Yes, PkZIP described encrypted entries. There is a simple flag for it, so there is no way to incorporate other algorithms and maintain file compatibility. You either mark it as encrypted and do something different (like CuteZip does, and that makes all other zip utilitites think you have a corrupted file; or use a non-standard extension to the file format, which has its own problems because the format is not really well designed.

Some issues, and my musings and collected ideas for them, can be found here. In fact, I found a lot of bugs in early releases of Perl 5 with that!

The encryption method has a known-plaintext attack, but the net utils are bascially password crackers and brute force engines.

A brief discussion of where the encryption code came from is in the (very old) zip file format documentation from PK.

—John