Re: Password Protecting files

[Brian Dessent <brian at dessent dot net>]

zzapper wrote:

> I am not trying to protect state secrets so is pkzip encryption adequate?
> What other choices do I have?

Firstly, don't confuse the file format with a particular implementation
of software to manipulate it.  While Phil Katz may have invented the
original file format, the PKzip program is only one of probably hundreds
that exist to read and write the format.  And PKzip is not Free
software, so it is not distributed by Cygwin or by any *nix distro, as
far as I know.  So if you are talking about the zip program that is part
of Cygwin, you aren't talking about PKzip, you're talking about
Info-Zip.

The original encryption that the zip format supported was very weak.  It
used a key that was only 96 bits and suffered from such weakness that
even in 1994 could be broken in only a few hours of PC time if a few
hundred bytes of plaintext was known:
<http://www.svn.net/mycal/junk/attack.htm>. 

Various vendors have implemented extensions to the zip format to support
stronger encryption, such as WinZip and PKware's SecureZIP.  However
these remain ad-hoc vendor extensions, AFAIK, and Info-Zip still only
supports the original weak zip encryption.  This means if you want to
use strong encryption with Zip you are potentially locked into a vendor
of non-Free software, and you produce zip files that can't be read from
standard command line tools on *nix and Cygwin systems that have
Info-Zip installed.

If you just have a file and you want to encrypt its contents there is no
need to use any particular container file format such as zip; you can
simply encrypt it directly.  gpg works well for this, you can just run
"gpg -c <infile >outfile" to encrypt and similarly with -d to decrypt. 
Note that when invoked this way gpg uses a symmetric cipher, as opposed
to the more complicated asymmetric kind which involes public and private
keypairs, webs of trust, etc.  Symmetric is much simpler: input plus
passphrase equals output, and vice versa.  Openssl also has a command
line utility that works in a similar way, see man enc.

The only real question is what cipher (algorithm) to use.  There are a
number to choose from.  When dealing with cryptography one of the main
guiding principles is that you should only use well-known and
well-studied algorithms.  If a program uses "secret sauce" or isn't
up-front about exactly what cipher is used, it should be avoided, as it
is very easy to implement a cipher that seems secure to the amateur but
is in fact weaker than a wet noodle.  Fortunately there are a number of
publicly scrutinized ciphers with multiple free implementations.

For symmetric ciphers, a very safe choice is AES although there are many
secure alternatives such as Blowfish and IDEA.  Most of these modern
ciphers were designed as replacements for the old DES, which you should
avoid.  You probably want to avoid RC2 and RC4 as well.  But most all of
these ciphers can be modulated by their key size and/or number of
rounds, so it is hard to make an absolute list of what's secure and not
secure.

Brian