How to prevent 7-Zip encrypted zip file passwords from being stored on the hard-drive?

I've encrypted a folder with 7-Zip 9.20, specifying 256-bit AES and a password, and the .zip file was created. But then, when I clicked on the zipped file, to my surprise, PeaZip 5.1.1, which was the registered program to open zip files, opened the file without prompting me for the password.

This means 7-Zip is storing my AES password somewhere on disk, and what is even worse, in a place where other programs can find it. This is inherently insecure. How can I disable this behavior?

Thanks.


Here is a picture of how I encrypted the file with 7-Zip:

enter image description here

And here is a picture of the dialog box (with an option for entering the keyfile) I get when I try to open any file in the .zip archive (a similar window is displayed when opening .7z files):

enter image description here


Solution 1:

7-zip does not store passwords on your computer, it does not have that feature.

Your issue is actually a limitation of the ZIP format when creating encrypted ZIP files. The data is encrypted, but not the file names. You can prove this by trying to extract the contents of the ZIP file. It will fail unless you specify the correct password.

If you want file names to be encrypted as well, I highly recommend 7-zip's 7z format, you'll see the option Encrypt file names becomes available.

Solution 2:

Zip format does not allow to encrypt table of content of the archive, so you can actually open (browse) any encrypted Zip file.

Some archive managers can check if the file is encrypted and, in this case, ask you for password, but anyway the names of files and folders inside the encrypted Zip archive are in clear text and anyone can read them (e.g. with a plain hex viewer), so the archive format does not offer any security at all if attacker's scope is just reading the file names.

7z format can optionally encrypt archive's table of content, in this way you will always need to enter the password to browse the content.

Both with Zip and 7z formats, however, you cannot extract anything from an encrypted archive without providing the password, as the file content is actually encrypted.

The issue is utterly complicated as both Zip and 7z format support different passwords being used in the same archive (e.g. file a.txt is encrypted with "p4sSword1", file b.txt is encrypted with "Passw0rd2", file c.txt is not encrypted) so if you decide to use this (format's) feature you can need to enter different passwords to operate on (extract, update) different files inside the same archive - so the concept of asking for "the" password when you open an encrypted archive may be deceptive as that password may apply only to part of the archive's content.