Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Strength of Zip archive password

10 May 2013   #1

Strength of Zip archive password

I like making backups of my files on cloud services, for instance SkyDrive and Dropbox. (I have their apps running on my Windows 7 machine that sync two of my local folders.) But the question that I always had in mind is -- what about security of those services? It doesn't seem like either of them provide any encryption for its free accounts.

So what I came up with is a solution to use WinRAR to zip my files into a password protected Zip file before letting it to be uploaded to the cloud. For that I use a password, similar to something like this: "SomRaNdemWerdz23448"

So the question I have, how easy is to to break into a Zip archive created on a Windows 7 system that is protected with a decent-length password?

My System SpecsSystem Spec
10 May 2013   #2
Microsoft MVP

Windows 7 Ult. x64

.ZIP supports a simple password-based symmetric encryption system which is documented in the .ZIP specification, and known to be seriously flawed. In particular it is vulnerable to known-plaintext attacks which are in some cases made worse by poor implementations of random number generators.[26]
New features including new compression and encryption (e.g. AES) methods have been documented in the .ZIP File Format Specification since version 5.2. A WinZip-developed AES-based standard is used also by 7-Zip, XCeed, and DotNetZip, but some vendors use other formats.[27] PKWARE SecureZIP also supports RC2, RC4, DES, Triple DES encryption methods, Digital Certificate-based encryption and authentication (X.509), and archive header encryption.[28]
File name encryption is introduced in .ZIP File Format Specification 6.2, which encrypts metadata stored in Central Directory portion of an archive, but Local Header sections remain unencrypted. A compliant archiver can falsify the Local Header data when using Central Directory Encryption. As of Version 6.2 of the specification, the Compression Method and Compressed Size fields within Local Header are not yet masked.
Zip (file format) - Wikipedia, the free encyclopedia

Personally, I prefer 7ZIP and its .7z format, which uses 256 bit AES encryption.

7z - Wikipedia, the free encyclopedia
My System SpecsSystem Spec
10 May 2013   #3
Microsoft MVP

Windows 7 Ultimate X64 SP1

I once experimented with a "rar password cracker" on a Winrar file I made for the purpose. It wasn't a particularly strong password but the software said it would have taken over 2 years of searching to find it. I suspect that serious decrypters and hackers have much more sophisticated programs than a free one.

I also trust and use 7-Zip for anything sensitive in nature.
My System SpecsSystem Spec

11 May 2013   #4

Windows 7 Ultimate x64

An alternative may be to use a serious, specialized encryption program to handle the security and keep WinRar/7Zip/whatever for compression only. What I would do is to pack the files with WinRar at highest compression, but unencrypted, then store the .rar file in a TrueCrypt container that provides strong security, and upload the container instead.

Anyway, if your data is so important and confidential, I would think twice before uploading anywhere. No matter how strong it is, encryption algorithms can ALWAYS be reversed, given the time and processing power, and by having your files in someone else machine you effectively lose control on who can get it. For really critical data, keep it with yourself, and backup only to devices and computers you can physically control. Encryption makes sneaking harder, but ultimately possible, so you're giving all the info away regardless.
My System SpecsSystem Spec

 Strength of Zip archive password

Thread Tools

Similar help and support threads
Thread Forum
Vallidity of password strength tests
I feel it's time to change my passwords for the most secure areas such as banking. My local bank restricts a password to 8 characters so I can't get past "Medium" on the Microsoft Test] Longer passwords are more secure...
System Security
Signal Strength Meter
This is from Microsoft's web site.(see below) I do not have the option "Digital TV antenna signal strength. I really need to check my signal strength. Anybody else have this problem? I have 2 Hauppage 950Q tuners that I receive clear QAM through the cable company on. On the Windows...
Media Center
Why is my signal strength poor?
Ok, recently my computer and internet was working just fine until last night. MY computer just didnt connect. So i called dell and they just fixed it right now by going into my router settings and changing a few things like changing my security to WPA Personal from WAP Open. Before I was usually...
Network & Sharing
Signal strength mismatch
Erm.... which do I trust? (see attachment) The question mark is in Comic Sans for added seriousness.
Network & Sharing

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 21:31.
Twitter Facebook Google+