How Secure Are Zip Files? Senator Wyden Asks NIST To Develop Standards For Safely Sending and Receiving Files (senate.gov) 196
Federal workers and the public in general might be mistaken about the security of .zip files, Sen. Ron Wyden said on Wednesday [PDF], and he's asking the National Institute of Standards and Technology to issue guidance on the best way to send sensitive files over the internet. Wyden wrote: Government agencies routinely share and receive sensitive data through insecure methods -- such as emailing .zip files -- because employees are not provided the tools and training to do so safely. As you know, it is a routine practice in the government, and indeed the private sector, to send by email-protected .zip files containing sensitive documents. Many people incorrectly believe that password-protected .zip files can protect sensitive data.
Indeed, many password-protected .zip files can be easily broken with off-the-shelf hacking tools. This is because many of the software programs that create .zip files use a weak encryption algorithm by default. While secure methods to protect and share data exist and are freely available, many people do not know which software they should use. Given the ongoing threat of cyber attacks by foreign state actors and high-profile data breaches, this is a potentially catastrophic national security problem that needs to be fixed. The government must ensure that federal workers have the tools and training they need to safetly share sensitive data. To address this problem, I ask that NIST create and publish an easy-to-understand guide describing the best way for individuals and organizations to securely share sensitive data over the internet.
Indeed, many password-protected .zip files can be easily broken with off-the-shelf hacking tools. This is because many of the software programs that create .zip files use a weak encryption algorithm by default. While secure methods to protect and share data exist and are freely available, many people do not know which software they should use. Given the ongoing threat of cyber attacks by foreign state actors and high-profile data breaches, this is a potentially catastrophic national security problem that needs to be fixed. The government must ensure that federal workers have the tools and training they need to safetly share sensitive data. To address this problem, I ask that NIST create and publish an easy-to-understand guide describing the best way for individuals and organizations to securely share sensitive data over the internet.
Re: (Score:1)
Re: (Score:2)
At the time of Zip 1.0, there wasn't really a standard. AES was decades off, and even DES was a processor hog on the machines, so oftentimes people just rolled their own fast encryption schemes, usually asking for a password, seeding random() with that, and just using that to generate a stream to XOR with the data. The result was simple, and at the time, secure enough. At best, a utility would use 1-2 rounds of DES, and not bother with the entire 16.
Zip 2.0 was limited by ITAR, as well as backwards compa
We already know. Public Key Cryptography. (Score:5, Informative)
GPG. Learn it. Use it. Love it.
You're all too fucking stupid, though, so it'll never work.
Re: We already know. Public Key Cryptography. (Score:5, Insightful)
The users aren't stupid. The technology is just a royal pain in the ass to use, even when you have a thorough understanding of how it works. Even security professionals don't want anything to do with it because it's such a minefield.
Re: (Score:2, Interesting)
No, there are human problems. GPG and other public key cryptography methods follow a concept of chain of trust. Users will routinely break the chain of trust and just mark any new key as trusted.
"New urgent task from CFO; *new cert detected* *Trust new cert?*"
"Hmm. well, it's from the CFO, so I should trust it."
That's the level most of the population is at with security. They don't question if something really came from the CFO. They trust the email subject line more than the signature.
Re: (Score:2)
You'd have to train users to download pubkeys only from the trusted keyserver.
Re: (Score:3)
Visicalc debuted 40 years ago and users are still hand-calculating fields and re-entering them into spreadsheets. You can't seriously be suggesting "user training" as a solution to the problem.
Re: We already know. Public Key Cryptography. (Score:1)
Re: We already know. Public Key Cryptography. (Score:3)
No it just means people haven't been taught. We need to stop assuming everyone's got a degree in ComSci and start with the assumption that most computer users can barely drive their mouse
Re: (Score:2)
And here is where things break down. There is no such thing as a trustworthy central server. This is why government loves PKI so much, they get more bang for their buck compromising a central trusted location, otherwise they have to dupe or exploit individual clients and the burden is too heavy.
Re: (Score:2)
Re: We already know. Public Key Cryptography. (Score:5, Funny)
The only hard part is finding people's public key. That's it.
