Thread: Winzip's 256bit-AES encryption & self-extracting files
View Single Post
  #4 (permalink)  
Old 12-30-2007, 04:49 PM
Bakko
Guest
  
Posts: n/a
Default Re: Winzip's 256bit-AES encryption & self-extracting files
On Sun 30 Dec 2007 09:41:20, VanguardLH wrote:
> "Bakko" <duff@nomail.invalid> wrote in message
>>
>>
>> I am thinking of using Winzip 11 to send some files securely and
>> will use Winzip's 256bit-AES encryption.
>>
>> My recipients may not have Winzip, so I will use Winzip to make a
>> self-extracting archive.
>>
>> Would a 256bit-AES self-extracting archive with be more crackable
>> than a 256bit-AES ordinary zip archive?
>>
>
> So how are you going to transmit the password for the recipient to
> decrypt the file that would be just as secure as the encrypted
> file? Since it sounds like you will be sending the file via e-mail
> to the "recipients", have them get an e-mail cert, they send you
> their public key, you use it to encrypt your file, and only they
> can decrypt it using their private key. Otherwise, are you going
> to send them the password in the clear in the same e-mail as has
> the attached encrypted email? Are you going to send the password
> in a different email despite the same malcontent that is sniffing
> your traffic to get the encrypted attachment would also be sniffing
> it for another email with the password? Call them over an
> unencrypted phone call? If you password encrypt the file, just how
> are you going to get the password to the recipient?


Hello VanguardLH, I wrote "recipients" (in the plural) because this
requirement comes up time and again with different people. But I'm
NOT sending the same file to a group of recipients. There is just
one recipient at a time.

The reason for securing the archive contents is that the data will be
sent on a CD and put into normal snail mail.

Although the data is sensitive it has no real value. The data is a
bit like someone's medical data. No one else has any use for it.
But if gets lost in the post then it will be very embarassing for the
person concerned!

I will phone the recipient with the password because the chance seems
vanishingly small of someone eavesdropping on my phone line for the
password to that sort of data.

My concern is that if the CD gets lost then maybe someone could crack
open the data if they were inquisitive?

That's why I want a very high level of data encryption. My question
to the group is if a high level of encryption is used (like AES-256)
as part of a SELF-EXTRACTING file then does the encryption provided
by AES-256 get compromised?

Do you have any info on this?

Reply With Quote