If I compress a file in a .7z archive with password, is it undecryptable without password?

I'm just curious to know whether or not an encrypted file is really save in terms of decrypting if I compress (or just save) a file into a .7z archive with a password.

If I use a strong and unpredictable password, is the only way to decrypt it a brute force attack?

7-Zip seems to use AES-256, which, according to Wikipedia, is also used in other applications and I therefore guess it is not easily decryptable. However, I'm not much into cryptography at all.

Is a .7z archive undecryptable (except through brute force) without the password?

pimvdb

Posted 2011-04-06T20:32:39.193

Reputation: 373

Answers

There are various options with 7z to improve the security. By default a ZIP file doesn't encrypt the file table - this means that an attacker knows what the files are and which are most likely to contain recognizable patterns, such as English language words.

There is an option to encrypt the file table as well, which makes it much harder. It will never be bullet proof - it will always be vulnerable to a brute force attack, but the more complex your password the longer a brute force attack would take, and the harder it will be to get in.

I wrote all about ZIP encryption on the Super User Blog the other week:

http://blog.superuser.com/2011/04/02/compression-and-encryption-the-zip-years/

I suggest you give it a peruse.

Majenko

Posted 2011-04-06T20:32:39.193

Reputation: 29 007

The simple answer is yes - if you have a strong password the only way to get in would be through a brute force attack.

Even a non-trivial password might be enough to stop most people. They'll see it's protected perhaps try for a while and then give up.

As long as you don't call it "my top secret plans.7z" or "nude pictures of some celebrities.7z" they're unlikely to want to take it any further.

ChrisF

Posted 2011-04-06T20:32:39.193

Reputation: 39 650