It's on their desktop. In a file named "Public key", right next to a file named "Private key"
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
You cannot make security idiot proof. Part of it is diligence on the user. GPG does a lot, and it is arguably the best way to sign and encrypt data at the endpoint before sending it via some transport mechanism.
There are ways to make GPG decently secure. For example, you can store your key on a HSM [nitrokey.com]ensuring that your key is not going to be copied off via remote by an attacker. Before NitroKey, I've used SafeNet eTokens to store my public key. In fact, in the Linux world, GPG signing of packages is the m
PGP is inherently flawed (Score:2, Informative)
Look, PGP doesn't work. It's a technically great solution except ... how do I exchange tokens? Where do I store tokens? How do I associate tokens with users? How do I authenticate tokens ... all of that shit needs to *just work*, and it can't as PGP is envisioned. Let's exchange tokens by email. But, the point of PGP is the assumption that email is compromised, so ... I have to somehow get her public key hash, out of band. And they have to send it, and I have to do something to attach it to his email addres
You have to do real work at some point. (Score:1)
At some point, you have to do the hard work of actually verifying some piece of data.
The point is to make the point of hard work well understood and self-contained; do it once, and then never look back.
There's no such thing as a free lunch. You've got to do the goddamn, motherfucking work at some point; but, you entitled pricks will not accept this fact about our Universe, which is why the OP said you're too stupid to get anything workable.
Re:PGP is inherently flawed (Score:5, Informative)
how do I exchange tokens? Where do I store tokens?
You exchange them using keyservers, or whatever method you want. The tokens are automatically saved for you in the keystore when you download them.
I have to somehow get her public key hash, out of band.
You don't have to do this. I mean sure the hardcore bearded gpg nerds to do the keysigning party thing, but you as an average user don't have to. Heck even a phone call would do. Or you can have them send you the hash via e-mail and then you download the key separately from a keyserver.
I have to do something to attach it to his email address, in whichever email app I'm using.
No you don't, the keys have fields for names and e-mail addresses, like this:
If your e-mail client has gpg support, it should just give you a dialog box that says something like "encrypt to this recipient's key" or "sign using this key"when you send an encrypted or signed e-mail
Or, most likely case, every device I use has a copy of the private key, which is a pretty solid guarantee that it will be compromised
Not likely, they still need your passphrase to use it, that is if they even know what it is.
Re:PGP is inherently flawed (Score:5, Insightful)
The basic problem is what you're describing is still more effort than sending an encrypted .zip file. We need software that makes email encryption as easy for the end user as accessing a secure web site is, or at least easier than creating an encrypted zip file and sending the key out of band. When we get there, people will start using encrypted email, but not until then.
Re: (Score:1)
We have it already. It's very easy to implement.
1. zip the file(s)
2. change the file suffix from ".zip" to ".rar"
3. send the resulting .rar file as an email attachment
4. call or sms text the recipient, and after they download the attachment, tell them to change the filename back to .zip
5. recipient unzips the file(s) for full access
Re: (Score:2)
Re: We already know. Public Key Cryptography. (Score:2)
That's the point of the govt wanting standards defined. You and I , computer people, know how to secure shit. As the Hillary Clinton email fiasco showed however , you can't assume non computer people know how to do email or encryption safely. So guidance along with some active measures to enforce it is neccesary, cos your always gonna get grandma bureaucrat not knowing what she doesn't know unless someone knows to tell them
Re: We already know. Public Key Cryptography. (Score:2)
Federal employees have smart cards that include email encryption keys and certificates signed off the Federal PKI.
The problem is that SMIME is still hard to use. Thereâ(TM)s no place you can go to look up someoneâ(TM)s encryption certificate. It might be in Active Directory, but that only works within an agency. Plus, SMIME doesnâ(TM)t work with webmail, which is pretty common. And, you canâ(TM)t usually load your encryption private keys on a phone.
Re: Really? (Score:5, Informative)
I was a contractor for the us govt, and I received zip files all day from employees for projects I was working on. This is business as usual.
