the file) and I need to make sure it is suffiently
foolproof.

Now, don't blame me for end-user ignorance. That is the situation I
find. It is not a situation I am responsible for creating!

 

[jimbok]

I installed BACS myself and need to make sure it is not too
complicated for an end-user to use. The BACS icon in the system tray
is the sort of thing which some people (like my girlfriend) has never
really understood

In BACS "Options/Miscellaneous" you can check the "Context Menu
Extensions" box and BACS will appear in the context menu when you
right click on any file. You can also advise your recipients to use
AES as the default algorithm, if you wish.

 

[Al Klein]

I have no idea if they are using Winzip or not. That is because they
are straightforward end-users and they themselves do not know.
However, Winzip's archive format is known openly and many utilities
can use that. AES is not so widely implemented.

And, as someone else already pointed out, another AES utility may not
be able to decrypt Winzip's AES encryption.

I suspect that buying Winzip for each PC is too costly for them.

Then using your files is also, unless you write or download an
encrypter you feel secure with and can convince them that they have no
choice but to download it and use it to decrypt.

It's probably best if you have a look at the explanation I refer to
above because I rather suspect you and I are using "open" very
differently.

Yes, I was. I understand the situation now. As I said, if you want
to encrypt the file, either before or after zipping, you'll need the
same program at both ends for most good encryption methods. And, as
someone else said, Blowfish is pretty good and available free.

 

[harald]

You should ask my recipients why they don't want to pay for the stuff.

What's the point of encryption if it can be decrypted by freeware?

Save yourself and your customers the double effort.