PKWare Files a Patent Application for Secure .zip

prostoalex writes "The battle of ZIP formats might intensify as PKWare filed an application with USPTO to obtain a patent on its Secure Zip technology, which pretty much involves archiving with strong cryptography. If the patent gets granted, PKWare will license its algorithms for other software manufacturers. A representative of Aladdin Systems summed it up: "The good thing about the .zip file format was that you knew you could send it to everyone. Now that's getting broke.""

Use PGP

[unixwin]

zip & use pgp even better use bzip2 and pgp
secure and compressed

Re:Use PGP

[Nathan+Ramella]

Doesn't PGP already compress things before it encrypts? (Adds to the difficulty in decyphering it..)

Re:Use PGP

[FrankoBoy]

Indeed.

Re:Use PGP

not quite a good replacement. Take a 1 gig "protected" zip file and a 1 gig protected bzip2 + pgp file and get one specific file out of it. You'll see quite the difference in time spent and your methods.

Re:Use PGP

The confusion arises because zip does both multi-files and compression, instead of adhering to the unix philosophy of "do just one thing". So let's review the tools we have:

tar: to combine multiple files
gzip: to compress one file
pgp: to encrypt one file

Of course, we can use them in any other, but the order that makes most sense is: (1)gzip, (2)pgp, (3)tar.

Re:Use PGP

[daveq]

The reason it encrypts beforehand is that you can't really compress encrypted data. Well encrypted data should appear random.

PGP's algorithm of choice for compression may not be as cool as yours though, so you may want to use bzip2 anyway for particularly large files.

Re:Use PGP

[yintercept]

Of course, if this is one of those "we've patented the world" claims, then any program that produces an encrypted file that is smaller than the original would be in violation of the patent.

There is still room for encryption programs that make files bigger. I've been thinking of making a program that would automatically pad a document with additional legal verbiage and routinely add one billable hour, and see if I could sell it to the legal community.

Re:Use PGP

[Ian+Bicking]

Also you can't usefully compress encrypted content -- if you could find compressable patterns in an encrypted message, it wouldn't be very well encrypted, would it?

A strong encryption process shouldn't need compression for security. But compression can easily improve the speed of the encryption, since if you compress the text that means that much less text to encrypt (and compression is usually a lot faster than encryption).

Re:Use PGP

[BHearsum]

unencrypt $file | bunzip2 -c $file | tar --extract file.foo

(Yea, I don't know anything about PGP/GPG, shush.)

Re:Use PGP

[Gherald]

A more logical order is tar--> gzip --> pgp. Its more straightforward and takes less effort.

Re:Use PGP

Take a 1 gig .gz.pgp.tar file and a 1 gig .tar.gz.pgp file and get one specific file out of it. You'll see quite the difference in time spent and your methods. Are you reading the thread?

Re:Use PGP

[Gherald]

To be completely honest I have never used PGP. But encrypting a single file with it seems logical to me for greater ease of use.

Now if you are compressing 1 gig worth of data, I suppose you may have a point as far as time spent, but how often do people PGP that much information?

It has allways been my impression that the biggest use of PGP is exchanging short messages and documents.

Re:Use PGP

[dnoyeb]

so does gpg. www.gnupg.org.

Can we all say, "late!"

Re:Use PGP

Apparently you don't know anything about tar either. That's not how you untar from stdin.

Re:Use PGP

It has allways been my impression that the biggest use of PGP is exchanging short messages and documents.

The main reason I picked 1 gig as an arbitrary number when starting a thread is this: I came up with a backup system that backs up the files on the network I admin. This can create a severe security hazard. For instance I have accounting, HR, and management's files all on the same computer - this would be a jackpot if anyone busted through our firewall and managed to hack the backup server itself - which is moderatly secure.

So compression is a must where I work because backups are exported to remote locations (via sftp or whatever). But the question is - how do I secure this stuff, and if a user blows up their machine or mor likely wacks a few files, how do I get the file back, and how long does it take until I can give it back. A "secure" zip might not be much faster zipping and may not do as good with compression, but getting one file back is a hell of a lot easier.

btw, I do essentially just bzip > openssl aes for now

Re:Use PGP

[gregbaker]

Also you can't usefully compress encrypted content

Says who?

Consider piping your PGP output through this:

perl -pe "s/(.)/\$1\$1/g"

Is it compressable? Yes. Less secure? No.

Re:Use PGP

[aastanna]

Meh, PGP would be prior art on claims that broad (see the posts above).

Re:Use PGP

[mindriot]

Hmm, what's the big deal? I archive as .tar.gz under GNU, and pretty much all Windows extractors I know can handle that.

Besides, I do not expect this patent to change much. The 'default' file format will exist and stay in use; strong encryption will be more of a Bonus feature I expect...

Re:Use PGP

[Stackster]

Not really. Then you can't extract single files (or for that matter, adding or removing) from the archive without decrypting and decompressing the whole thing. If you do the tar last (and obviously, compression before encryption), you can get to individual files without bothering about the rest of them.
On the other hand, as long as the archives aren't that huge (and the machine handling them isn't too feeble), it's not that big a deal.

Re:Use PGP

[leandrod]

> Consider piping your PGP output through this:

perl -pe "s/(.)/\$1\$1/g"

Is it compressable? Yes. Less secure? No.

Hmm... can you translate that into structured English or something the like?

AFAIRI, you can't make encrypted content compressable withou destroying it.

Re:Use PGP

[Old+Man+Trouble]

It's a Perl oneliner which has a 'split' function doubling every character it's fed.

# echo slashdot | perl -pe "s/(.)/\$1\$1/g"
ssllaasshhddoott

Re:Use PGP

[Old+Man+Trouble]

Err... The 'substitution' operator that is.

Re:Use PGP

[Zeinfeld]

PGP + tar is not particularly good prior art. I suspect that the PK claim would be for a file format that allows individual files to be extracted without having to unencrypt each one.

A much better source of prior art IMNSHO opinion would be the XML Encryption standard which does allow for independent decryption of components. Also IBM has prior art with its 'cryptolopes' scheme.

Another source of prior art would be Matt Blaze's encrypting file system for UNIX and the Windows NT implementation.

Of course if the USPTO was not so corrupt it would be possible to raise this prior art with the examiner - the same way you can with every other patent system in the world.

Not very long ago people were complaining that Microsoft was somehow treading on PK by implementing integrated zip technology in Windows. I guess folks may want to reconsider that now. The fact is that the zip technology should always have had encryption.

Re:Use PGP

[bentcd]

Of course, we can use them in any other, but the order that makes most sense is: (1)gzip, (2)pgp, (3)tar.

