I am interested in knowing if either of them is easier to crack than the other because of inherent flaws.
Asked
Active
Viewed 5,715 times
2 Answers
12
It depends on how the ZIP file is encrypted.
When you want to create a fully standard-compliant ZIP archive, then your only option for encryption is the ZipCrypto algorithm which is known to be seriously flawed.
However, many compression tools support a non-standard addition to the ZIP standard which allows to use different encryption algorithms, including AES-256, which is the same encryption algorithm the 7z format uses by default. When that option is used, 7z and zip are equally hard to crack.
Caveat: not every archive handler can handle AES-256 encrypted ZIP archives. Such tools can then no longer read the files in such archives. One such archive handler is the one built into Windows Explorer.
Philipp
- 48,867
- 8
- 127
- 157
-
upvoting for mentioning the Zip AES extension; I myself did not remember that. – LSerni Oct 24 '15 at 17:13
-
3A more complete answer would compare the different key stretching algorithms used by the different formats. – Neil Smithline Oct 24 '15 at 19:19
-
Philipp, thanks for mentioning that some Zip archivers use the `ZipCrypto` algo! – Alexander Suraphel Oct 26 '15 at 13:46
3
if either of them is easier to crack than the other because of inherent flaws
Briefly: yes. You'd be better served by 7Zip, which uses
encryption with AES-256 algorithm. This algorithm uses cipher key with length of 256 bits. To create that key 7-Zip uses derivation function based on SHA-256 hash algorithm. A key derivation function produces a derived key from text password defined by user.
Also,
For increasing the cost of exhaustive search for passwords 7-Zip uses big number of iterations to produce cipher key from text password.
On the down side, 7Zip is not natively supported by as many platforms as standard Zip, so if you need to distribute files, you'll have to warn users and include links to downloadable software for their platforms.
LSerni
- 22,521
- 4
- 51
- 60
-
Isemi, you're right about lack of default availability of 7z. Unrelated to this I have installed 7z on my Ubuntu 14.10 machine via software center. I can access the command line tools. However, while using nautilus(GUI), it seems that the only option I have is the Archive manager. Did I miss to install something? – Alexander Suraphel Oct 26 '15 at 13:48
-
1@AlexanderSuraphel: No, you did not miss installing anything; the original developer of 7zip does not write 7-Zip GUI for Linux, the 7-Zip GUI only supports Windows. In Ubuntu, to create archives from a GUI, you would use Nautilus or File Roller/Archive Manager which supports 7zip file format if the p7zip package is installed. – Lie Ryan Mar 27 '16 at 16:01