On Thu 03 Jan 2008 23:11:32, VanguardLH <VanguardLH@mail.invalid>
wrote:

> "Bakko" <nope@nomail.invalid> wrote in message
> news:Xns9A1ACF8D8224864A18E@0.0.0.0...
>> I would like to know if a self extracting EXE has any weaknesses
>> compared to a ZIP (when both are encrypted).
>
>
> The contents (payload) first get zipped using the encryption. Then
> a wrapper is used which is the .exe file. There isn't any
> protection on the wrapper. Anyone can run it. However, they will
> still get queried for the password to decrypt the payload - the
> same password that must be used if all that got delivered was the
> .zip payload. Whether you use a separate unzip utility, like
> Winzip, 7-Zip, UltimateZip, or you use a wrapper .exe that was
> included in the delivery, the payload is just as encrypted.
>
> The .exe wrapper isn't what gets protected. It's the .zip payload
> that is encrypted. The wrapper is literally just tacked on with
> the payload as a huge data section of the program.
>

Vanguard, that's a very useful reply. Thanks.

I understand there is (1) a wrapper and (2) a payload.
Where does it keep the routine for testing the user-entered key?

Is the key-test actually a part of the payload or is the key-test a
third component (which is accessed by the dialog/prompts of the
wrapper)?