Re: (Score:2)
Re: (Score:3)
Lately having gone through a vehicle change I was astounded that businesses and agencies involved had a universal solution to the problem of "OK, you want me to send you a photo of this document" and it was, "Oh just email it." Not even "email us an encrypted zip", just "email it to me". Fucking nutto. Though one did suggest, when I said that sounded rather insecure, that I should just encrypt the zip and then send the password in a separate email... for fucking serious they really did. I bet all their
Re: (Score:2)
Re: (Score:2)
Which one do you think is more secure?
Fax. Takes a lot more effort to hack a phone line.
Given that the connection between the email client and email server is secure connection, and email servers connect using TLS, why do you think emailing documents is insecure?
Can you vouch for the security of the SMTP servers that relays your email over the Internet?
Re: (Score:2)
Given that the connection between the email client and email server is secure connection
Nothing guarantees that the email is encrypted in transit. It's a protocol that used to run completely unencrypted,
all encryption is an afterthought/add-on and there's no promises that every server in the chain handling the
email has encryption properly configured in a downgrade-resistant fashion... or even at all. Further, there are
no promises offered that a compromised relay doesn't handle the email between encrypted tunnels, and no
guarantee that the email hosting service isn't accidentally publishing ac
Re: (Score:2)
For a congress-critter; Wyden is actually pretty sharp when it comes to technology, security, and privacy.
He also legitimately seems to care about citizens vs corporate interests in this matter.
(inb4 shill.)
Here is a thought (Score:1)
How about someone introduce the honorable gentleman from Oregon to GPG? A file encrypted by GPG with a 4096 bit key is mostly secure except from the boy and girls at certain 3 letter agencies.
oh, by the way, first post.
Re: Here is a thought (Score:4, Interesting)
Such a file may be secure, but it's also a royal pain in the ass to deal with. Any parties involved end up wasting a huge amount of time setting up complex software that's often very unintuitive and itself a royal pain in the ass to deal with.
There's a reason all of this software has failed to gain any real traction over the decades: users absolutely hate using it!
They'll find some other way that lets them do what they want, without the hassles of what you suggest.
Re: (Score:2)
And how is somebody suppose to know that they should use GPG & a 4096 bit key? From somebody on Slashdot? Typically for any institutional process standards are created & enforced. For the government that standards body is usually NIST. Those standards are the way to officially introduce the honorable gentleman from Oregon & his staff to GPG or whatever is deemed appropriate.
It's not him (Score:2)
This Senator is pretty tech savvy. His personal use is not what this is about. Once the NIST makes a ruling, then everyone in the government starts following it, and in regulated businesses (e.g. finance and healthcare). It's considered the minimum acceptable.
Read his request as "codify rules so people stop thinking this is okay", no "how to I encrypt?"
Re: (Score:2)
How about you try working in Help Desk for a week and try to explain public and private keys and signatures to all the secretaries of your company and letting us know how that goes?
I have worked Help Desk, years ago and I am still helping people use GPG and Enigmail. It is not that hard. It just takes patience and good humor. It is possible it just requires people to do their job.
Re:Here is another thought (Score:5, Informative)
try to explain public and private keys and signatures to all the secretaries of your company
How's this:
A GPG key has two parts.
A private key, this one you keep private and safe.
A public key, this one you can make public and publish to a keyserver or send/give to people.
When someone wants to send an encrypted mail or file to you, they use your public key to do so. Then when you receive it you use your private key to decrypt it.
When you want to send an encrypted mail or file to others, you use their public key and they use their private key to decrypt.
GPG keys can also be used for verification to ensure that someone really did send an e-mail.
For example if you use your key to cryptographically "sign" an e-mail, the recipient can use your public key to check to see if the signature is good. If it is, you are the confirmed sender.
And vice versa if someone sends a signed e-mail to you.
Re: (Score:2)
" try to explain public and private keys and signatures to all the secretaries of your company"
Secretaries will follow well-written, complete, and correct instructions.
Engineers, on the other hand, will argue with the domain experts about the way they should have done it, make up their own procedures, and then complain when they've broken everything.
(Why yes I am an engineer. Why do you ask?)
Re: (Score:2)
this is pointless (Score:1)
Last I checked, banks are already on top of this and have a good way of doing this with any type of file.
do we really need the government, the same people who were petitioning for weaker encryption, to develop standards?
