SEEK: freeware to decrypt password-protected Winzip files

[Nomen Nescio]

My old work would recurse embedded zip files and find EXE files and delete
them. Security through data destruction as the old adage goes - if you
destroy all computers in the world there would be no viruses!

We found that password encrypting the outside zip file, while leaving the
inside zip file alone allowed the file to pass by (which made sense, they
couldn't decrypt it)

how about something like this:

you want to move file.zip with .exe files in it and your mail provider
dont like it.

pgp -ea file.zip

It'll ask for a passphrase and produce 'file.zip.pgp'
rename it to 'file.jpg' and email it.
then on the other end, save the 'file.jpg'
rename it to 'file.zip.pgp'

pgp -decrypt file.zip.pgp

it asks for the passphrase
and you have the original file back

sounds like a lot, not hard to write a batch file to handle most of it
and this would work even with pgp262 which would fit on a floppy.

will also work with gpg (command line differs some) and real easy with
full gui modern pgp

 

[Luc The Perverse]

how about something like this:

you want to move file.zip with .exe files in it and your mail provider
dont like it.

pgp -ea file.zip

It'll ask for a passphrase and produce 'file.zip.pgp'
rename it to 'file.jpg' and email it.
then on the other end, save the 'file.jpg'
rename it to 'file.zip.pgp'

pgp -decrypt file.zip.pgp

it asks for the passphrase
and you have the original file back

sounds like a lot, not hard to write a batch file to handle most of it
and this would work even with pgp262 which would fit on a floppy.

will also work with gpg (command line differs some) and real easy with
full gui modern pgp

That would work - but it really isn't an issue anymore.

 

[bambam]

Perhaps this will help.

http://axcrypt.axantum.com/

I see there is a new version of AxCrypt
AxCrypt 1.6.3 file encryption software new release 2006-06-16
Change log doesn't seem to have been updated, so I'm not sure whats new.

 

[Ari Silverstein]

No clue. In fact I was blown away when nesting it inside a zip file didn't
work.

Maybe they did an autounzip abd search n destroy?

 

[Luc The Perverse]

Maybe they did an autounzip abd search n destroy?

I felt betrayed and violated, like some machine was raping my zip file.

It wasn't their place - they had no right to be deep down inside my nested
bytes.

I just weep sometimes, thinking about it. I don't know if I can carry on
.. . .anymore.

I've been considering suicide; I just can't live, knowing that they have
stolen the innocence that I had.

 

[Morten Skarstad]

Luc The Perverse skrev:

My old work would recurse embedded zip files and find EXE files and delete
them. Security through data destruction as the old adage goes - if you
destroy all computers in the world there would be no viruses!

Personally, I swear to Fiskars range of computer security products. For
instance, check out this baby:
http://www.fiskars.com/digitalAssets/141422_422071.jpg

Unfortunately, wireless networks are getting more and more common,
forcing me to apply the above product on the power chord rather than the
network wire. Hey, anything to stay safe, right?

We found that password encrypting the outside zip file, while leaving the
inside zip file alone allowed the file to pass by (which made sense, they
couldn't decrypt it)

This is also exploited by some mail-borne worms: They pack themselves in
some zip file which requires a password, and puts the password in the
body of the mail. The mail gateway does not understand the password, but
the recipient may have an IQ high enough to figure it out and yet low
enough to actually enter it and run whatever file is contained within
the zip. *sigh* If Darwin was anywhere near right, electronic worms and
viruses will be the dominant species on this planet in less than 20 years.

The best countermeasure is of course to block encrypted zip files.
Obviously your workplace did not, but I know for a fact that some do.

 

[Luc The Perverse]

The best countermeasure is of course to block encrypted zip files.
Obviously your workplace did not, but I know for a fact that some do.

If they had we would have quickly developed a new method of packing files
into files.

 

[Franklin]

Is it worth the effort to use AES? Can your recipients deal with zip
files using regular zip 2.0 encryption (rather than AES)? That is
handled by XP automatic zip file browsing. Using zip 2.0 will prevent
casual leaking of the content, and you are emailing these to the
recipients, not posting them on a website for anyone to download. Is
that sufficient?

Terry

I kind of need more than that. Some of the info are medical notes which
needs to be kept confidential.

 

[Franklin]

No clue. In fact I was blown away when nesting it inside a zip
file didn't work.


Um . . . The IT department was "the enemy". To them we, the
users, were the enemy. There were members of the IT department
that believed that we, even as software engineers, could not be
trusted to send BAT, VBS and EXE files. They stood by their
decisions. We joked about creating a proprietary packaging format
and just using the extension .data But we never did. Oh well

Luc, what you describe is extremely capricious, willful, devious,
underhand, sneaky, dangerous and potentially undermining.

You should be proud of yourself. And I only wish I had been there to
take part!

I'm sure you would have got there even if you had to chop the file up so
much that no part of the binary was detectable any longer as an
executable or any other sort of file. Or even use lossless
steganography. Heh!

 

[Franklin]

Luc The Perverse skrev:

Personally, I swear to Fiskars range of computer security products.
For instance, check out this baby:
http://www.fiskars.com/digitalAssets/141422_422071.jpg

That is a very worthy addition to any security-conscious person's
toolkit.

Of course yours is a deluxe option. For those of us who can not afford
such items as that then I recommend the following bargain. In fact, in
the right establishments you can get this outstanding security product
for free (are we back on topic?)

http://www.gspotdesign.com/text/images/matches-withType.gif

 

[Al Klein]

I kind of need more than that. Some of the info are medical notes which
needs to be kept confidential.

If your clients are receiving medical notes, and are in the US,
they're required by law to keep them confidential (as I'm sure you
know). So they're required to do whatever is necessary - including
paying for software and learning how to use it. You have a 50 pound
sledge hammer to hold over their heads - the government.

 

[Luc The Perverse]

Luc, what you describe is extremely capricious, willful, devious,
underhand, sneaky, dangerous and potentially undermining.

You should be proud of yourself. And I only wish I had been there to
take part!

I'm sure you would have got there even if you had to chop the file up so
much that no part of the binary was detectable any longer as an
executable or any other sort of file. Or even use lossless
steganography. Heh!

Just make an application that packs everything into one file, encrypts with
a constant AES key (including the file name) As long as they didn't have
the program we were fine.