Not if you care about security. And if you didn't you probably wouldn't be pgping them anyway. If you pgp as the last step, then an intruder will need to break the encryption before he'll know even how many files there are.

Re:Use PGP

[frostman]

Would I be in violation of the DMCA if I then removed the padding to make the document readable?

That's fine and all....

[flewp]

but I want a secure zipper. So many people are trying to get into my pants it's outrageous.

Re:That's fine and all....

[rhombic]

Somebody modded this as overrated? Must be on crack. The mere suggestion that anybody's trying to get into the pants of a slashdotter is hilarious (if a bit overused...)

Re:That's fine and all....

So many people are trying to get into my pants it's outrageous.

It's unfortunate that in your case it's mostly guys...

Re:That's fine and all....

[ryusen]

You've got a point there. What ever happened to Nerds are sexy?

Re:That's fine and all....

[jaavaaguru]

A Slashdot-approved secure zipper would stop Hot Grits getting in too.

Re:That's fine and all....

You forget that Slashdot is the place where anyone can get even with this big, cruel world through mod points - every last anti-social, passive-agressive one of us!

Re:That's fine and all....

I'll trade pants with you. I have a definite lack of people trying to get into mine. :(

(Or does that count towards your problem by me trying to get your pants?)

Re:That's fine and all....

[tealover]

As the original Hot Grits guy, I thank you for that comment. Almost made me do a spit take with my pistachio ice cream!

Re:That's fine and all....

[dtfinch]

Most of my fellow nerds from high school came out of the closet in the 3 years since I graduated. I asked one of them why and he said he just didn't believe he could ever find a girl who would want to be with him. Another now poses as a girl, but claims that he's not gay, and only does it for the money. Some of the people who used to know him but don't know his secret think he's dead.

Sure nerds are sexy but too many of them lack the interpersonal skills to find a girlfriend. I'm still looking, and don't plan on giving up soon.

Re:That's fine and all....

[ryusen]

Actually you've got a point... it is largly a confidence issue. Girls seem to like guys who are confident in themselves (and there are the few who like insecure guys of course).
As for trying to find a girlfriend, sometimes they come about in the weirdest of places and times.. especially when you are not looking. That's essentially what happened to me... i ran into an old friend from college, we grabbed some food, soem drinks, then all of a sudden i realize that we've been seeing each other regularly for a month now... sometimes it just happens, i guess.

Re:That's fine and all....

[Artificer]

And you're complaining?!?

OSS To The Rescue?

What OSS alternatives(multi-platform: win/mac/lin), if any, to zip,rar,etc are available?

Re:OSS To The Rescue?

bzip, gzip, tar replace zip and rar.

Re:OSS To The Rescue?

There are none. One might think that the OSS community might have had incentive to create programs to, for instance, create Tape ARchives, but it seems to have never come to pass. Us linux people will forever be using Wine in order to run WinZip.

(AFAIK, there are no similar solutions for the Mac. One of the many reasons why the "first 64-bit desktop computer" is still utterly useless.

Re:OSS To The Rescue?

[Jontu_Kontar]

7-zip, I've been using this for quite a while. It works just as well as "Winzip" but is free and supports more formats. The wonder of Open Source Software!!!

Re:OSS To The Rescue?

TAR was created before much of the current 'open source community' was born.

Let's give credit where it should be given.

Re:OSS To The Rescue?

[innocent_white_lamb]

but is free and supports more formats.

and less platforms. 7-zip is Windows only.

Re:OSS To The Rescue?

[Kenard]

Tap ARchives? what's that? some kind of file grouping format that has no compression at all?

Re:OSS To The Rescue?

[kyz]

• ZIP itself (Info-ZIP, not PKZIP) is OSS and cross-platform. It's the third most portable program in the world.
  
• 7-Zip is OSS and multi-platform, it uses the latest compression techniques.
  
• gzip and bzip2 are compressors, they can be coupled with the archvers tar or cpio (UNIX standards). tar + gzip is generally considered the most acceptable cross-platform solution, there are lots of people who couldn't unpack bzip2, almost nobody outside unix can unpack cpio + bzip2.
  
• There are various other cross-platform archivers that are OSS, but few people use these days (such as LhA) for cross-platform purposes because the ZIP format is both ubiquitous and completely public domain.
  

Ironic quote from Aladdin Systems

[extrarice]

[quote]
A representative of Aladdin Systems summed it up: "The good thing about the .zip file format was that you knew you could send it to everyone. Now that's getting broke."
[/quote]

This quote is funny coming from a company that sells a competing compression format (.sit)

Re:Ironic quote from Aladdin Systems

[smeenz]

Ironic quote from Aladdin Systems (Score:3, Funny)
by extrarice (212683) on Saturday July 26, @11:37AM

Text compression (Score:3, Funny)
by smeenz (652345) on Saturday July 26, @11:37AM

Touche! :)

Re:Ironic quote from Aladdin Systems

[rizawbone]

How is that even the least bit ironic?

Re:Ironic quote from Aladdin Systems

Easy, you just have to redefine ironic. Languages change over time, for some reason "ironic" seems to be turning into "strange" or plain "hypocritical". I just wish we had a new word for irony, because it's a very important concept (and a little deep for some people).

Re:Ironic quote from Aladdin Systems

[extrarice]

You lousy stalker, you!!

"I'll get you Hey Steve if it's the last thing I ever doooooooo!!!"

Re:Ironic quote from Aladdin Systems

Because I don't need 10000 spoons, just a knife.

Re:Ironic quote from Aladdin Systems

Irony, as you rightly state is an oft misused word, but I think you'll find the grand-parent post has used the word correctly, indeed well, and to good effect in the context.

Re:Ironic quote from Aladdin Systems

Do you need a fork? I found one in the road and I don't need it.

Re:Ironic quote from Aladdin Systems

Is this news contrary to what you would have expected?

Re:Ironic quote from Aladdin Systems

[Waffle+Iron]

What's truly ironic is that so many would-be grammar scholars flag every usage of the word ironic as an error, even when it is used correctly.

Re:Ironic quote from Aladdin Systems

I would not consider .sit a competitor to .zip. StuffIt is the .zip for the Mac niche. It's the only archive format out there that is sensitive to Mac OS resource forks. For certain types of Mac files (read: most), putting your data into a zip archive will render them useless. Though reliance on the resource fork is decreasing in Mac OS X.

Aladdin writes software handles zip files, too. So they DO care about inter-operability. They have a perfectly honest and legitimate interest in this.

