Abstract
The PKZIP program is one of the more widely used archive/ compression programs on personal computers. It also has many compatible variants on other computers, and is used by most BBS's and ftp sites to compress their archives. PKZIP provides a stream cipher which allows users to scramble files with variable length keys (passwords).
In this paper we describe a known plaintext attack on this cipher, which can find the internal representation of the key within a few hours on a personal computer using a few hundred bytes of known plaintext. In many cases, the actual user keys can also be found from the internal representation. We conclude that the PKZIP cipher is weak, and should not be used to protect valuable data.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
PKWARE, Inc., General Format of a ZIP File, technical note, included in PKZIP 1.10 distribution (pkz110.exe: file appnote.txt).
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1995 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Biham, E., Kocher, P.C. (1995). A known plaintext attack on the PKZIP stream cipher. In: Preneel, B. (eds) Fast Software Encryption. FSE 1994. Lecture Notes in Computer Science, vol 1008. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-60590-8_12
Download citation
DOI: https://doi.org/10.1007/3-540-60590-8_12
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-60590-4
Online ISBN: 978-3-540-47809-6
eBook Packages: Springer Book Archive