.ZIP Standard to Fragment?

fudgefactor7 writes "As IDG.NET tells us, the venerable .ZIP compression standard is about to undergo a bit of a schism. PKWare and WinZip, the "big two" in the .ZIP format biz are (unfortunately) going to be making their respective releases incompatible (to an extent) and an archive made with one may not be accessible from another. The problem lies with PKWare not giving information to WinZip, thus making WinZip to go it alone."

Splitting Those ZIPs

[Ken@WearableTech]

The post was a little hyped. PKWare and WinZip only split on the encryption of the Zip file. I for one have long since encrypted Zip files with PGP when I needed that security. Zip encryption has always been a joke, and I doubt that too many are going to replace what ever trusted methods they have come up with for PKWare or WinZip's new method.

It is too bad that they split, but I use Zip files for compression not encryption. The compression is still cross-compatible, so life will go on.

Re:Splitting Those ZIPs

[grub]

I for one have long since encrypted Zip files with PGP when I needed that security

PGP zips files before encrypting them. At least older versions did. See this page

Re:Splitting Those ZIPs

[Surak]

WinZip and PKZip are ALREADY incompatible in some areas.

From Pkware's web store:
# Virtually Unlimited .ZIP File Size allows for .ZIP files exceeding 4-gigabyte archive limitation of other .ZIP products; create archives in excess of a terabyte in size!
# More Files-per-archive allows a practically unlimited number of files files per .ZIP file â" greatly exceeding the 65,535 compressed files limit of other .ZIP products.


These two limitations used to appear in old versions of PKZip (2.04G and earlier), and still appear in the open-source (BSD license) Info-ZIP utilities, upon which WinZip is based. Thus for large zip files, WinZip and PKZip are already incompatible (i.e., WinZip doesn't support anything larger than 4GB, and supports a max of 65,535 files inside a Zip file -- WinZip will NOT read these files). I think there's also a mention of new compression methods not supported by WinZip as well, but I couldn't seem find it again.

Re:Splitting Those ZIPs

[agentZ]

They are still out there, thanks to Skylarov's old company. Elcomsoft makes an Advanced Zip Password Recovery tool.

Re:Splitting Those ZIPs

[WD]

Yeah, but don't forget one of the main advantages of using zip... It'll join multiple files into one archive.

Re:Splitting Those ZIPs

[Surak]

Um, I've hit those limits before and I am neither. I've had to move *large* amounts of CAD data over FTP, and ZIPping or tarballing all the files down is the only practical way. Tarballing is fine until some you have to send it to some lame Windows user who complains he can't open it because WinZip insists on ungzipping a tarball to a tar file in a temporary directory first, rather than streaming it as happens on *nix with 'gzip -dc foo.tar.gz | tar xvf -'

Re:Splitting Those ZIPs

[Phantasmo]

Yup, still does. It uses code from Info-ZIP (so GPG probably uses zlib, same thing) to compress the file before encrypting: a compressed file is, in theory, non-repetitive data and is therefore less crack-able.

So, try tar or compress-less zip to package up a bunch of files and then encrypt with PGP/GPG.

Re:More importantly..

[jat850]

Should be compatible with all of them:

Neither PKWare nor WinZip encrypt archived files by default. This means the vast majority of .zip files will probably continue to adhere to the old, universal format for the foreseeable future.

So it sounds like the only change is in the encryption methods used in each program.

Re:non issue ..

[afidel]

you would think so from the article, but reality so far has shown differently. I have already run into two instances where someone using the beta copy of winzip9 used the new format by accident and those people using pkware or xp's built in zip readers could not read the file because of some header issue or something like that. Once they rezipped the file with the winzip8 option (aparantly that's what they did as both posts said something to that effect) no one had a problem reading the file. I hope that whatever issue is causing this is removed before the release version.

Try something new

[TheNumberSix]

Perhaps if you find Winzip annoying, you might like to try a nice OSS alternative zip program without annoying nag screens?

I like 7-zip, it's free, has a context menu, supports tar.gz (which the native WinXP unzipper doesn't do) and it's light-weight.

They're hardly zip files

[maggard]

First off the issue isn't the compression, it's encryption. Thus the problem isn't a new one, it's been around since the first extension of zip to involve other sorts of mangling. No standard zip library can read those, it's just that the big two commercial vendors have 'til now kept compatibility with each-other's encryption routines.

The unfortunate part is that this is even being called "zip" at all. These aren't, they're zip with proprietary extensions for a completely different purpose. Zip is being used as a brand name and being "embraced and extended". Truth be told these should now be called zep or something files, not misrepresented as simply zip compressed files.

What will this all break? Well for the suckers who use the encryption they're locking themselves into that one vendor's proprietary extensions. They won't be able to send their compressed files or archives and reliably assume they'll be readable. With zip now a standard part of many OS's (even WinXP now includes it) these mislabeled files will cause confusion and increased complexity.

What can folks do about this? First reconsider corporate licenses for these increasingly un-zip applications. No need to increase the Help Desk's burden with unnecessary/non-standard extensions. Send out a memo reminding folks about policies regarding encrypting company material, the management of the keys used, and the real quality of the encryption used. Look at the free alternatives to the commercial apps, there's little that these applications do that can't be done just as well with free tools.

Zip's value lies in it being a standard. Don't support inappropriate proprietary extensions to it.

Zips and Zips and Zips

[cshark]

That's a real shame. I thought the zip specification was open to anyone who wanted to use it? I stopped using Zips about three months ago in favor of the 7zip format. 7zips are smaller and more secure. The best part about 7z's is that it's an open source format. Fully documented, and entirely free. They also tend to be a lot smaller than standard .zip archives. Just an opinion.

Re:More importantly..

[mcg1969]

We're not talking about the old password encryption methods; we're talking about the new AES-based encryption methods implemen ted in WinZip 9 and PKZip.

Re:More importantly..

[cakoose]

I think that ZIP is more like .bz2.tar instead of .tar.bz2. This means that you can extract individual files without decompressing the whole archive. This is probably why Sun went with ZIP for JAR files (because it's convenient to get at some .class files without unzipping the whole thing).

This difference is also probably why .tar.gz and .tar.bz2 are usually smaller than ZIP archives. I don't think ZIP runs different files together so it can't take advantage of longer streams.

The joke's on them...

[poptones]

If you look at the volume of archives posted to usenet (and elsewhere) it's pretty obvious that both these are simply trying to catch up to RAR. The only thing I use winzip for now is opening windows CAB files. And I'm pretty sure winrar does that, now, too.