Re: (Score:3)
Re: (Score:3)
most banks don't bother and will send you to their HTTPS web site (which hopefully is secure, otherwise they shouldn't be allowed to call themselves a bank) to retrieve your reports.
Sending reports by email is just not worth it.
Re: (Score:2)
That's what they do, as do utility companies and pretty much any place that does paperless billing - but in a couple ways that fails to provide arguably important functionality that physically mailed statements did.
1) Physical statements, once mailed, are an record that is now beyond
Re: (Score:1)
While zip does have an "encrypt" opti
Re: (Score:2)
The government isn't monolithic: One department in the NSA tries to break codes, another points out security holes in encryption to companies to prevent cyberattacks, the US Navy helped develop TOR and the NIST (referenced in this article) had a hand is AES, SHA-1, SHA-2, etc. But NIST typically blesses standards, or chooses from proposals. For instance, in 2016 they disallowed certain NSA e
What is wrong with pgp? (Score:1)
It has worked extremely well for like 20+ years.
No. (Score:4, Informative)
Fix email security, so only the intended recipient can receive the file, and this problem goes away.
Re: (Score:2, Insightful)
Fix email security, so only the intended recipient can receive the file, and this problem goes away.
This would require point-to-point transmission and would cease to be email or even analogous to mail in any way. The intended recipient's digital (and possibly physical) location would have to be known to the sending program, and the sender and receiver would have to set up a secure tunnel between each other. That's not email any more, it's encrypted AIM/Jabber/Messenger.
Re: (Score:1)
Do not confuse privacy with security.
Security means I got what you said I should get
Privacy means you and I only know what is in there.
Encryption can handle both. But does not have to.
Re: (Score:2)
Fix email security, so only the intended recipient can receive the file, and this problem goes away.
Does email you send regularly not go to the intended recipient? If so the problem might be between the keyboard and chair.
Re: (Score:2)
Does email you send regularly not go to the intended recipient?
It always goes to an SMTP server, which is not the intended recipient.
If so the problem might be between the keyboard and chair.
Your problem seems to be massive dishonesty between the spinal column and skull cap. You pretended to know shit. You dont know dick. Full stop.
Re: (Score:2)
The SMTP server acts on behalf of the recipient but provides little to no verification of that.
SMTP is sent by looking up the DNS (spoofable), receiving an IP (potentially spoofed), connecting to that IP and (maybe) checking the header (again, spoofable). Even a "secure" SMTP session does zero checking of the certificate authenticity - it doesn't have the kind of DNS-authority that HTTP insists open and you can perfectly well use a self-signed cert. Nobody is tracking "what cert each email server uses" on
Re: (Score:2)
For a start, literally any SMTP admin (e.g. at GMail.com) could read, copy, forward, delete, duplicate, delay or do anything they like with EVERYONE'S email at that domain.
That's where the human trust in the equation comes in. Society is only going to function if there's a level of trust between humans. Given that the scenario you outlined doesn't involve any unplanned for middle men - only those whose function it is to get the messages where we want them - it's an acceptable solution. Given that original article is discussing how government employees could send files securely, the files will only go through government servers. It's an acceptable solution.
Re: (Score:2)
Fix email security, so only the intended recipient can receive the file, and this problem goes away.
Why not just ensure that everyone in the world is a perfect citizen who would not read / instantly forget any information that is sent to them by accident? It's more achievable than your suggestion.
Re: (Score:2)
Re: (Score:2)
Fix email security, so only the intended recipient can receive the file, and this problem goes away.
But then how will the government collect and monitor all email?
Super weak. (Score:3)
If you have a plain text version of any one of the files encrypted in a zip file, you can recover a key for the encryption, allowing simple decryption of all files.
Re:Super weak. (Score:4, Interesting)
The default ZIP encryption is extremely weak, yes, however there are extensions to use more sophisticated ciphers like AES. The problem is, most people don't know, don't use, or don't have a clue that you can encrypt ZIP files securely, how to configure it, or even if their software supports it. (It, like ZIP64, is a horrible mess of competing standards, so software ends up having to support all variants of an implementation, but there's always some variant unsupported, which is the one you have).
