Is zip's encryption really bad?
The standard advice for many years regarding compression and encryption has been that the encryption strength of zip is bad.
Is this really the case in this day and age?
I read this article about WinZip (it has had the same bad reputation). According to that article the problem is removed provided you follow a few rules when choosing your password.
- At least 12 characters in length
- Be random not contain any dictionary, common words or names
- At least one Upper Case Character
- Have at least one Lower Case Character
- Have at least one Numeric Character
- Have at least one Special Character e.g. $,£,*,%,&,!
This would result in roughly 475,920,314,814,253,000,000,000 possible combinations to brute force
Please provide recent (say past five years) links to back up your information.
The weakness of the old encryption was due to the weakness of the chosen encryption algorithm.
Nowadays one can use industry grade encryption via 'AES', which is used everywhere (and is under heavy attack but as it seems pretty hard to attack). As the site you cited stated: the weakest spot is in the passphrase and the rules you mentioned especially address that problem.
Theses rules do not apply to the passphrase for the old encryption, since that old encryption was very weak in itself, no matter if you choose a good password or not.
The statement of
the problem is removed provided you follow a few rules when choosing your password.
is not true, since the real solution to encrypt ZIP files securely is to choose a strong encryption algorithm AND a strong password. The strongest password is worth nothing if the encryption algorithm is weak.
Read also http://www.info-zip.org/FAQ.html#crypto and http://www.topbits.com/how-can-i-recover-a-zip-password.html