2Some good insights and links. But did you really answer my question? It's a bit unclear. – Nifle – 2010-05-25T16:51:30.453

i think it is: a) you can now choose a better encryption cypher (aes256 instead of pkzip-homebrew-whatever) and b) i stated that the problem was not removed by choosing a better passphrase but by picking a better cypher (see a)). – akira – 2010-05-25T20:16:40.500

3@Nifle, it did. Zip encryption was bad because the algorithm was rubbish. In newer versions of zip, you can now choose from more secure algorithm. As long as you select one of the secure algorithm, then the security is no worse than other similar product. Standard security issues like choice of passphrase and implementation aside. i.e. The weakest chain is no longer in the algorithm used. – KTC – 2010-05-26T16:21:04.147

There is another bit you neglected to mention, that AES is a block cipher, and can only encrypt fixed-length blocks of data. Thus, to encrypt longer files, fancy schemes have been developed to generate new keys for every block. Unfortunately, developers occasionally overlook this, and make their software encrypt every block with the same keys, see [https://en.wikipedia.org/wiki/Cipher-block_chaining] – Eroen – 2012-02-25T09:22:35.153

@Eroen: look at the question .. hows your comment related to that? – akira – 2012-02-25T11:46:42.650

@akira: It is not directly related to the question, but informs on a failing of the above answer. The Q. asks if X is bad in respect Y, the A. (among other things) incorrectly explains how to identify goodness in respect Y, my C. points out this incorrectness. – Eroen – 2012-02-25T12:00:04.693

@Eroen: so, what exactly are you saying / what exactly is your point? you "proved" that AES is bad? that some idiots can not implement it right? that AES is worse than pkzip's algorithm? – akira – 2012-02-25T12:23:33.137

You imply that the use of AES encryption means it will be difficult for somebody else to access your data afterwards (two first sentences). I wanted to point out that this has occasionally turned out to be incorrect and that applying AES to a file will not necessarily encrypt it securely, even with an epic passpoem. – Eroen – 2012-02-25T12:43:26.140

@Eroen: so you want to emphasize that a faulty implemented algorithm is not good at all? well done sir, well done. AES is industry standard not for the reason it could be implemented faulty. "securely is to choose a strong encryption algorithm AND a strong password" means just that: implemented and USED correctly. even when someone implemented pkzip-encryption correctly it would still be weak due to the weakness of the algorithm. and AES being a block-cipher does not change one tiny bit of truthiness. – akira – 2012-02-25T17:11:59.213

1@satanicpuppy: the only problem with symetric encryption is the key-exchange. and thats exactly what asymetric encryption solves: the key-exchange. not the "symetric encryption is bad" part. – akira – 2010-05-25T17:15:18.397

Unfortunately exchanging public keys with co-workers and clients is a non-trivial task. So symmetric encryption is here to stay until Microsoft includes support for some PGP flavour natively (and per default) in Outlook. – Nifle – 2010-05-25T17:15:45.947

@satanicpuppy: gpg encrypts only the symetric keys via asymetric encryption, it uses the symetric keys for the real encryption. the best encryption you can get is a one-time-pad .. which is symetric encryption. so, do not fall into the trap of the oil-snake-high-bits-for-keys is in any ways safer than the currently used symetric cyphers as aes256 etc. the asymetric keys are normally secured by symetric encryption (passphrases) ... – akira – 2010-05-25T20:11:35.030

@Nifle: exactly. – akira – 2010-05-25T20:12:58.710

@satanicpuppy: "GnuPG is a hybrid encryption software program in that it uses a combination of conventional symmetric-key cryptography for speed, and public-key cryptography for ease of secure key exchange, typically by using the recipient's public key to encrypt a session key which is only used once. This mode of operation is part of the OpenPGP standard and has been part of PGP from its first version" – akira – 2010-05-26T14:22:00.657

@satanicpuppy: onetimepad: you said that symetric encryption is problematic. onetimepad uses symetric encryption. – akira – 2010-05-26T14:23:17.643

@satanicpuppy: if you read papers of crypto-researchers then you can see for what reason they tend to believe why, in case of "aes128 vs aes256", aes128 SEEMS to be more secure than aes256 .. which is why i brought up "high-bits-snake-oil". it is just not true that throwing a high number of bits into the security pool ads security PER SE. – akira – 2010-05-26T14:26:03.023

@satanicpuppy: i did not say that symetric encryption is secure per se, YOU stated that symetric encryption is problematic per default, which is not the case. and thats what i said. – akira – 2010-05-26T14:28:54.937

@satanicpuppy: and you should use the comment function if you want to comment. not your own answer. – akira – 2010-05-26T14:29:39.630

@satanicpuppy: read http://en.wikipedia.org/wiki/Hybrid_cryptosystem about how and why crypt-experts use the hybrid approach and why they do not think that "symetric encryption is problematic". the main problem, which asymetric encryption solved, is the key-exchange.

@satanicpuppy: and read http://www.gnupg.org/gph/en/manual.html#AEN210 as well.. just to quote a bit "Public-key ciphers are no panacea. Many symmetric ciphers are stronger from a security standpoint, and public-key encryption and decryption are more expensive than the corresponding operations in symmetric systems. Public-key ciphers are nevertheless an effective tool for distributing symmetric cipher keys, and that is how they are used in hybrid cipher systems."