What NIST really needs to do is standardize the follow up to the ZIP standard with 64-bit file support (for files larger than 4GB), proper encryption support, and have decode only support for the ex-competing standards as deprecated so you can still unzip legacy ZIP files.
Re: (Score:2)
Re: (Score:2)
Not peer reviewed, but:
https://securiteam.com/tools/5... [securiteam.com]
Re: (Score:2)
Perhaps the most important part of that page is this section:
"Also remember that before attempting to crack the password, pkcrack outputs the 3 key set used by PKZip. These keys can be used to decrypt the file without having the actual password. The tool 'decrypt' in the pkcrack toolkit does just that."
It's incredibly quick to decrypt the files if you don't care about recovering the original password.
The heart of the problem (Score:2)
Re: (Score:2)
If you have idiots design it, you get something that is both insecure and hard to use (like the requirement to change your password every three months. I'm still not entirely sure what attack vector they are looking to stop with that one).
Secure Email? VeraCrypt? LUKS? (Score:2)
even if ZIP was secure (Score:3)
How do you send the password? Inside another password-protected ZIP?
Re: (Score:2)
Even if one channel is compromised, how likely is it that both are?
(Works for two-factor authentication)
Re:even if ZIP was secure (Score:4, Funny)
Re: (Score:2)
Re: (Score:2)
of course but then you don't need to password-protect the zip file
Re: (Score:1)
How do you send the password?
On a channel secure enough for whatever purpose you need. For most people, the phone is secure enough. Most real world attacks go after data at rest, not data in transit.
For most people this is "secure enough". One of the big problems with security is nobody wants to think about security as a range of security levels, not a secure/insecure. Yes, someone talented COULD be listening in on your call. If that kind of attacker is after you, you need to use a better method of key
Re: (Score:2)
Serious answer from actual practice of fairly sensitive documents? Here you go: Send an e-mail with a password-protected zipped attachment (or maybe password protected PDF file). Write: "I will send the password in a separate e-mail." Send the next e-mail 10 seconds later with: "Password is mickeymouse". We of course don't send files this way, but receive documents like this far too often (well, not that often, but more than once a year).
Re: (Score:1)
There are plenty of ways of sending the password. The basic approach is to send it to them out of band, i.e. by text message, phone, etc. It's not a perfect solution- if somebody is really out to get you they could tap your phone- but it would require the person trying to steal the data to hack two means of communication instead of just one.
Re: (Score:2)
The problem is that passwords sent by phone, verbally, or even SMS will be as secure as "hello" on average. sdofjhAfuhj^23kr23r`3`4$/$``; would be way to hard to spell on the phone and people will just give up
Re: (Score:1)
It's better than nothing, but not by much. If someone gets into your email account then the password protection is for nothing, however if someone is doing some automated scraping of data passing through the internet an encrypted PDF/zip will likely be ignored as too much hassle for a drive-by. It also helps for when people leave files lying around on USB sticks or on file shares that anyone can see, or it gets synced to their icloud which they let other people into, etc. etc. Chances are surprisingly high
How secure does it need to be? (Score:1)
Password Zip files protect against casual, lazy criminals, much like your front door lock does. Before anyone goes off about how this isn't accurate, and just how easy it is to break a zip file, I'd point out that lock picking is also very easy, and you can just buy a freaking pick gun that'll open many locks without much effort. Or you can just kick down the door, since the door frame itself is of poor quality.
Sending files securely isn't really all that much of a secret, and NIST making some "official d
Re: (Score:2)
Or you can just kick down the door, since the door frame itself is of poor quality.
Or for doors that open outward, which are surprisingly common, you can ignore the lock and just tap the pins out of the hinges.
Question (Score:3)
Such as? Asking for a friend.
Not Surprising (Score:2)
Glad you asked, Senator! (Score:5, Interesting)
What's interesting about this is that a Senator is asking. Someone in government. And it turns out there's an answer to his question (many other people have already mentioned it) called OpenPGP. I think these things are related in an important way.