Re:Ironic quote from Aladdin Systems

[rizawbone]

Read what I wrote. I never said it was used incorrectly, I just fail to see the irony. Aladdin popularized .sit as a mac compression format, it's program to compress/decompress is basicly free. .zip is a pc compression format, also basicly free in it's many programs. How are they competitors? They're two similar tools used almost exclusively on two different platforms. Again, how is this even the least bit ironic?

Re:Ironic quote from Aladdin Systems

[bsharitt]

It looks like .sit archives are in decline while people are using disk images more.

Re:Ironic quote from Aladdin Systems

[innate]

You're partly right. StuffIt was the main compression format until OS X came along, but it's not the only format that preserves resource forks.

Today you'll mainly see .dmg (disk image) format, which features compression, optional encryption, and preserves resource forks. Also common are .pkg (a compressed installer, which can include files with resource forks) and .tar.gz files (I don't think they preserve resource forks).

And some folks still use Stuffit .sit files.

Re:Ironic quote from Aladdin Systems

[_Knots]

It's still damn two-faced, though. They managed to convince legions of Mac users to use a proprietary archiving format (all StuffIt 3.x and later were undocumented), but they placated desire for cross-platform capability with support for all the common PC formats (without Mac features, natch). They also changed the format a lot (in 5.x and again in 7.x), possibly in response to other people reverse engineering it.

Thus Aladdin took full advantage of the openness of the ZIP format for so long, for compatibility, but used closed formats to keep competitors away for Mac-specific files. It is somewhat ironic, then, that they are complaining about ZIP becoming closed when people have certainly complained in the past about their format being closed.

--Knots;

Re:Ironic quote from Aladdin Systems

[nutsy]

Yes, and thank God and UC-Berkeley that Apple is finally, FINALLY, moving away from the data fork/resource fork garbage. Hopefully this will mean an end to Aladdin Systems's de facto monopoly on file archiving under Mac OS. I'm really, really tired of reaching a dead end because nothing opens StuffIt archives except StuffIt.

And now, due to their damned patenting efforts, PKWare seems to be attempting to do the same thing for zip archives, which seems to be the whole point of, y'know, the article there.

Re:Ironic quote from Aladdin Systems

[1u3hr]

It's the only archive format out there that is sensitive to Mac OS resource forks. For certain types of Mac files (read: most), putting your data into a zip archive will render them useless.

Unless you use ZipIt. I use it mainly to exchange files with PCs, but it works fine as a Mac archiver. The interface is cloned from Stuffit.

It's not difficult to store both forks of a Mac file into one file, say using Macbinary, and then compress it with the archiver of your choice. I don't know if that's how ZipIt works.

Re:Ironic quote from Aladdin Systems

[Lord+Kano]

When I was exclusively a Mac OS user, there was Compact Pro, .cpt which was sensitive to the resource forks and I used to use MacZip on occation as well. I never had a problem with my resource forks getting boogered up.

When I ran my MacOS based (Hermes II) BBS, there was a utility (I believe Chris Owen wrote it) to convert .sit archives to .cpt archives because they tended to be a few k smaller, at least back when most BBS downloads were in the 1MB size range.

LK

Text compression

[smeenz]

It's good to see Aladdin Systems are demonstrating their lossy text compression technology by saying that the ZIP format is "getting broke" rather than "getting broken"

</tongue>

7-zip

[fredrikj]

Everybody, start using the (open source) 7-zip instead.

Re:7-zip

I've used 7-Zip... it sucks donkey cock in terms of interface design. I've been using FilZip as of lately. It handles basically any file format flawlessly (even RAR and ACE!) with a nice interface that doesn't suck as much cock.

Re:7-zip

[pla]

Everybody, start using the (open source) 7-zip instead.

No kidding. It amazes me that a lot more people don't use this - It handles all the major formats (zip, tar, gz, bz2, cab, no "sit", though) better than the "native" program for them does, and hey, open source to boot. And, its "7z" format really does get 10-30% better compression than even bzip2.


Gotta agree with the other response to you, though - the interface needs MAJOR work. It doesn't "look" bad, but feels very counterintuitive. Hell, if they totally eliminated the psuedo-explorer-esque look and just let me drag-and-drop, I'd consider it perfect.

Re:7-zip

[WEFUNK]

Also, everybody, start using broadband and DVD-RW instead of .zip and floppies.

Re:7-zip

[John+the+Kiwi]

I thought that about 7-zip at first too. Then I realised that you don't need the interface.

Just right click and pick a folder.

John the Kiwi
www.johnthekiwi.com

Re:7-zip

Hey buddy, the world is not you and your 0-Day download/trading buddies. Not everyone can afford a DVD burner, or has a reason to use broadband. Hell, not everyone uses ZIP to compress files to fit onto floppy either.

I compress something into zip if I need to transfer a document via email because our email server anti-viral software doesn't allow certain file types. If I am unsure of a file type, I don't need the annoyance of some person replying because the server killed my file. I am sure there are plenty of other justifications of ZIP compression besides fitting fscking files onto floppy. But if not, there is nothing wrong with that either.

Re:7-zip

Doesn't look like it has any sort of encryption.

I'll stick to IZArc that can do 256 bit AES.

Re:7-zip

[Threni]

"Doesn't look like it has any sort of encryption.

I'll stick to IZArc that can do 256 bit AES."

So you must have missed:

http://www.7-zip.org/7z.html

7-Zip also supports encryption with AES-256 algorithm. This algorithm uses cipher key with length of 256 bits. To create that key 7-Zip uses derivation function based on SHA-256 hash algorithm. A key derivation function produces a derived key from text password defined by user. For increasing the cost of exhaustive search for passwords 7-Zip uses big number of iterations to produce cipher key from text password.

Re:7-zip

[BiggerIsBetter]

It amazes me that a lot more people don't use this

I've been computing since ZX-81 days, and this is the first I've heard of it. Better software is all well and good, but not if no-one knows about it - It probably doesn't help needing to run it under Wine (the CLI version!) on Linux either... Ports are on the To-Do list.

Props to Grandparent post for finally letting the masses know about it.

Re:7-zip

[jmccay]

Anything is better than pkzip for windows. It sucks. It is way to slow just to load! Winzip is faster, but I will try this one.

Re:7-zip

[shish]

A couple of things:

o) It's windows only, and WINE won't run the main thing
o) The self extractors it creates *do* run under wine - so if you get a .7z file and you're on linux, do `cat 7z.sfx file.7z > newfile.exe` (7z.sfx being the self-extraction header)
o) I want a native linux version!

Re:7-zip

It's open source at least, someone could port it.

Re:7-zip

[rnash]

Can you explain why it's been 2.30 beta since 2001-10-01 17:00 ? look at Sourceforge Download list ("Below is a list of all files of the project") .

