How secure are password-protected zip files?
In modern zip utilities like 7zip, you can specify a password when creating a .ZIP file. But, how secure is this? What encryption algorithm(s) are used to secure password-protected zip files?
7-zip uses AES-256 encrpytion for 7z/zip archives.
http://7-zip.org/7z.html says:
7-Zip also supports encryption with AES-256 algorithm. This algorithm uses cipher key with length of 256 bits. To create that key 7-Zip uses derivation function based on SHA-256 hash algorithm. A key derivation function produces a derived key from text password defined by user. For increasing the cost of exhaustive search for passwords 7-Zip uses big number of iterations to produce cipher key from text password.
The help files of 7-zip says this about the security of a passworded 7z file:
Brute force attacks are a waste of time. I won't go into details why, I will instead direct you to Jeff Atwood's blog, specifically Brute Force Key Attacks Are for Dummies.