A known plaintext attack on the PKZIP stream cipher
The PKZIP program is one of the more widely used archive/ compression programs on personal computers. It also has many compatible variants on other computers, and is used by most BBS's and ftp sites to compress their archives. PKZIP provides a stream cipher which allows users to scramble files with variable length keys (passwords).
In this paper we describe a known plaintext attack on this cipher, which can find the internal representation of the key within a few hours on a personal computer using a few hundred bytes of known plaintext. In many cases, the actual user keys can also be found from the internal representation. We conclude that the PKZIP cipher is weak, and should not be used to protect valuable data.
- PKWARE, Inc., General Format of a ZIP File, technical note, included in PKZIP 1.10 distribution (pkz110.exe: file appnote.txt).
- A known plaintext attack on the PKZIP stream cipher
- Book Title
- Fast Software Encryption
- Book Subtitle
- Second International Workshop Leuven, Belgium, December 14–16, 1994 Proceedings
- pp 144-153
- Print ISBN
- Online ISBN
- Series Title
- Lecture Notes in Computer Science
- Series Volume
- Series ISSN
- Springer Berlin Heidelberg
- Copyright Holder
- Additional Links
- Industry Sectors
- eBook Packages
To view the rest of this content please follow the download PDF link above.