You see, everyone's gripe about OpenPGP is that they've never met anyone in real life (even your best friends and family, apparently, not to mention coworkers) so you've never had the opportunity to exchange fingerprints and sign each other. And since you don't know anyone, you can't introduce anyone to anyone.
You know who has met everyone, Senator Wyden? The government.
Hey, feds, if you'll certify my identity enough to issue me a passport, you ought to have signed my key. Hey state, you issued me a driver's license? Then sign my key too. Hey bank, you asked to see my government id and then after that, have had a many-decades-long relationship with me? Sign my key, because you really do know exactly who I am. Hey, school. Hey, employer. Hey, whatever-the-fuck community organization. Hey, church. Hey, favorite bar, sign my key, because you've certainly checked my id enough times.
Some of that is beyond any Senator's power to demand. And some of it isn't.
As for why the government might not want to become a giant node in the web of trust, all I can think of is that they would prefer that communications not be too secure. If they start signing people, that legitimizes cryptography and of course other people and entities would sign the key too, so when the government tries to mitm someone, they'd be discovered. Is that the problem, Senator?
Re: (Score:2)
The Bank don't know who you are, their machine recognises your customer ID and handles moving around the numbers that represent your money. They've no interest in you beyond your ability to make them money; in the past a person at the bank would be able to greet you by name and would probably know your balance and your general banking habits.
The government could probably be turned in to a system that is good for signing people's keys but in the UK at least it's not yet such a thing IMO.
Re: (Score:2)
The right place for key signing is the DMV. Everyone with an ID can have a key. None of that other stuff should be necessary.
Re: (Score:2)
What is funny is that the US government already runs a Certificate Authority, so GPG/PGP would be a kludge. Furthermore, Outlook, their preferred email client, already works with PKI.
TL;DR, this is a non-issue and is already resolved, it is that the end-users don't know it yet. Likely because their agency hasn't jumped on it yet.
Corporations should already be implementing PKI. Shame on them for not doing so.
SCP? SFTP? HTTPS? (Score:2)
The problem here is that most internet users have no idea what the basic underlying internet protocols are. People only know "apps" and "sites." So if they want to communicate with someone, instead of asking the person "What protocols do you support? Should I SFTP this to your site? Or would you rather I do an HTTPS file upload?" they ask "Do you use Facebook? Or Gmail?" Folks, the internet is fundamentally broken because of this. We have to educate people that all these problems of privacy and secu
Re: (Score:2)
Really, it isn't just the end-users fault. It's the developers fault too. Some developer is assigned the job of making a backup solution, and instead of using SFTP, they make their own custom protocol based-on REST over HTTPS with Facebook for the authentication.
S/MIME? (Score:2)
I thought we did have a standard: S/MIME. You need to get an e-mail certificate (or generate a private key and x.509 certificate yourself) to use it, but that's not that hard a task.
Hand deliver it (Score:2)
Ever notice we still have Fax machines? There's a reason for that.
NIST: Internet operator's certification (Score:2)
Great Senator! Now fight for good encryption! (Score:2)
Hopefully this Senator will also appreciate that EVERYONE needs very solid encryption, AND that backdoored encryption, where the Government has the ability to break any US encryption, will inevitably be compromised by our adversaries and expose our economic, personal, and national defence secrets?
I'm talking about the avowed desire by some in Government to demand that ANY encryption be breakable by the Government via a back door. This is great in theory, but the Government has been shown, over and over aga
Envelopes aren't very secure either (Score:2)
When you mail physical documents that are sensitive, you trust it to an envelope sealed with glue. Not very secure. Any criminal can just rip it open. Still, it's secure enough.
For most of us, password-protected Zip files are...secure enough.
Siccing NIST on this seems excessive (Score:1)
Will he also be asking the FBI to investigate the effect of leaving cars unlocked in high-crime areas?
It's possible that increases the likelihood of theft of items from the car, and perhaps even the theft of the car itself.
Well, at least this is only a little wasteful and temporary, rather than massively destructive and perhaps permanent.
Let's call this a win, and move on to the next thing, shall we?
Re:Time for a Rust-based file format? (Score:2)
It's better to burn out than it is to rust.