Slashdot Mirror

← Back to Stories (view on slashdot.org)

.ZIP Standard to Fragment?

Posted by ryuzaki0 on from the after-so-many-years dept.

fudgefactor7 writes "As IDG.NET tells us, the venerable .ZIP compression standard is about to undergo a bit of a schism. PKWare and WinZip, the "big two" in the .ZIP format biz are (unfortunately) going to be making their respective releases incompatible (to an extent) and an archive made with one may not be accessible from another. The problem lies with PKWare not giving information to WinZip, thus making WinZip to go it alone."

36 of 627 comments (clear)

  1. Splitting Those ZIPs by Ken@WearableTech · · Score: 5, Informative

    The post was a little hyped. PKWare and WinZip only split on the encryption of the Zip file. I for one have long since encrypted Zip files with PGP when I needed that security. Zip encryption has always been a joke, and I doubt that too many are going to replace what ever trusted methods they have come up with for PKWare or WinZip's new method.

    It is too bad that they split, but I use Zip files for compression not encryption. The compression is still cross-compatible, so life will go on.

    1. Re:Splitting Those ZIPs by grub · · Score: 4, Informative


      I for one have long since encrypted Zip files with PGP when I needed that security

      PGP zips files before encrypting them. At least older versions did. See this page

      --
      Trolling is a art,
    2. Re:Splitting Those ZIPs by Surak · · Score: 5, Informative

      WinZip and PKZip are ALREADY incompatible in some areas.

      From Pkware's web store:
      # Virtually Unlimited .ZIP File Size allows for .ZIP files exceeding 4-gigabyte archive limitation of other .ZIP products; create archives in excess of a terabyte in size!
      # More Files-per-archive allows a practically unlimited number of files files per .ZIP file â" greatly exceeding the 65,535 compressed files limit of other .ZIP products.

      These two limitations used to appear in old versions of PKZip (2.04G and earlier), and still appear in the open-source (BSD license) Info-ZIP utilities, upon which WinZip is based. Thus for large zip files, WinZip and PKZip are already incompatible (i.e., WinZip doesn't support anything larger than 4GB, and supports a max of 65,535 files inside a Zip file -- WinZip will NOT read these files). I think there's also a mention of new compression methods not supported by WinZip as well, but I couldn't seem find it again.

      --
      My journal has hot /. gossip.
    3. Re:Splitting Those ZIPs by agentZ · · Score: 5, Informative

      They are still out there, thanks to Skylarov's old company. Elcomsoft makes an Advanced Zip Password Recovery tool.

    4. Re:Splitting Those ZIPs by WD · · Score: 4, Informative

      Yeah, but don't forget one of the main advantages of using zip... It'll join multiple files into one archive.

    5. Re:Splitting Those ZIPs by Surak · · Score: 5, Informative

      Um, I've hit those limits before and I am neither. I've had to move *large* amounts of CAD data over FTP, and ZIPping or tarballing all the files down is the only practical way. Tarballing is fine until some you have to send it to some lame Windows user who complains he can't open it because WinZip insists on ungzipping a tarball to a tar file in a temporary directory first, rather than streaming it as happens on *nix with 'gzip -dc foo.tar.gz | tar xvf -'

      --
      My journal has hot /. gossip.
    6. Re:Splitting Those ZIPs by jdew · · Score: 2, Informative

      tar? _all_ it does is join multiple files together

    7. Re:Splitting Those ZIPs by Phantasmo · · Score: 4, Informative

      Yup, still does. It uses code from Info-ZIP (so GPG probably uses zlib, same thing) to compress the file before encrypting: a compressed file is, in theory, non-repetitive data and is therefore less crack-able.

      So, try tar or compress-less zip to package up a bunch of files and then encrypt with PGP/GPG.

      --

      The US Army: promoting democracy through unquestioned obedience
    8. Re:Splitting Those ZIPs by ymgve · · Score: 2, Informative

      Not really. RAR has two modes, 'solid' archiving where all the files in the archive is one big compressed stream, and 'non-solid', where each file is compressed individually.

    9. Re:Splitting Those ZIPs by Anonymous Coward · · Score: 1, Informative

      WinZip 9.0, the version being discussed does support the the >4GB support and more than 65535 files. It also supports deflate64. And from the FAQ's on their web page, it would appear that the original code was based on info-zip, but that the code they currently use has been modified and updated by WinZip themselves.

    10. Re:Splitting Those ZIPs by klui · · Score: 2, Informative

      Under HPUX 10.20/11.x all you need to do is recompile Info-ZIP with a flag and it will support large files. Never had bumped into max number of files before.

    11. Re:Splitting Those ZIPs by ComputerSlicer23 · · Score: 2, Informative
      Sorry Charlie, if a zip file was very reptitive, it'd be more compressible. A well compressed file looks like random data (so does encrypted data). If it doesn't, get a better compressor. Repeative data is redundant, compressing removes the redundancies. That's the general idea of compression.

