[Cryptography] Best/simplest document encryption
Dave Howe
davehowe.pentesting at gmail.com
Fri Mar 22 07:40:22 EDT 2019
On 21/03/2019 22:41, Tom Mitchell wrote:
> I do not think Zip encryption is worth looking at, but is worth a
> comment.
>
> So for something not to do unless I am ill informed.
> /how-to-use-7-zip-to-encrypt-files-and-folders/
As I understand it, the commerical WinZip and the free 7z both use a
decent implementation of AES256 - so are viable provided you pick (and
can communicate out of band) a decent password. KDF on both is 1K
iterations (for compatibility) but it is worth noting 7z had a poor PRNG
for its IV generator prior to v19 (2019-02-22) so worth upgrading if older.
The original pkzip algo is worse than useless, of course :)
More information about the cryptography
mailing list