2.30 Beta 5 on 2001-10-01 17:00 and 2.30 Beta 32 on 2003-05-14 17:00 !

Couldn't have they released a 2.2x stable in 19 months ?

Their "last stable" seems to be 2.24 (released on 2001-03-21, at the bottom of the page), Previous version of 7-Zip (it doesn't support 7z format).

Re:7-zip

[Magic+Thread]

The 2.30 "beta" is actually quite stable. The author doesn't want to release a "stable" version until it's totally bulletproof. See this post on the 7-zip forum.

Re:7-zip

[Fallen_Knight]

How does it comepare to RAR thou? Out of everything i've tested/tried/used winRAR gets thee best compression, and thats with 5% recovery record to

Re:7-zip

[pla]

How does it comepare to RAR thou?

Check out the comparison table at 7-zip's homepage.

It claims about 9% better than WinRAR. I haven't personally verified that claim (mostly because I never RAR anything, I either zip them or 7z them), but... Since it costs nothing, download a copy (From the link I gave above) and see for yourself.

At worst, you'll delete it tomorrow. At best, you'll find a great new (free!) program to handle all your de/compression needs (And no, I have nothing to do with its development, so this doesn't count as a shameless plug).

score -1 obvious

[intermodal]

wow. obviously, for windows the gnu zip (gz) is available, as well as for Mac/Linux/BSD natively. Secure? encrypt it with PGP or GnuPG. Problem solved. I'm sure a plugin can be written for the lazy, though.

Re:score -1 obvious

[thebagel]

Maybe some people can't figure out how to actually USE GnuPG. I, for one, struggled with it for hours and eventually gave up. GPG is NOT for the average user. And I'm NOT an illiterate.

Re:score -1 obvious

[intermodal]

i never said you were. I use a plugin to do it myself, in fact, with my emails. pgp4pine. there are similar for some other programs i'm told. There's more to pgp and gnupg than just command line pain in the ass.

Not free (technically) but

[bersl2]

Can't Winzip handle tar and gzip? Isn't gzip fairly cross-platform?

Re:Not free (technically) but

[bersl2]

But of course, in retrospect, I miss the point entirely...

Re:Not free (technically) but

[Squidgee]

Squidgee porn?

Re:Not free (technically) but

Well, not entirely. After all, open formats are just as good. Most people are too lazy to care.

The other day I had to decode a MIME file containing an AppleSingle file containing a Microsoft XLS file. Of course the whole thing would have been fine in fixed width text. But no, they had to use Open, Apple, and Microsoft encodings all at once. I'm sure they didn't even understand how crazy that was.

Re:Not free (technically) but

[Phroggy]

Can't Winzip handle tar and gzip? Isn't gzip fairly cross-platform?

gzip can only compress a single file, while zip can compress an entire hierarchial tree. This is why if you want to compress more than one file with gzip, you have to tar it first (.tar.gz aka .tgz). Tar by itself, of course, does no compression at all, just sticks things together.

One disadvantage of this that I've heard is, if the compressed file becomes corrupt, it's much easier to recover most of the contents with zip than tar/gzip; if you can recover all but one file, you may lose a single file from the zip archive, but if you can't extract the tar file, you've lost everything. I'm not sure how big a deal this is or whether it's even accurate, but I heard it somewhere.

Re:Not free (technically) but

Did you just cream your pants? Sad fucktard.

Re:Not free (technically) but

[tarquin_fim_bim]

gzip can only compress a single file, while zip can compress an entire hierarchial tree
find -exec works on most systems to produce a hierarchial structure.

Re:Not free (technically) but

[Squidgee]

No, see, I'M Squidgee.

Re:Not free (technically) but

[Phroggy]

find -exec works on most systems to produce a hierarchial structure.

Resulting in a million little .gz files? OK, but that's obnoxious. I meant compressing the whole tree into one single compressed file; sorry if I wasn't clear.

Re:Not free (technically) but

[bersl2]

Well, there's always narcissism...

Re:Not free (technically) but

Unfortunately, though technically it can, it can't do it as nicely as it handles .ZIP. For instance, you have to decompress the TAR into a temporary file, IIRC; otherwise you can't view the contents of the individual files in the archive, or even the directory.

Re:Not free (technically) but

[sporty]

Of course, you can always do the reverse. gzip all the files, then tar the results together. You lose the advantage of doing ...

tar -cvf - /tmp | gzip -c > out.tar.gz

There's no way of doing...

gzip * -c | tar -cvf out.gz.tar

That'd be fairly neat.

Re:Not free (technically) but

[Phroggy]

tar -cvf - /tmp | gzip -c > out.tar.gz

tar cvfz out.tar.gz /tmp

Much easier, if you're using gnutar, or whatever supports the -z option. The dash is now deprecated, for some odd reason.

Re:Not free (technically) but

Way too much work, but hey:

find|while read i; do gzip -9 "$i"; done; tar cvf gzs.tar .
find|grep gz$|while read i; do gunzip "$i"; done

Re:Not free (technically) but

You won't lose everything if the tar.gz is corrupt. You will lose everything AFTER the corrupt block. Files that appear before it will still be untarred. Chances are you will get portions of a file that is corrupt, too.

tar and gzip are based on pipes and streams. They're surprisingly flexible. If gzip craps out in the middle of the input, it will still output as much as it can figure, and tar will work from that, even if it is incomplete.

Re:Not free (technically) but

[sporty]

I know.. but just trying to prove the point. Btw, tar -y is better ;)

bzippy goodness.

Re:Not free (technically) but

[GiMP]

The 'y' option to tar doesn't exist and hasn't existed for quite some time (although some distributions patch tar to reinclude it for nostalgia). The proper argument is now 'j'.

Re:Not free (technically) but

[Aeonsfx]

No its not. bz is not a native GNU application, and my FreeBSD bz2 uses either 'y' or 'j'. I use the 'y' way, because its better

Re:Not free (technically) but

they'll take the dash out of my cold dead hands dammit!

use dashes!

use man not info!

Re:Not free (technically) but

[GiMP]

Infact, -y is not even mentioned in the GNU tar manual page; as -y was never in the official GNU tar (iirc); but there was an I :

-j, --bzip2 filter archive through bzip2, use to decompress .bz2 files. WARNING: some previous versions of tar used option -I to filter through bzip2. When writing scripts, use --bzip2 instead of -j so that both older and newer tar versions will work.

Re:Not free (technically) but

Reasons why 'y' is good: Z and z are taken by compress and gzip, respectively. y is the letter before that.

Problem: what happens when some trendy new compression method comes out? Will that be compital Y? What about after that? Obviously you can't use x.

