![]() Having said all that: for the normal usage of an encrypted ZIP, this doesn't really matter at all. ZIP AES isn't meaningfully authenticated. In fact, if you're using ZIP archives in your application, don't use ZIP's AES at all encrypt yourself with a modern mode. This doesn't really come up in 7z's usage model you're supposing someone integrates 7z with their own application, which, on-demand, encrypts attacker-controlled data with a secret suffix and puts it somewhere the same attacker can see the resulting ciphertext. In CBC, you want IVs to be unpredictable if you can predict an IV and you control some of the plaintext, you can in some cases make predictions about secret data that follows your controlled plaintext (this is an "adaptive chosen plaintext" attack). The flaw they're pointing out is that 7z's AES encryptor has a 64-bit IV (half the block size) - not itself a vulnerability in block ciphers - and uses a predictable RNG to generate the IV (for simplicity, just call it "time and pid"). ![]() ![]() This is getting a lot of play today on Twitter but it's not all that consequential in the normal setting of a ZIP file. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |