5

I'm wondering which encrypted 7-Zip file format has better encryption: 7z with 256 AES or zip file with 256 AES? Assume that a strong password is used, then which encrypted 7zip file format has stronger encryption to encrypt info in a text file?

Luc
  • 31,973
  • 8
  • 71
  • 135
J. A.
  • 77
  • 1
  • 4
  • What do you mean by "Stronger Encryption"? If both use AES-256 with a long, random key, then both have the exact same strength. –  May 13 '19 at 11:31
  • @MechMK1 There some external factors involved, see my answer. – Overmind May 13 '19 at 12:22
  • See https://security.stackexchange.com/questions/100650/how-secure-is-7z-encryption/233813#233813 – mti2935 Jun 26 '20 at 15:15

1 Answers1

5

7-zip uses AES-256 for 7z archives, the strongest version of AES.

WinZip offers two kinds of encryption: AES encryption (It's good, but windows doesn't support it.) and weak Zip 2.0 (Legacy) encryption, which is the old method. Windows supports it. But that method provides low security level. Do not rely on Zip 2.0 encryption to provide strong data security.

Using WinZIP with AES defeats the initial .zip purpose, since Windows by itself will not be able to extract it.

When using AES WinZIP can use both 128-bit and 256-bit. If 128-bit is used, it's less secure, but a little faster.

It also slightly simpler to check passwords for zip, since many tools are focused on that compared to 7z. Basically, there is some software that can search passwords for zip, and it's more difficult to find such software for 7z-AES.

Standard .zip also has more code execution vulnerabilities compared to 7Z.

So the strongest format is 7Z, followed by ZIP-AES-256.

Conclusion: in the case of encrypted files, there is no sane reason to still use standard zip.

Overmind
  • 8,779
  • 3
  • 19
  • 28
  • Which 7Z compression type is best for a small encrypted 7z file: LZMA, LZMA2, BZip2 or another type? – J. A. May 21 '19 at 01:47
  • See here: https://tukaani.org/lzma/benchmarks.html . Btw, the best compression I even encountered is paq7, but unfortunately is not used today by any large known archiver. – Overmind May 21 '19 at 05:12