I think bzip2 is just that: trendy. It will save you more space, but at the price of more memory and processor consumption. Ain't not a whole lot wrong with gzip, and bzip2 is somewhat hackish.

It's good if you are downloading something huge, like a kernel, over a slow line, I'll give it that. But I prefer to use gzip whenever I can.

Back to our topic: an unpatched GNU tar supports neither y nor j. It is the vendors that are doing this. It's also worth noting that you can get bzip in GNU tar by using: tar --use-compress-program bzip2 xvf file.tar.bz2

Re:Not free (technically) but

[Phroggy]

Slackware 4.0 used -I, Slackware 7.0 and 7.1 used -y, and Slackware 8.0 or 8.1 switched to -j. Going back and forth between servers with different versions installed and getting errors every time I tried to use bzip2 with tar was pretty damned annoying. I agree that -y makes the most sense, but -j is the future!

this will be bad for...

[Comsn]

all of those companies who run brute force zip password cracking.

otherwise its a great idea, albiet way too late, pgp and others have been out for a long time. pkware should have had encryption from day one, instead of simple password protection.

Zip?

RAR!

C'mon seriously, people still compress things in zip?

Re:Zip?

[Gherald]

Windows people love their .zip's for casual file exchange.

RAR's best use is distributing windows program warez, or for transfering particularly large amounts of personal files through an IM program, especially on a 256k or less connection.

BTW, anyone know of a good OSS/freeware RAR archiver for *nix ?

extensions

[exhilaration]

Ideally, a new extension should be used for any format that is incompatible with existing ZIP archives. For example, EZP for encrypted zip, or SZP for secure zip.

But it's likely that they'll keep using ZIP because of its brand recognition. That's really too bad, but at the same it might frustrate people enough to get them to try another compression format, like BZIP.

Re:extensions

[dmeranda]

What's an extension? I use Content-Types like application/x-patented-zip and name all my Zip(TM) files "archive.this.is.not.tar", and when I am forced to use Windows I never see an "extension".

Seriously, the true value of their intellectual "property" (sic) is that of their trademarked brand name. As an archive format it is pretty uninteresting. Everybody knows what "zip" means. Adding a patent in this area to me seems like a dumb move; another one of those all-to-common desparation moves by a failing company to have the USPTO save it. In the late 1990s companies looked for VC firms to save them from their own shortcomings, today the trendy savior seems to be the USPTO.

To me this move just screams "Use our patented technology to secure your important files....BTW you must use only our software and we can revoke your rights to use our patent at any time rendering your important files so secure that not even you can read them legally again!" That's enough to keep me from using their format; it's my data and I don't want my access to it to be contingent upon some party outside of my control.

Re:extensions

their intellectual "property" (sic)

Hmm, that's an interesting use of 'sic' -- don't you know you're supposed to use ^H^H^H^H^H?

Re:extensions

[eMartin]

What's an extension? I use Content-Types like application/x-patented-zip and name all my Zip(TM) files "archive.this.is.not.tar", and when I am forced to use Windows I never see an "extension".

That makes no sense, and I think you're making it up.

First of all, you say you use Windows (when forced to or whatever), so if you name an ZIP file "archive.this.is.not.tar" it will open in your TAR opener when double clicked, and probably just give you an error. Plus it will have a TAR icon (or none at all) instead of a ZIP icon.

Second, if you have Windows set to hide file extensions (as you implied), you'll only end up seeing names like "archive.this.is.not" anyway, which doesn't seem very helpful at all.

And finally, why would go out of your way to use non-standard content-types and ambiguous file names even in your non-Windows OS?!?

Re:extensions

In windows, if you have file extensions hidden and make an archive named "archive.this.is.not.tar" the _real_ name of the file is "archive.this.is.not.tar.zip"

The extension is still there and as long as the extension is hidden, you can name the file or whatever as much as you want and not realize extensions exist.

Re:extensions

[jez9999]

The extension is still there and as long as the extension is hidden, you can name the file or whatever as much as you want and not realize extensions exist.

Which I find frustrating as hell. :-) What ya gonna do when you come across an extension that isn't associated with a handler/icon? What ya gonna do when one program sets the same icon for several filetypes? Give me my extensions!!!!!

Re:extensions

Good thing you had to toss your paranoia into the argument. What's next? Your freedom of speech has been stepped on...

just another example...

[Satan's+Librarian]

of a a company going to hell after its founder is gone, it can't innovate anymore, and it starts getting beaten to a pulp by its competitors.

seems like a familiar story to me.

Re:just another example...

[interiot]

Interesting how some dying companies spawn off their stuff as open source, and some put 100% of their efforts on suing others for IP infringement.

Re:just another example...

[nate+nice]

Yeah, it's sad. He went to the college I attend currently, which is not known for CS but a few good minds have come from it. He was all but gone well before he died a pathetic and sad death, hanging around strippers and being consumed by alcohol. He was a man with an idea and was able to capitlize on it and helped the idea of shareware become accepted so amateur programmers could make a little scratch on their software while still offering it to all regardless of paying or not.

Anywasy, it does kind of sound like a company trying to cash in, lets see if it works.

Re:just another example...

[orange_6]

Didn't WinZip start as a crappy front-end for PKZip 2.04g? I still use the PKWare version as opposed to the bastardization that is WinZip.

Re:just another example...

[FattMattP]

Can't innovate anymore? How about can't innovate to start with? Phil Katz took an open-source program, copied it wholesale, rewrote some stuff in assembler, and ignored the original author's license entirely.

Re:just another example...

[SEE]

The interesting bit is that PKWare has done both. Because Phil Katz documented both his algorithm and file format, the open-source Info-Zip project was able to get off the ground. The Info-Zip code was later incorporated into such open source products as gzip and zlib, and in such shareware products as WinZip.

Re:just another example...

[marnanel]

Does anyone remember the dedication message which came with the original ZIP?

The file format of the files created by these programs, which file format is original with the first release of this software, is hereby dedicated to the public domain. Further, the filename extension of .ZIP, first used inconnection with data compression software on the first release of this software, is also hereby dedicated to the public domain, with the fervent and sincere hope that it will not be attempted to be appropriated by anyone else for their exclusive use, but rather that it will be used to refer to data compression and librarying software in general, of a class or type which creates files having a format generally compatible with this software.

Guess things have changed a good deal since Phil Katz passed away...

Re:just another example...

[Ignominious+Cow+Herd]

Yes, it started that way. But little by little they replaced any need to shell out to PKZIP/PKUNZIP and wrote their own library code.

This was necessary to support long file names at least.

Re:just another example...

