By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
448,467 Members | 994 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 448,467 IT Pros & Developers. It's quick & easy.

How safe are encrypted zip files? What if we have the unzipped form of a zipped file?

P: 2
(((
I know that if we use a complicated password for zip files that has more than 8 characters, it's quite safe and can't be cracked easily...
For example, for an 8-digits complicated password (containing ABC,abc,123,!@#), it takes 83.5 days for a supercomputer to test all combinations, and 22 years for a 9-digit!!!!)
)))

But in an example, we have an encrypted zip file that contains multiple files, and we have the extracted form of one of those files

In this case and with having the original and zipped-encrypted file, can we write a program that cracks the password easily...? Not by taking months or even years to crack?

It it's possible, there will be problems; for example, a zip file may contain ""thumbs.db"" or ""desktop.ini"" files, that use almost the same pattern everywhere... and more common: every file format has its own hex pattern too!!! (For example, EF BB BF for UTF-8 text files)... and situations that we know the contents of a part of a text file... etc.
Jun 23 '14 #1

✓ answered by Rabbit

1) AES is a sufficiently strong algorithm.

2) I'm not sure what your point is. That example is answered by #4.

3,4) AES is just an algorithm. It's up to the programmers of whatever program you're using to implement it correctly. I can't tell you if the programmers implemented the algorithm correctly because only they know the ins and outs of their source code.

Share this Question
Share on Google+
3 Replies


Rabbit
Expert Mod 10K+
P: 12,401
1) It depends on what algorithm the encryption uses.

2) If an attacker has the original files, there's no need to crack the password. You already have the data. Plus you shouldn't reuse passwords with a different file so even if they crack one, they can't open the others.

3) Even if they had both, a properly implemented algorithm will not allow them to figure out the key.

4) Even if you have a lot of files with the same sequence of bytes, a correctly implemented algorithm will encode those same sequences differently.
Jun 23 '14 #2

P: 2
Thanks a lot!!!

1) ZIP files use symmetric-key algorithm, AES encryption.

2) Sometimes we have a part of a single file. For Example some HTML files start with:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

or PNG files start with hex code:
89 50 4E 47 0D 0A 1A 0A


3, 4) Is AES encryption a properly implemented algorithm????
Jun 24 '14 #3

Rabbit
Expert Mod 10K+
P: 12,401
1) AES is a sufficiently strong algorithm.

2) I'm not sure what your point is. That example is answered by #4.

3,4) AES is just an algorithm. It's up to the programmers of whatever program you're using to implement it correctly. I can't tell you if the programmers implemented the algorithm correctly because only they know the ins and outs of their source code.
Jun 24 '14 #4

Post your reply

Sign in to post your reply or Sign up for a free account.