SEEK: freeware to decrypt password-protected Winzip files

  • Thread starter Thread starter Franklin
  • Start date Start date
What's the point of encryption if it can be decrypted by freeware?
Click to expand...
Save yourself and your customers the double effort.
Click to expand...

It can be decrypted by freeware by those who have the key. He doesn't
want a cracking program. The original problem is that he and his
customers are using different programs to encrypt/decrypt, and that
doesn't always work.
 
Al Klein skrev:
Or you could just rename it .txt, and tell them to rename it back to
.exe.
Click to expand...

Providing they actually know what a file extension is, let alone how to
change one. There's a lot of users out there sticking to whatever
program and settings came bundled with their computer.
 
Franklin skrev:
Yes, I had been thinking about this but I get the feeling that
getting my self-extracting EXE past the recipient's security might be
hard. (I suppose I could, errr, zip up the EXE file!)
Click to expand...

Good idea. However, most e-mail gateways also look into zip-files. So
for this to work you may find that you have to, uhm, encrypt the zip
file containing the self-extracting encrypted zip file.

You're walking in a minefield of gotchas, baby ;o)
 
Al Klein skrev:

Providing they actually know what a file extension is, let alone how to
change one. There's a lot of users out there sticking to whatever
program and settings came bundled with their computer.
Click to expand...

Franklin's customers already use some "not came bundled with their
computer" decrypting program, it's just the wrong one.
 
It can be decrypted by freeware by those who have the key. He
doesn't want a cracking program. The original problem is that he
and his customers are using different programs to encrypt/decrypt,
and that doesn't always work.
Click to expand...


Al, thanks for explaining it to Harald.
 
Al Klein skrev:

Providing they actually know what a file extension is, let alone
how to change one. There's a lot of users out there sticking to
whatever program and settings came bundled with their computer.
Click to expand...

And don't forget that they may need to do "deep" technical things just
to be able to see the file extension which ISTR is hidden by default in
XP.
 
In BACS "Options/Miscellaneous" you can check the "Context Menu
Extensions" box and BACS will appear in the context menu when you
right click on any file. You can also advise your recipients to
use AES as the default algorithm, if you wish .
Click to expand...

This sounds neat but I will have to check it carefull on account of
what I once came across:

I was speaking to a user who installed something which put an entry
into the context menu and they told me that it must have been very
powerful software because "it changed the right-click menu of every
single file on the computer!"

Errr, what can you say to that? I just made my excuses and left.

So, the department manager might think that anything I supply which
changes the context menu has irretrieveably corrupted every single
file on one of his PCs!
 
And don't forget that they may need to do "deep" technical things just
to be able to see the file extension which ISTR is hidden by default in
XP.
Click to expand...

Registered extensions are - if you make one up it won't be.
 
Whatever happened to the no-install idea of the old DOS Winzip line
command, UNZIP, where you specified an archive file and that was it -
the archive file was unzipped.
Click to expand...

2.04G still works in a DOS box. But it didn't do AES.
 
I was speaking to a user who installed something which put an entry
into the context menu and they told me that it must have been very
powerful software because "it changed the right-click menu of every
single file on the computer!"
Click to expand...

Adding an entry to a context menu changes nothing. It is nothing but
a "shortcut" with parameters to the program in question, in this case
BACS. If someone doesn't like it, then simply uncheck the box and it
will disappear from the context menu.
However, if you are dealing with morons, you must deal on their level.
By the way, BACS can also compress files - similar to zipping - if
that feature is chosen.
Franklin, it looks to me like you have to assume the responsibility to
educate your "recipients."
 
Adding an entry to a context menu changes nothing. It is nothing
but a "shortcut" with parameters to the program in question, in
this case BACS. If someone doesn't like it, then simply uncheck
the box and it will disappear from the context menu. However, if
you are dealing with morons, you must deal on their level. By the
way, BACS can also compress files - similar to zipping - if that
feature is chosen. Franklin, it looks to me like you have to assume
the responsibility to educate your "recipients."
Click to expand...

Awwww. I was hoping not to have to do that because they are many and
varied. For instance, I might send a document to a councillor whom I
have not had much to do with in the past and who will not want to be
taking up technical issues with his IT support team.

I am constantly astonished at the low level of understanding of some
computer users. But rather than just call them idiots (which they
probably are) I have to think how I can get my message to them
without asking for any work on their part.

The confidential file(s) are mine and so it is not the recipient who
cares if the file contents "leak" while being delivered to them.
 
The confidential file(s) are mine and so it is not the recipient who
cares if the file contents "leak" while being delivered to them.
Click to expand...

Is it worth the effort to use AES? Can your recipients deal with zip
files using regular zip 2.0 encryption (rather than AES)? That is
handled by XP automatic zip file browsing. Using zip 2.0 will prevent
casual leaking of the content, and you are emailing these to the
recipients, not posting them on a website for anyone to download. Is
that sufficient?

Terry
 
Franklin said:
Then ... getting my recipients to run a new and untried self-
extracting EXE for every document I send them might also need a bit
of persuading!
Click to expand...

I just tripped over this app while looking for something else :) and
find it was recommended a while back by Mightly Kitten (in a "Greeware
again" -> Greenware thread). Perhaps of interest?