[advocate_one]

I was under the misassumption that winzip was the windows version of PKzip... I guess a lot of other people were under that misassumption as well...

Perhaps he should have got his @rse in gear, made a gui wrapper and trademarked winzip as soon as windows appeared on the scene... rather than resting on his laurels.

Why not GPG?

[David+Hume]

zip & use pgp

Why not zip and then use GPG?

how to secure a zip file

load .zip file onto a unix system, delete all other traces of original archive.

chmod 000 file.zip

Heh.

[James+A.+A.+Joyce]

Everyone ignores patents anyway. It doesn't matter if they get a generic patent on any 'secure' compressed format because they'd get their arses kicked in the courts!

I'll stick to bzip

[Aeonsfx]

Hmm, I don't see why this is such a big deal.... bzip pretty much compresses higher than 'em all. That plus, its GNU-free ^_^ zip? I don't really see why encryption was ever a critical feature in the format, (I thought it was a bunch of proprietary schemes to begin with) but I'll continue to use it to send some files.

Re:I'll stick to bzip

[Phroggy]

bzip2 is really slow, and can only compress one file at a time, while zip can compress an entire directory hierarchy. That's why if you have more than one file to compress, you have to tar them first (although gnutar can do bzip2 at the same time, so it's mostly a non-issue).

(Speaking of which, what's up with the bzip2 option changing from I to y to j? Couldn't they just pick something and stick with it?)

By the way, although WinZip can decompress gzip files, it cannot decompress bzip2 files AFAIK, which is retarded.

Re:I'll stick to bzip

[Aeonsfx]

the y to j was GNU's stupid decision. Note that bz2 is not a GNU program ^_^

Re:I'll stick to bzip

[nutsy]

bzip2 is really slow, and can only compress one file at a time, while zip can compress an entire directory hierarchy.

Don't you know how to pipe?

$ tar cvf - bigassdirectory/ | bzip2 > bigassdirectory.tar.bz2

As for slowness, good things come to those who wait.

The next widespread compression

[interiot]

The replacement for pkzip should be gzip. Not only is it specified in the open via rfc but it's implemented in internet explorer and friends.

Re:The next widespread compression

[DustMagnet]

Sure I'd rather see open source programs used. I'm sick of pkzip playing games with the format. This isn't the first time.

Gzip isn't enough. Pkzip is a zipper and an archiver, so you need another program like tar. I guess if you or I cared enough we could write a perty windows app that handles .tgz files as well as pkzip handles zips.

Yes, were I live it's "perty".

Re:The next widespread compression

[Mawen]

Why pick gzip over BZip2? BZip2 is patent-free, seems to have a significantly higher compression ratio, and libbzip2 is released under a BSD style license. AFAIK, libbzip2 is portable, (I'm using a port for WinCE).

Am I missing something?

Re:The next widespread compression

[Ian+Bicking]

I believe the zip format allows for much faster decryption of individual files inside an archive, compared with tar+gzip -- pkzip keeps an index of all the files in the archive, whereas gzip is content neutral, so you have to decompress to get at the underlying tar file.

.gz.tar would be something different (a tar with its constituent files gzipped). I know nothing about how efficient tar is about accessing individual files, but I don't believe it's very efficient.

Re:The next widespread compression

bzip2 requires much more memory and CPU power (the later especially during compression) than gzip. Bzip2 is good for large files downloaded by a lot of people where each byte of bandwidth counts, but it isn't a universal replacement for gzip.

Re:The next widespread compression

Oh, you don't belive, huh? That's being really decisive! Baby steps, baby steps.

1. Obviously tar.gz is slower than zip at accessing random files.
2. Obviously gz.tar is slower than zip at accessing random files, tar doesn't have a file index either, you need to seek file by file until you find what you're looking for.

Re:The next widespread compression

[printman]

The tar format is fairly efficient if you have random access to the data, and can cope with truncation; each file is preceded by a header record giving the file's information (name, size, owner, etc.), so to list the files in a tar file you read a header, skip to the next one, read it, etc.

In a ZIP file, the file information is stored at the end of the archive; if you get a truncated file, you are usually screwed...

Adding a compressed file type to the tar header would be possible, however you would also lose any compatibility with existing implementations. Adding .gz or .bz2 to the filenames and setting a flag would be one way around it - then older tar programs would just leave you with the compressed files that you could manually gunzip/bunzip2 as needed...

Re:The next widespread compression

[Homology]

The replacement for pkzip should be gzip.

OpenBSD is working on removing GNU software from their OS. By porting BSD userland to Linux, perhaps we can talk about BSD/Linux ;-)

Zip+encryption?

[AnotherBlackHat]

Gotta wonder how they got that past the examiner.
"No no, pkzip isn't prior art... the patent only covers the novel idea of using strong encryption"

-- this is not a .sig

Re:Zip+encryption?

[jaavaaguru]

It's not surprising when things like these get past too:

- Patent 5,546,528 - Adobe patented "Tabbed palettes"
- Patent 6,499,344 - AOL patented instant messaging

I'm sure there must be a lot more silly software patents out there.

Re:Zip+encryption?

Yeah, sure. By his mom...

Biography

"Now, PKWare has grown up. It's become just another successful software company with a board of directors and a long-term marketing plan. Katz would doubtless be proud of its continued growth, but one can't help but wonder if the spark that made PKWare unique died with its creator."

Yeah. His mom...

As you can check

"George Haddix

Chairman and CEO

George Haddix was previously founder and president of CSG Systems Inc., a $600 million software and services company. He was formerly chief executive officer of U.S. West Network Systems Inc. and chairman and chief executive officer of Applied Communications Inc. He currently serves on the Board of Directors of InfoUSA and CSG Systems International. Mr. Haddix has a doctorate in mathematics from Iowa State University."

They just forgot to say that Mr Haddix was formely Mrs Katz and after having divorced from the now deceded journalist 'John', she got a sex change operation...

Re:Zip+encryption?

[JaredOfEuropa]

Not a bad idea actually. I've gone and obtained patents for:
- Encryption + Image format
- Encryption + EDI Data
- Encryption + Weblogs
- Encryption + Audio files
- Encryption + VCS

I know you're all thinking "prior art", but since when has that ever stopped anyone from getting a patent? Besides, I am using strong encryption, oh yes.

Re:Zip+encryption?

[Trojan]

The application was filed less than two weeks ago. No examiner has looked at it yet.

Re:Zip+encryption?

[jrumney]

- Patent 6,499,344 - AOL patented instant messaging

Really? I see "Apparatus and method to obtain representative samples of oil well production" in my search. It looks like AT&T patented instant messaging in 6,212,548.

However, in 6,539,421, AOL patented auto-completion of instant messaging addresses. This blatently should not have been awarded, as auto-completion has been around a long time for other purposes, including email addresses, so it is an obvious step to apply it to instant messaging addresses.

haiku

trying to think of a drunken pk haiku

if our man were here
he'd be asking for a beer
not a secure zip

i'm a dumbass

Re:haiku

[Rick.C]

trying to think of a drunken pk haiku

I thought drunks did limericks:

Phil Katz helped our hobby to grow
As readers of /. all know
if our man were here
he'd be asking for beer
Not pest'ring the USPTO

gzip?

[mwing]

I think all windows Zip software supports tar and gzip.. Why, oh why do people still compress everything with zip? If they want to compress whatever they want, why not use the open standards?

Hell, even the "pirates" and "hackers" are using something else (rar, ace).

Re:gzip?

[Aeonsfx]

Well, I can think of one reason. The .tar.*z* double archives confuses the hell out of some people. Most people don't make tape backups after all. I do lots of backups. But then again I've used tar.bz2 for quite a while. > Why, oh why do people still compress everything with zip? I don't know. > "pirates" and "hackers" are using something else (rar, ace) the defacto formats of irc and usenet ;)

Re:gzip?

[mwing]

You could just use plain gzip or bzip2 then, tar doesn't really bring anything "revolutionalizing(sp?)" to compression...

Re:gzip?

[pod]

You could just use plain gzip or bzip2 then, tar doesn't really bring anything "revolutionalizing(sp?)" to compression

It does if you want to compress more than 1 file into an archive...

Re:gzip?

[SEE]

Of course they all support gzip. Zip and gzip use the same "deflate" algorithm. In fact, it's likely that whatever zip software you're using uses a derivative of the BSD-style-licensed Info-Zip code -- the same code gzip is derived from.

Re:gzip?

[swb]

Zip archives support the functionality of archiving (TAR) and compressing (GZ) in the same file with a single step.

All of the implementations of Winzip-type applications I've used on Windows don't treat .tgz files as a unified compressed archive the way tar does (tar -xzf foo.tgz). They decompress the tar file and make you open the archive seperately after decompressing it.

Which to the 15% of the non-technical computer user base that's actually figured out what ZIP does and how to use it would mean a flood of calls complaining to their senders that "the archive was empty, all it had was a .tar file".

Hyperbole? Maybe, but until the major Windows zipfile applications treat a .tgz the same way they treat a .zip file, as a single compressed entity containing one or more files, opened and accessed simultaneously, it'll be an unfortunately too-true hyperbole.

forget the public domain

[exhilaration]

It also looks like PKWare isn't going to put their new stuff into the public domain, as they did with their deflate algorithm. Considering the fact that I haven't used a PKWare product to handle ZIP archives since the DOS days, this is probably the only way they can survive.

I guess we won't be seeing a free Linux version any time soon either. Not that we need it, GPG does a good enough job at compression and multi-platform compatibility to make this completely unnecessary.

does this bother you?

[hatrisc]

Now that's getting broke

its piss poor english at best.

Re:does this bother you?

[mackstann]

Why is it that EVERY person that points out a spelling or grammar mistake makes one themself?

Re:does this bother you?

[antek9]

Lyke, 'themself'?

Re:does this bother you?

Why is it that EVERY person that points out a spelling or grammar mistake makes one themself?

Why is it that EVERY person who points out a spelling or grammar mistake makes one himself ?

Re:does this bother you?

[Eccles]

Why is it that EVERY person that points out a spelling or grammar mistake makes one themself?

It's the law.

Re:does this bother you?

[mackstann]

Exaaaaaaaactly.

Re:does this bother you?

[Joey+Vegetables]

'Cuz ain' hardly nowun gots good grammer 'dese days, yo.

geek factor

[poptones]

The geek factor is the prime reason so much great open source software lacks the pentration to usurp proprietary, sometimes patented widgets like this one.

I use PGP for just about everything (I have a built in "roaming profile" via PGPdisk) but I don't believe it compresses stuff (if it does you sure can't tell it - a 600MB PGPdisk won't hold more than 550MB before it gets so fragged you can hardly use the CD). You can use NTFS and compression, but that's not nearly as efficient as zip and you can't mount ntfs partitions in read only mode from win2k, so NTFS parts on CD are essentially useless. It's easy enough to install, but then you gotta be comfortable with formatting and all that stuff - where does this leave people who think "explorer" is just "how you get the internet?"

The problem with pgpdisk is it's not pervasive and there doesn't seem to be a well supported fork out from under the thumb of NA. It would be fantastic if there were a lightweight pgpdisk runtime (ie not a 15MB download, with a braindead consumer oriented GUI) available that was supported in the oss community, but I don't know of one.... do you?

PK

[semanticgap]

For those too young to remember - PK are initials of late Phil Katz, the original author of PKZip, a pretty unusual character. Here's a link about how he died.

AFAIK the company is now run by his mom pretty much.

Re:PK

So he didn't pay rent for his mother's basement and she went to court and took control of his company?

Re:PK

[nadaou]

It should be noted that Mr. P.K. had some murky IP issues of his own. Basically he did some assembly level editing & optimizing of Thom Henderson's .ARC format and released it as his own, which grew to be .ZIP..
He basically stole it.

http://www.esva.net/~thom/philkatz.html


Any karma really belongs to the person who posted this last time it came up on slashdot, but I thought this should be mentioned at +2.

BEST ZIP PROGRAM FOR WINDOWS

[exhilaration]

The best zip program for Windows is FilZip. IT'S FREE!!!! It also supports ace, arc, arj, cab, gz, lha, jar, rar, tar, AND it has strong encryption (AES)

Re:BEST ZIP PROGRAM FOR WINDOWS

[blkros]

Why is this modded as redundant? No one else suggested this program, and it's pretty good, actually.

Re:BEST ZIP PROGRAM FOR WINDOWS

[Little+Brother]

Ah, its not saying the post is redundant, but that the METHOD of posting is redundant, and as such this falls under the same IP as every other post on ./

encrypting version of gnu tar

[phr2]

Would an encrypting version of GNU Tar be prior art? I put Blowfish into GNU Tar in the mid 90s and posted to Usenet about it in 1996 and at various other times. I've offered to send out copies and a few people have asked for and gotten them. I'd think that constitutes publication.

There's also a Usenet thread about encrypting archive programs including some modified Zip programs.

Re:encrypting version of gnu tar

[Ian+Bicking]

It's very likely that the patent does not cover all possible (or even useful) forms of encrypted pkzip, but it does cover the particular technique that PKWare is using. If that is the case, other software could not support this format of secure zip file without a license from PKWare. Prior art probably doesn't matter so long as they aren't trying to patent the very concept of encrypted zip files, but just the particular implementation used in their format.