      Yes, the header will match the magic bytes, but that is also true of nearly any file format. All DOS executables start with MZ, GIF's start with a specific set of bytes. Linux executables normally start with ELF within the first handful of bytes, most perl scripts have perl on the first line. Every file format listed in the magic file has some easily recognizable format.

      Also encrypting a file normally doesn't make it any large then to pad out the block size. I know that DES and RSA don't. I can't recall any from when I read the first edition of Applied Cryptography that did.

      Kirby

  2. Reverse engineering? by Karamchand · · Score: 1, Informative

    What about reverse engineering? If hordes of *nix programmers can do it why can't Winzip do it? Legal issues? ...?
    Thanks for any insight!

  3. Windows ZIP by PauloSousa · · Score: 1, Informative

    So what's the problem?
    Just use GPL $zip and Windows Zip Folders!
    Those are compatible...

  4. Re:More importantly.. by jat850 · · Score: 5, Informative

    Should be compatible with all of them:

    Neither PKWare nor WinZip encrypt archived files by default. This means the vast majority of .zip files will probably continue to adhere to the old, universal format for the foreseeable future.

    So it sounds like the only change is in the encryption methods used in each program.

    --
    the blood has stopped pumping, and he's left to decay
    the me that you know is now made up of wires
  5. Re:More importantly.. by pir8garth · · Score: 2, Informative

    Correct...most users that want encryption probably do so after the fact, and thus the mainstream application of using zips shouldn't be effected. The only issue here that I see is if people, or more specifically companies agree to encrypt zip files for security purposes, they must make sure that a standard program is choosen/used to prevent corrupt file confusion.

    --
    Something clever...
  6. Re:non issue .. by afidel · · Score: 4, Informative

    you would think so from the article, but reality so far has shown differently. I have already run into two instances where someone using the beta copy of winzip9 used the new format by accident and those people using pkware or xp's built in zip readers could not read the file because of some header issue or something like that. Once they rezipped the file with the winzip8 option (aparantly that's what they did as both posts said something to that effect) no one had a problem reading the file. I hope that whatever issue is causing this is removed before the release version.

    --
    There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
  7. Try something new by TheNumberSix · · Score: 5, Informative

    Perhaps if you find Winzip annoying, you might like to try a nice OSS alternative zip program without annoying nag screens?

    I like 7-zip, it's free, has a context menu, supports tar.gz (which the native WinXP unzipper doesn't do) and it's light-weight.

    --
    Never confuse feeling with thinking.
  8. They're hardly zip files by maggard · · Score: 5, Informative
    First off the issue isn't the compression, it's encryption. Thus the problem isn't a new one, it's been around since the first extension of zip to involve other sorts of mangling. No standard zip library can read those, it's just that the big two commercial vendors have 'til now kept compatibility with each-other's encryption routines.

    The unfortunate part is that this is even being called "zip" at all. These aren't, they're zip with proprietary extensions for a completely different purpose. Zip is being used as a brand name and being "embraced and extended". Truth be told these should now be called zep or something files, not misrepresented as simply zip compressed files.

    What will this all break? Well for the suckers who use the encryption they're locking themselves into that one vendor's proprietary extensions. They won't be able to send their compressed files or archives and reliably assume they'll be readable. With zip now a standard part of many OS's (even WinXP now includes it) these mislabeled files will cause confusion and increased complexity.

    What can folks do about this? First reconsider corporate licenses for these increasingly un-zip applications. No need to increase the Help Desk's burden with unnecessary/non-standard extensions. Send out a memo reminding folks about policies regarding encrypting company material, the management of the keys used, and the real quality of the encryption used. Look at the free alternatives to the commercial apps, there's little that these applications do that can't be done just as well with free tools.

    Zip's value lies in it being a standard. Don't support inappropriate proprietary extensions to it.

    --
    I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
  9. Freezip by mark_space2001 · · Score: 1, Informative

    Freezip is my favorite zip program. Simple, to the point and does everything I need.

  10. Re:Are they stupid? by martin-k · · Score: 2, Informative
    Au contraire. Compressing first makes pattern-detection in encrypted data more difficult. That's why PGP compresses first, then encrypts (besides the fact that PGPing something increases its file size, and compressing offsets that).

    --
    SoftMaker Office for Windows|Linux|Android
  11. W - R - O - N - G by FallLine · · Score: 2, Informative

    The DCMA explicitly allows reverse engineering for interoperability and this is precisely what WinZip would be doing. http://www.loc.gov/copyright/legislation/dmca.pdf, Page 5, Exception #2. Please read it for yourseld and grab a clue. The tired assertion that the DCMA kills innovation is tired and largely false (at least insofar as it is popularly presented on slashdot)

    1. Re:W - R - O - N - G by OrenWolf · · Score: 2, Informative

      What??

      DeCSS Did nothing to prevent playback of anything, nor was it it's purpose.

