17 Dec
2003
17 Dec
'03
11:17 p.m.
Someone who claimed to be David F. Ogren said on Sat, 1 Jun 1996:
The brute force system decrypts the first, and second blocks (8 bytes each) of the cyphertext, XORs them, and compares the result with "PKZIP2.1". If the comparison is equal it has the key.
I will concede that having a known header, such as a PKZIP header, does weaken a crypto to certain degree, but I still believe that it is not a significant problem. Here's why:
Why not simply use two session keys, and encrypt the headers with one while encrypting the actual data with the other? That seems to solve both problems, except that more CPU cycles are required.