Menu
I'm aware that the default encryption provided by the zip command in Linux isn't considered to be secure, but I'm curious - what algorithm does it use when encrypting with the --encrypt option?
462
To create that key 7-Zip uses derivation function based on SHA-256 hash algorithm.
The zip program puts one or more compressed files into a single zip archive, along with information about the files (name, path, date, time of last modification, protection, and check information to verify file integrity). An entire directory structure can be packed into a zip archive with a single command.
Legacy (Zip 2.0) encryption: this older encryption technique provides a measure of protection against casual users who do not have the password and are trying to determine the contents of the files.
Zip files can be password-protected, but the standard Zip encryption scheme is extremely weak. If your operating system has a built-in way to encrypt zip files, you probably shouldn't use it. To gain the actual benefits of encryption, you should use AES-256 encryption.
Since the zip command will write out PKZIP files, it would follow they're implementing the specs for that. Apparently the format allows for several distinct ciphers, the one typically considered "insecure" looks like it's homegrown.
See here for a detailed discussion of how to break it, including some insights into the original algorithm: http://math.ucr.edu/~mike/zipattacks.pdf
118
Traditional encryption is based on a stream cypher by Roger Schaffely. The exact, symmetric algorithm is illustrated here http://www.academia.edu/348210/PKZIP_Algorithm
Newer versions of the linux zip utility (zip-info) seem to be going to include AES encryption aswell: http://www.info-zip.org/phpBB3/viewtopic.php?f=4&t=396&p=2453&hilit=aes#p2453
38
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
