Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Securing Winzip Password

  1. #1

    Securing Winzip Password

    I have a winzip file that I have password protected it but how can I be sure that it is safe from password crackers and does anyone know of any free winzip password crackers so I can test my file to make sure that it is secure and that no one can crack/hack the password too easily

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    While the Winzip password protection is what it is...

    There are programs that will be able to crack the password given enough time.

    Most of these programs cost $$ and I haven't seen a freeware version yet.

    If you really have files that you don't wan't to fall into the wrong hands... you may be going about it the wrong way. Even though you password protect your winzip files... they do little to protect it from someone who is determined to find out its contents.

    I would recommend you to start looking into encryption in addition to your password protected files.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    Zip passwords are not the most safe passwords there are like mentioned by phishphreek80.

    PicoZip Recovery Tool is an easy-to-use program that can help you recover lost or forgotten passwords from password protected Zip files created by compression utilities like PicoZip, WinZip, PKZip, etc
    The best thing is: It is freeware.

  4. #4
    Senior Member
    Join Date
    Feb 2003
    For cracking Winzip password there is only brute force, so to be sure that your password is strong it must be :
    - long ( at least 7 chars)
    - use small letters and capital
    - use digit
    - eventually some special char
    - must not be easy (test it with a cracking dictionary)

    small letters+capital+digit=26+26+10=62
    at least 7 chars = 62^7= 3 521 614 606 208 possibilities

    Your password can be the first letter of each words of a sentence:
    sentence => My little cat spend most of his time sleeping on my bed
    password=> Mlcsmohtsomb
    you can replace i by 1 and o by 0 (zero) if you want the password be harder to find.

    The sentence is more easy to remember than the password and as the password is not a word you don't find it on a dictionary.

  5. #5
    Junior Member
    Join Date
    Apr 2003
    You don´t know.
    There are always guys that have time to waste doing that!!!
    \"...Choose life, choose job, choose a career...but why the ***** would i do something like that...\"!!!

  6. #6
    To play extra safe,please try not to use winzip password protection cos it is not safe at all.Try to use a third parties software to encrypt your file and zip it up.There are tone of tone of encryption software which will encrypt your file in difference forms unlike the zip protection which they offer.In addtion,use special character such as @#$%^&*( in your password and increase the length of your password to 10 character.At the same time,you may also try to use self-distructive encryption method to your file after 3 attempts fail.

  7. #7
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    hey dac0 ->

    Check out these third party encryption app(s)-> http://www.antionline.com/showthread...light=blowfish

    Here is a decent Zip Password Recovery Tool->
    Advanced Zip Password Recovery 2.44 - Nice program, however note that it is shareware that works with limited functionality until you purchase it (cost currently listed at $30). Supports PKZip 1.0 through modern Winzip, all compression methods, can work with a single file, self-extracting archives supported, bruteforce options include password length and customizable character set, dictionary attack, bruteforce with mask/template, suspend/resume. Homepage http://www.elcomsoft.com/azpr.html
    yeah, I\'m gonna need that by friday...

  8. #8
    Senior Member
    Join Date
    Apr 2002
    I'd say use PGP, its great software for all your encrypion needs

    As long as you don't leave your private key lying around (keep it on a floppy, with write-protect on, and in a very very safe place -- if you lost it, you can't decrypt whatever was encrypted with it!), and have a good password, you should be good to go.

    Ok, so you're not as paranoid as I am?
    You can try MaxCrypt (http://www.webattack.com/download/dlmaxcrypt.shtml), but its not very portable -- its really meant for files kept on your own computer. If that's where your keeping your encrypted files, you'll probably like Maxcrypt better.

    Either get busy living or get busy dying.

    -The Sawshank Redemption

  9. #9
    Junior Member
    Join Date
    Oct 2002
    Just wondering
    How efective will it be to use another language,say spanish,for your pasword ?
    If someone in australia were to try to bruteforce my file they would be using an english dictionary!

  10. #10
    Senior Member
    Join Date
    Aug 2001
    Originally posted here by Laser
    Just wondering
    How efective will it be to use another language,say spanish,for your pasword ?
    If someone in australia were to try to bruteforce my file they would be using an english dictionary!
    There is a big difference here between pure brute force methods and dictionary based approaches. Pure brute force methods look at every possible combination. In this case the language is irrelevant - although if the text was in Spanish to start off with, you would have to able to recognise this.
    On the other hand dictionary based methods will stick to an English/Spanish dictionary etc. to speed things up.

    Like everything in this area, a lot of it comes down to 'social engineering' i.e. what approach do you think is most likely to work? If it's your own password you are trying to recover you should know what dictionary to try

    It goes without saying that trying a dictionary based approach is significantly quicker than a pure brute force one.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts