Is zip's encryption really bad?

security encryption compression zip

20,043

The weakness of the old encryption was due to the weakness of the chosen encryption algorithm.

Nowadays one can use industry grade encryption via 'AES', which is used everywhere (and is under heavy attack but as it seems pretty hard to attack). As the site you cited stated: the weakest spot is in the passphrase and the rules you mentioned especially address that problem.

Theses rules do not apply to the passphrase for the old encryption, since that old encryption was very weak in itself, no matter if you choose a good password or not.

The statement of

the problem is removed provided you follow a few rules when choosing your password.

is not true, since the real solution to encrypt ZIP files securely is to choose a strong encryption algorithm AND a strong password. The strongest password is worth nothing if the encryption algorithm is weak.

20,043

Julian

A rather lazy sysadmin and sometimes coder

Updated on September 17, 2022

Comments

Julian over 1 year
The standard advice for many years regarding compression and encryption has been that the encryption strength of zip is bad.

Is this really the case in this day and age?

I read this article about WinZip (it has had the same bad reputation). According to that article the problem is removed provided you follow a few rules when choosing your password.
1. At least 12 characters in length
2. Be random not contain any dictionary, common words or names
3. At least one Upper Case Character
4. Have at least one Lower Case Character
5. Have at least one Numeric Character
6. Have at least one Special Character e.g. $,£,*,%,&,!
This would result in roughly 475,920,314,814,253,000,000,000 possible combinations to brute force

Please provide recent (say past five years) links to back up your information.
- Dan Dascalescu almost 10 years
  
  How is this not constructive, @random?
Julian almost 14 years

Some good insights and links. But did you really answer my question? It's a bit unclear.
akira almost 14 years

@satanicpuppy: the only problem with symetric encryption is the key-exchange. and thats exactly what asymetric encryption solves: the key-exchange. not the "symetric encryption is bad" part.
Julian almost 14 years

Unfortunately exchanging public keys with co-workers and clients is a non-trivial task. So symmetric encryption is here to stay until Microsoft includes support for some PGP flavour natively (and per default) in Outlook.
akira almost 14 years

@satanicpuppy: gpg encrypts only the symetric keys via asymetric encryption, it uses the symetric keys for the real encryption. the best encryption you can get is a one-time-pad .. which is symetric encryption. so, do not fall into the trap of the oil-snake-high-bits-for-keys is in any ways safer than the currently used symetric cyphers as aes256 etc. the asymetric keys are normally secured by symetric encryption (passphrases) ...
akira almost 14 years

@Nifle: exactly.
akira almost 14 years

i think it is: a) you can now choose a better encryption cypher (aes256 instead of pkzip-homebrew-whatever) and b) i stated that the problem was not removed by choosing a better passphrase but by picking a better cypher (see a)).
akira almost 14 years

@satanicpuppy: "GnuPG is a hybrid encryption software program in that it uses a combination of conventional symmetric-key cryptography for speed, and public-key cryptography for ease of secure key exchange, typically by using the recipient's public key to encrypt a session key which is only used once. This mode of operation is part of the OpenPGP standard and has been part of PGP from its first version"
akira almost 14 years

@satanicpuppy: if you read papers of crypto-researchers then you can see for what reason they tend to believe why, in case of "aes128 vs aes256", aes128 SEEMS to be more secure than aes256 .. which is why i brought up "high-bits-snake-oil". it is just not true that throwing a high number of bits into the security pool ads security PER SE.
akira almost 14 years

@satanicpuppy: i did not say that symetric encryption is secure per se, YOU stated that symetric encryption is problematic per default, which is not the case. and thats what i said.
akira almost 14 years

@satanicpuppy: and you should use the comment function if you want to comment. not your own answer.
akira almost 14 years

@satanicpuppy: read en.wikipedia.org/wiki/Hybrid_cryptosystem about how and why crypt-experts use the hybrid approach and why they do not think that "symetric encryption is problematic". the main problem, which asymetric encryption solved, is the key-exchange.
akira almost 14 years

@satanicpuppy: and read gnupg.org/gph/en/manual.html#AEN210 as well.. just to quote a bit "Public-key ciphers are no panacea. Many symmetric ciphers are stronger from a security standpoint, and public-key encryption and decryption are more expensive than the corresponding operations in symmetric systems. Public-key ciphers are nevertheless an effective tool for distributing symmetric cipher keys, and that is how they are used in hybrid cipher systems."
akira almost 14 years

@satanicpuppy: and slideshare.net/lovelace/openpgpgnupg-encryption page7 and onwards.
Satanicpuppy almost 14 years

@akira: You're not even addressing what I'm talking about. Onetime pads are the definition of problematic: hand generated, hand transferred. Symmetric key encryption is problematic because the key generation is left in the hands of the enduser (when they choose their passphrase or whatever), and that is a massive problem.
Satanicpuppy almost 14 years

@akira: You can quote the gpg manual all you like, but that doesn't change the fact that the encryption is done via asymmetric keys. The symmetric part only applies to encrypting the private key for storage. If I locked my house with a key, and then stored the key in a combination box that was stored in a secure location, by your logic, my house would be locked with a combination lock. Encrypting the private key is in no way required for asymmetric key encryption.
akira almost 14 years

@satanicpuppy: you have obviously NOT read the links. it is common practice, to encrypt only the session key via asymetric encryption, the message itself is encrypted symetrical.
KTC almost 14 years

@Nifle, it did. Zip encryption was bad because the algorithm was rubbish. In newer versions of zip, you can now choose from more secure algorithm. As long as you select one of the secure algorithm, then the security is no worse than other similar product. Standard security issues like choice of passphrase and implementation aside. i.e. The weakest chain is no longer in the algorithm used.
akira almost 14 years

@satanicpuppy: to take your metaphor: the key inside the box is secured by asymetric encryption. the key inside the box is a very large combination lock. so, yes, your house would be secured by a combination lock. because the real problem is not the gigantic lock for house or that it is a gigantic combination lock, the real problem is to transport the BOX to other people.
Satanicpuppy almost 14 years

@Akira: But that's not how asymmetric key crypto even WORKS! The private key is encrypted, but that is never shared! It's encrypted so that, if someone breaks into your machine, they have to do a little more work to get your private key. The public key is the shared key, and, since the public key cannot DECRYPT anything, it's not a problem. To go back to the house argument, there is a key that can unlock the door and there is a key that can lock the door. You protect the key that can UNLOCK it, but the key that LOCKS it, you leave on a hook right by the door.
Satanicpuppy almost 14 years

@Akira: That's why the key-sharing problem is solvable via public-key encryption, because it doesn't matter who can ENCRYPT traffic, but only in who can DECRYPT traffic. The same is NOT true for symmetric key encryption which is why its inherently a weaker system: since there is only one key, key transfer is extremely important, and that's the weakest part of the system.
akira almost 14 years

@satanicpuppy: your misconception is, that i did not understand how asymetric encryption (ae) works, which i do. the advantage of ae is, that it allows to exchange information without exchanging a key before beeing able to decrypt the encrypted message. and that by the cost of performance. it is as (practically) hard to brute-force an ae-key(pair) than to break a good se-key. in practice, every day, the plain-text you want to encrypt, is encrypted by a randomly created, symetric session key, and that key is encrypted by ae (the public keys of the receivers). that is a fact.
akira almost 14 years

@satanicpuppy: regarding the house metaphor: i didnt claim, that this is how ae works. i described how the whole gpg/pgp package works. ae guards the lock to the house, not the house. once you get that into your head, you will understand what i am talking about.
akira almost 14 years

@satanicpuppy: encryptionanddecryption.com/algorithms/… "Asymmetric encryption algorithms (also known as public-key algorithms) need at least a 3,000-bit key to achieve the same level of security of a 128-bit symmetric algorithm"
Satanicpuppy almost 14 years

@Akira: What's your point? Do you HAVE a point? The only thing I've said is that there are problems with symmetric key encryption, which you've never refuted, despite all the tangents you keep jumping on to. If you actually have a meaningful point, by all means, continue.
akira almost 14 years

@satanicpuppy: "Symmetric encryption is problematic", that is the point. you describe asymetric encryption as the silver bullet, which it is not. you have social engineering and user carelessness with ae as well. again, the "problematic aspect" is not the symetric cypher (given that you pick a strong one), it is the key exchange. the next point is, that you HAVE control over the length of the used passphrase/key in winzip (which was the question about). and if you decide to choose a good password, then you will have good security, ESPECIALLY with symetric encryption. and that is the point.
Satanicpuppy almost 14 years

@Akira: Okay,. My point is that user-generated passphrases are weaker and less reliable then pre-generated keys, and I think that, even if you stipulate a length, the social engineering angle is going to be much more prevalent (people tend to write down long keys). Also, I think that the potential for weak passwords builds a false sense of security (i.e.the data are encrypted, but the password is vulnerable to a weak dictionary attack). In a nutshell: users don't have as much input in asymmetric systems, and I think that's a good thing.
MT. almost 14 years

@Nifle, @satanicpuppy, @akira: download a lot of episodes of grc.com/securitynow.htm , kick back and relax while you listen to them, then have this argument again :)
akira over 13 years

@RCIX: "Well, and of course we also have virtually unbreakable cryptography with a symmetric block cipher, where we use a long key, like maybe 256 bits." (grc.com/sn/sn-034.txt). i do not see how that adds anything new to the discussion.
akira over 13 years

@RCIX: "In fact, it takes so long that the asymmetric ciphers, the so-called “public key ciphers,” are not used to encrypt messages. They’re used to encrypt keys."
Eroen about 12 years

There is another bit you neglected to mention, that AES is a block cipher, and can only encrypt fixed-length blocks of data. Thus, to encrypt longer files, fancy schemes have been developed to generate new keys for every block. Unfortunately, developers occasionally overlook this, and make their software encrypt every block with the same keys, see [en.wikipedia.org/wiki/Cipher-block_chaining]
Eroen about 12 years

@akira: It is not directly related to the question, but informs on a failing of the above answer. The Q. asks if X is bad in respect Y, the A. (among other things) incorrectly explains how to identify goodness in respect Y, my C. points out this incorrectness.
akira about 12 years

@Eroen: so, what exactly are you saying / what exactly is your point? you "proved" that AES is bad? that some idiots can not implement it right? that AES is worse than pkzip's algorithm?
Eroen about 12 years

You imply that the use of AES encryption means it will be difficult for somebody else to access your data afterwards (two first sentences). I wanted to point out that this has occasionally turned out to be incorrect and that applying AES to a file will not necessarily encrypt it securely, even with an epic passpoem.
akira about 12 years

@Eroen: so you want to emphasize that a faulty implemented algorithm is not good at all? well done sir, well done. AES is industry standard not for the reason it could be implemented faulty. "securely is to choose a strong encryption algorithm AND a strong password" means just that: implemented and USED correctly. even when someone implemented pkzip-encryption correctly it would still be weak due to the weakness of the algorithm. and AES being a block-cipher does not change one tiny bit of truthiness.