      The ONLY purpose of DeCSS was as a method for the DVd Consortium to reap license fees on the tech. DeCSS licensed *players*, not copyright holders. Piracy isn't the concern of the DVD Consortium with DeCSS - loss of revenue due to unlicensed *players* is.

      And By the way, the Law doesn't say that reverse-engineering is legal only if the result isn't "too easy to circumvent the technology". The law shouldn't (and doesn't) care. Reverse-engineering for the purpose of interoperability, no clause about being too easy to "circumvent the technology".

  12. Zips and Zips and Zips by cshark · · Score: 5, Informative

    That's a real shame. I thought the zip specification was open to anyone who wanted to use it? I stopped using Zips about three months ago in favor of the 7zip format. 7zips are smaller and more secure. The best part about 7z's is that it's an open source format. Fully documented, and entirely free. They also tend to be a lot smaller than standard .zip archives. Just an opinion.

    --

    This signature has Super Cow Powers

  13. Re:More importantly.. by mcg1969 · · Score: 5, Informative

    We're not talking about the old password encryption methods; we're talking about the new AES-based encryption methods implemen ted in WinZip 9 and PKZip.

  14. distant second? thats generous by Mondain98 · · Score: 2, Informative
    PKZip, while perfectly good, is running a distant second in popularity based on my observations.

    I think the reality is that PKZip is running far behind. I'll go so far to say that RAR is ahead of them. I use RAR over ZIP any chance I can; if it werent for compatibility with "administrative assistant" types, I would do everything in RAR. Better compression, better features.

  15. Re:More importantly.. by trickytree · · Score: 2, Informative

    The Zip format has changed, and you will see this reflected if a) the archive is bigger than 4Gb, b) contains more than 65,000 files, or c) the user turned on Bzip compression in PK. 95% sounds about right.

  16. Re:More importantly.. by Anonymous Coward · · Score: 1, Informative

    No, usually bzip2ed is

    BZh91AY&SYIÃOETA
    "h0
    ÃîHÂ

  17. Re:More importantly.. by cakoose · · Score: 3, Informative

    I think that ZIP is more like .bz2.tar instead of .tar.bz2. This means that you can extract individual files without decompressing the whole archive. This is probably why Sun went with ZIP for JAR files (because it's convenient to get at some .class files without unzipping the whole thing).

    This difference is also probably why .tar.gz and .tar.bz2 are usually smaller than ZIP archives. I don't think ZIP runs different files together so it can't take advantage of longer streams.

  18. The joke's on them... by poptones · · Score: 4, Informative

    If you look at the volume of archives posted to usenet (and elsewhere) it's pretty obvious that both these are simply trying to catch up to RAR. The only thing I use winzip for now is opening windows CAB files. And I'm pretty sure winrar does that, now, too.

    1. Re:The joke's on them... by Anonymous Coward · · Score: 1, Informative

      Winzip has been doing tars for years now. Just thought you should know.

  19. Re:More importantly.. by KevCo · · Score: 1, Informative

    "And come to think of it, what further changes are they planning anyway"

    Why would anyone mod up a post as "insightful" when he clearly didn't even RTFA? The changes are adding strong encryption. They are not "making themselves incompatible". The old format still remains unchanged unless you are using encryption. PKWare implemented encryption first but didn't publish complete details on their implementation so WinZip was forced to go their own way.

    It's amazing what can be learned by actually reading.

  20. PkWare has already published the file INFO!!!! by egoots · · Score: 1, Informative

    What are you talking about?

    If you go to PkWare's web site there is a link on their front page which says they have published the file format changes so everyone can play nice. This page then links to another application note with the actual format spec inside.

    Note also, Pkware actually added their new encryption, authentication, and extra compression options in V5.0 last year. Their newest release is V6.0. To be fair, I dont know when they published the spec?

    1. Re:PkWare has already published the file INFO!!!! by egoots · · Score: 2, Informative

      ...never mind.

      I finally got through to the original IGN news article posting (and not just the slashdot replies) and it clarifies what the actual issues are. My parent post here didnt add anything useful.

  21. NSIS by UnConeD · · Score: 2, Informative

    Thankfully there's still some great Windows software around, like NSIS (by Nullsoft). It doesn't bother unzipping itself first (single EXE), it is small, it is powerful, open-source, .... The only thing that sucks is how you create an installer, you have to write a script in a language that's a mix between assembly, PHP and C. It's not at all hard if you're a programmer, but this is the reason why NSIS will never reach those stupid companies that put their Installer in an EXE in an EXE in a ZIP.
    If someone were to make an NSIS-script wizard (for people who can't use the script-system) for basic actions and commonly used stuff, it would put InstallShield and friends to eternal shame.

  22. Re:As I am sure by Anonymous Coward · · Score: 1, Informative

    since when MS-Windows is a standard? I don't think it is POSIX compliant.

    NT/2000/XP's Win32 subsystem is not POSIX compliant. Its POSIX subsystem is.