Re: Re: Encrypting Largish Files

http://qs1969.pair.com?node_id=114139

in reply to Re: Encrypting Largish Files
in thread Encrypting Largish Files

Zip file security is extremely weak. It won't even stop a 5 year old if he can download a few utilities off the net.

--
IndyZ

Comment on Re: Re: Encrypting Largish Files

Replies are listed 'Best First'.
Re: Re: Re: Encrypting Largish Files by suaveant (Parson) on Sep 23, 2001 at 09:11 UTC
I was curious as to how well it encrypted... any other zippers have that function? - Ant - Some of my best work - Fish Dinner	[reply]
Re: Re: Re: Re: Encrypting Largish Files by IndyZ (Friar) on Sep 23, 2001 at 23:38 UTC
I think that zip file encryption started with pkzip (I'm not sure, but that's the first place that I saw it), and anybody that wanted to maintain compatibility had to add it to their zip software. If you want to encrypt a zip file, you should probably use a strong algorithm that comes in an encryption package such as GPG. -- IndyZ	[reply]
Re: Re: Re: Re: Re: Encrypting Largish Files by John M. Dlugosz (Monsignor) on Sep 24, 2001 at 08:38 UTC
Yes, PkZIP described encrypted entries. There is a simple flag for it, so there is no way to incorporate other algorithms and maintain file compatibility. You either mark it as encrypted and do something different (like CuteZip does, and that makes all other zip utilitites think you have a corrupted file; or use a non-standard extension to the file format, which has its own problems because the format is not really well designed. Some issues, and my musings and collected ideas for them, can be found here. In fact, I found a lot of bugs in early releases of Perl 5 with that! The encryption method has a known-plaintext attack, but the net utils are bascially password crackers and brute force engines. A brief discussion of where the encryption code came from is in the (very old) zip file format documentation from PK. —John	[reply]

In Section Seekers of Perl Wisdom