@satanicpuppy: and http://www.slideshare.net/lovelace/openpgpgnupg-encryption page7 and onwards.

@akira: You're not even addressing what I'm talking about. Onetime pads are the definition of problematic: hand generated, hand transferred. Symmetric key encryption is problematic because the key generation is left in the hands of the enduser (when they choose their passphrase or whatever), and that is a massive problem. – Satanicpuppy – 2010-05-26T16:02:35.190

@akira: You can quote the gpg manual all you like, but that doesn't change the fact that the encryption is done via asymmetric keys. The symmetric part only applies to encrypting the private key for storage. If I locked my house with a key, and then stored the key in a combination box that was stored in a secure location, by your logic, my house would be locked with a combination lock. Encrypting the private key is in no way required for asymmetric key encryption. – Satanicpuppy – 2010-05-26T16:07:21.857

@satanicpuppy: you have obviously NOT read the links. it is common practice, to encrypt only the session key via asymetric encryption, the message itself is encrypted symetrical. – akira – 2010-05-26T16:18:50.033

@satanicpuppy: to take your metaphor: the key inside the box is secured by asymetric encryption. the key inside the box is a very large combination lock. so, yes, your house would be secured by a combination lock. because the real problem is not the gigantic lock for house or that it is a gigantic combination lock, the real problem is to transport the BOX to other people. – akira – 2010-05-26T16:30:35.030

@Akira: But that's not how asymmetric key crypto even WORKS! The private key is encrypted, but that is never shared! It's encrypted so that, if someone breaks into your machine, they have to do a little more work to get your private key. The public key is the shared key, and, since the public key cannot DECRYPT anything, it's not a problem. To go back to the house argument, there is a key that can unlock the door and there is a key that can lock the door. You protect the key that can UNLOCK it, but the key that LOCKS it, you leave on a hook right by the door. – Satanicpuppy – 2010-05-26T16:55:41.100

@Akira: That's why the key-sharing problem is solvable via public-key encryption, because it doesn't matter who can ENCRYPT traffic, but only in who can DECRYPT traffic. The same is NOT true for symmetric key encryption which is why its inherently a weaker system: since there is only one key, key transfer is extremely important, and that's the weakest part of the system. – Satanicpuppy – 2010-05-26T17:03:06.963

@satanicpuppy: your misconception is, that i did not understand how asymetric encryption (ae) works, which i do. the advantage of ae is, that it allows to exchange information without exchanging a key before beeing able to decrypt the encrypted message. and that by the cost of performance. it is as (practically) hard to brute-force an ae-key(pair) than to break a good se-key. in practice, every day, the plain-text you want to encrypt, is encrypted by a randomly created, symetric session key, and that key is encrypted by ae (the public keys of the receivers). that is a fact. – akira – 2010-05-26T17:47:02.070

@satanicpuppy: regarding the house metaphor: i didnt claim, that this is how ae works. i described how the whole gpg/pgp package works. ae guards the lock to the house, not the house. once you get that into your head, you will understand what i am talking about. – akira – 2010-05-26T17:52:32.337

@satanicpuppy: http://www.encryptionanddecryption.com/algorithms/encryption_algorithms.html#difference "Asymmetric encryption algorithms (also known as public-key algorithms) need at least a 3,000-bit key to achieve the same level of security of a 128-bit symmetric algorithm"

@Akira: What's your point? Do you HAVE a point? The only thing I've said is that there are problems with symmetric key encryption, which you've never refuted, despite all the tangents you keep jumping on to. If you actually have a meaningful point, by all means, continue. – Satanicpuppy – 2010-05-26T18:15:07.057

@satanicpuppy: "Symmetric encryption is problematic", that is the point. you describe asymetric encryption as the silver bullet, which it is not. you have social engineering and user carelessness with ae as well. again, the "problematic aspect" is not the symetric cypher (given that you pick a strong one), it is the key exchange. the next point is, that you HAVE control over the length of the used passphrase/key in winzip (which was the question about). and if you decide to choose a good password, then you will have good security, ESPECIALLY with symetric encryption. and that is the point. – akira – 2010-05-26T18:35:38.250

@Akira: Okay,. My point is that user-generated passphrases are weaker and less reliable then pre-generated keys, and I think that, even if you stipulate a length, the social engineering angle is going to be much more prevalent (people tend to write down long keys). Also, I think that the potential for weak passwords builds a false sense of security (i.e.the data are encrypted, but the password is vulnerable to a weak dictionary attack). In a nutshell: users don't have as much input in asymmetric systems, and I think that's a good thing. – Satanicpuppy – 2010-05-26T19:00:42.220

@Nifle, @satanicpuppy, @akira: download a lot of episodes of http://www.grc.com/securitynow.htm , kick back and relax while you listen to them, then have this argument again :)

@RCIX: "Well, and of course we also have virtually unbreakable cryptography with a symmetric block cipher, where we use a long key, like maybe 256 bits." (http://www.grc.com/sn/sn-034.txt). i do not see how that adds anything new to the discussion.

@RCIX: "In fact, it takes so long that the asymmetric ciphers, the so-called “public key ciphers,” are not used to encrypt messages. They’re used to encrypt keys." – akira – 2010-11-06T12:50:08.320