in reply to Re: Re: Re: Encrypting Largish Files
in thread Encrypting Largish Files

I think that zip file encryption started with pkzip (I'm not sure, but that's the first place that I saw it), and anybody that wanted to maintain compatibility had to add it to their zip software. If you want to encrypt a zip file, you should probably use a strong algorithm that comes in an encryption package such as GPG.

  • Comment on Re: Re: Re: Re: Encrypting Largish Files

Replies are listed 'Best First'.
Re: Re: Re: Re: Re: Encrypting Largish Files
by John M. Dlugosz (Monsignor) on Sep 24, 2001 at 08:38 UTC
    Yes, PkZIP described encrypted entries. There is a simple flag for it, so there is no way to incorporate other algorithms and maintain file compatibility. You either mark it as encrypted and do something different (like CuteZip does, and that makes all other zip utilitites think you have a corrupted file; or use a non-standard extension to the file format, which has its own problems because the format is not really well designed.

    Some issues, and my musings and collected ideas for them, can be found here. In fact, I found a lot of bugs in early releases of Perl 5 with that!

    The encryption method has a known-plaintext attack, but the net utils are bascially password crackers and brute force engines.

    A brief discussion of where the encryption code came from is in the (very old) zip file format documentation from PK.