Program: Secure Email Attachments
Company: iOpus
Ware: (Freeware)
http://www.iopus.com/freeware/
http://www.iopus.com/secure-email.htm
http://www.iopus.com/download/index.htm
http://www.iopus.com/download/iOpus-SEA-setup.exe
iOpus Secure Email Attachments (SEA) V1.0 (only 559 KB)
Windows® 95, 98, Me, NT4, 2000 and XP!

"Let's face it, in the real world many people simply aren't willing to
buy and install a specific encryption package just to be able to read a
couple of files you send them. With iOpus Secure Email Attachments (SEA)
they don't have to, because you can send them self-decrypting archives
that "unpack" themselves. The recipient just double clicks on the file
and enters the password at the prompt displayed. The original files are
then decrypted, extracted and written to your disk automatically."

"iOpus SEA uses the Blowfish encryption algorithm with a key length of
up to 448 bits. Blowfish encryption is so strong that it has never been
cracked yet. In fact, most experts agree that it cannot be cracked with
current computer technology and that includes supercomputers!"

More info on the site.

Susan
--
Posted to alt.comp.freeware
Search alt.comp.freeware (or read it online):
http://www.google.com/advanced_group_search?q=+group:alt.comp.freeware
Pricelessware & ACF: http://www.pricelesswarehome.org
Pricelessware: http://www.pricelessware.org (not maintained)
 
Awwww. I was hoping not to have to do that because they are many and
varied. For instance, I might send a document to a councillor whom I
have not had much to do with in the past and who will not want to be
taking up technical issues with his IT support team.

I am constantly astonished at the low level of understanding of some
computer users. But rather than just call them idiots (which they
probably are) I have to think how I can get my message to them
without asking for any work on their part.

The confidential file(s) are mine and so it is not the recipient who
cares if the file contents "leak" while being delivered to them.
Click to expand...

A few of things here.

Franklin, must you zip the file?

First, the weakest link is most often not the encryption methodology, it is
the password/phrase and the transmission/storage of it. Think "overheard
telephone conversation" and " Post-It note on monitor"

Second, you have little security if Franklin sends Amy an encrypted file
and Amy could give a shit.

Perhaps this will help.

http://axcrypt.axantum.com/
 
I tried FILZIP which claims to be able to decrypt AES but it does not
work well. These recipients are not computer-savvy and would
struggle if the needed to massage the results.


Yes, I had been thinking about this but I get the feeling that
getting my self-extracting EXE past the recipient's security might be
hard. (I suppose I could, errr, zip up the EXE file!)
Click to expand...

If you user uses Gmail, Gmail won't take zipped files. If you user's email
or ISP dislikes .exe files, you're screwed again.

You will need to find a solution that creates the file not as a zip or
..exe, imo.
 
I just tripped over this app while looking for something else :) and
find it was recommended a while back by Mightly Kitten (in a "Greeware
again" -> Greenware thread). Perhaps of interest?

Program: Secure Email Attachments
Company: iOpus
Ware: (Freeware)
http://www.iopus.com/freeware/
http://www.iopus.com/secure-email.htm
http://www.iopus.com/download/index.htm
http://www.iopus.com/download/iOpus-SEA-setup.exe
iOpus Secure Email Attachments (SEA) V1.0 (only 559 KB)
Windows® 95, 98, Me, NT4, 2000 and XP!

"Let's face it, in the real world many people simply aren't willing to
buy and install a specific encryption package just to be able to read a
couple of files you send them. With iOpus Secure Email Attachments (SEA)
they don't have to, because you can send them self-decrypting archives
that "unpack" themselves. The recipient just double clicks on the file
and enters the password at the prompt displayed. The original files are
then decrypted, extracted and written to your disk automatically."

"iOpus SEA uses the Blowfish encryption algorithm with a key length of
up to 448 bits. Blowfish encryption is so strong that it has never been
cracked yet. In fact, most experts agree that it cannot be cracked with
current computer technology and that includes supercomputers!"

More info on the site.

Susan
Click to expand...

"iOpus SEA protects your data not only on its way across the internet, but
also on the recipient's PC."

Odd, once the file is decrypted, it's open season.
 
Ari Silverstein said:
If you user uses Gmail, Gmail won't take zipped files. If you user's email
or ISP dislikes .exe files, you're screwed again.

You will need to find a solution that creates the file not as a zip or
.exe, imo.
Click to expand...

My old work would recurse embedded zip files and find EXE files and delete
them. Security through data destruction as the old adage goes - if you
destroy all computers in the world there would be no viruses!

We found that password encrypting the outside zip file, while leaving the
inside zip file alone allowed the file to pass by (which made sense, they
couldn't decrypt it)
 
My old work would recurse embedded zip files and find EXE files and delete
them. Security through data destruction as the old adage goes - if you
destroy all computers in the world there would be no viruses!
Click to expand...

lol

What did they use to recurse?
We found that password encrypting the outside zip file, while leaving the
inside zip file alone allowed the file to pass by (which made sense, they
couldn't decrypt it)
Click to expand...

Workarounds, love 'em.
 
Ari Silverstein said:
lol

What did they use to recurse?
Click to expand...

No clue. In fact I was blown away when nesting it inside a zip file didn't
work.
Workarounds, love 'em.
Click to expand...

Um . . . The IT department was "the enemy". To them we, the users, were
the enemy. There were members of the IT department that believed that we,
even as software engineers, could not be trusted to send BAT, VBS and EXE
files. They stood by their decisions. We joked about creating a
proprietary packaging format and just using the extension .data But we
never did. Oh well
 
Back
Top