If that is the case, and considering how many implementations of pkzip exist (often embedded in other applications, e.g. jar files) I find it highly unlikely they would succede in gaining adoption of their zip extensions.

Re:encrypting version of gnu tar

[ceswiedler]

That would imply that if I patent the technique for generating a file of a particular format, I automatically prevent you from writing code which will use that format, because by definition, your code violates my patent.

Wow, that's scary.

Re:encrypting version of gnu tar

[jrumney]

If that is the case, other software could not support this format of secure zip file without a license

Not quite. They can't patent the format itself, only their method of producing that format. If someone can find another method of producing the same format that does not infringe the patent, then other software can support it without a license.

This was the case with the GIF patent; someone found a way to decode GIFs that did not infringe, which made libungif possible. But noone managed to come up with a non-infringing encoder, so only uncompressed gifs could be produced by libungif.

Looks like PKWare could screw up bad.

[Dthoma]

If they get the algorithms patented and licence them out to everyone else, what will happen? Well, let's look at some past case studies - namely, the .gif fiasco. Unisys tried to ching-ching-cash in, and where are they now? Everyone will just swip to .tar.bz2.

Re:Looks like PKWare could screw up bad.

Unisys tried to ching-ching-cash in, and where are they now?
About the same place they were, only a bunch of people who paid for gif compression richer. Not many, but some.

Re:Looks like PKWare could screw up bad.

[dark-br]

PKWare and WinZip only split on the encryption of the Zip file. I for one have long since encrypted Zip files with PGP when I needed that security. Zip encryption has always been a joke, and I doubt that too many are going to replace what ever trusted methods they have come up with for PKWare or WinZip's new method.

Re:Looks like PKWare could screw up bad.

Only reason to use zip encryption has been to get exe files past corporate firewalls via email.

Re:Looks like PKWare could screw up bad.

communist asshole

Some notes about the pkzip encryption.

It's important to note how the strong encryption
differs from other pkzip crypto methods.
A zip45 file begins with:

central file header signature 4 bytes (0x02014b50)
version made by 2 bytes
version needed to extract 2 bytes
general purpose bit flag 2 bytes ... etc ...

In a zip file, if the GENERAL PURPOSE bit flag is set
(bit 0 of the 2 byte field) it means the file is encrypted.

The PKZIP encryption scheme was designed by Roger
Schalfly, who is evidently the son of the famous
(1980s anti-women's rights) republican spin mastah
Phyllis Schlafly. But anyway.

Each encrypted file has an extra 12 bytes stored at
the start of the data area defining the encryption
header for that file. The encryption header is originally
set to random values, and then itself encrypted, using
three, 32-bit keys. The key values are initialized using
the supplied encryption password. After each byte
is encrypted, the keys are then updated using
pseudo-random number generation techniques in
combination with the same CRC-32 algorithm
used in PKZIP and described elsewhere in this document.

The following is the basic steps required to decrypt a file:

1) Initialize the three 32-bit keys with the password.
2) Read and decrypt the 12-byte encryption header, further
initializing the encryption keys.
3) Read and decrypt the compressed data stream using the
encryption keys.

For step one, you jack up your karma whorin' by pasting
the following key sets:

Key(0) > 24)
end update_keys

In step two, often associated with total karma whorin',
one also (*cough* karma whore) loops through the
buffer with:
loop for i > 8
end decrypt_byte

After the header is decrypted, the last 1 or 2 bytes in
Buffer should be the high-order word/byte of the CRC for
the file being decrypted, stored in Intel low-byte/
high-byte order. Versions of PKZIP prior to 2.0 used a
2 byte CRC check; a 1 byte CRC check is used on
versions after 2.0. This can be used to test if the
password supplied is correct or not.

In step 3, we continue to blatantly violate copyright laws
while whorin' karam with:

loop until done
read a character into C
Temp - C ^ decrypt_byte()
update_keys(temp)
output Temp
end loop

So that's about it.

Re:Some notes about the pkzip encryption.

[Quietust]

Yeah.
Might be useful to note that you just described the OLD encryption method used back in PKZIP 2.04g. The method that's already fully described in the publically available PKZIP Application Note.

The encryption used now is quite a bit different, supporting RC2/RC4-64/128, 3DES-112/168, and AES-128/192/256. Oh, and there's also the business about using a passphrase and/or a list of recipients (dig certs) to encrypt the files. THAT is the strong encryption they're talking about.

Re:Some notes about the pkzip encryption.

Might be useful to note that you just described the OLD encryption method used back in PKZIP 2.04g.

Yea, might be useful to read the post. S/he did note it was the old pkzip crypto routine.

Re:Some notes about the pkzip encryption.

[afidel]

So...
They are using the zip format (which is in the public domain per the origional author), and AES (which is in the public domain thanks to the fed governments mandate that the winner be made such) and combining them, and suddenly this is patent worthy..... I just LOVE the USPTO, NOT.

Re:Some notes about the pkzip encryption.

[Doppleganger]

Oh, c'mon.. someone with a few moderator points please *read* that post, and then pull it down a few notches!

"you jack up your karma whorin"
"total karma whorin'"
"(*cough* karma whore)"
"we continue to blatantly violate copyright laws while whorin' karam"

Informative, indeed.. Only information there was possibly the zip header structure, and even that is probably suspect...

Re:Some notes about the pkzip encryption.

No, the information is accurate, and appears to be copied from some internal docs on pkzip crypto for an old version. The algorithms got a little mangled where greater than and less than signs should appear, but that is probably a function of the slashdot troll filter.

OS operating system common formats

[gotr00t]

Well, there are the main two formats that are common in Linux: tar.gz and tar.bz2

In both cases, the files are essentially concatinated into a single file by the tape archiver (tar) and then that file is compressed using either the gzip or bzip2 utility. While bzip2 is capable of much better ratios, it takes a lot more processing power, and is not nearly as ubiquitous as gzip is.

In some older UNIXes and most Linux distros, there is still the zip utility that makes files with the extension .tar.Z . This is an older format, but it is still being used sometimes.

Re:OS operating system common formats

[DeeKayWon]

No, zip makes zip files. compress makes .Z files.

i thought good cyphertext can't be compressed

[kaltkalt]

Just thinking out loud to myself here. I thought good cyphertext is as close to random as possible, and thus can't be compressed. Or can you compress the file first, then encrypt it? I am no expert on this (obviously) so I could be totally pulling this from my ass. Anyone know how this works?

Re:i thought good cyphertext can't be compressed

I am no expert on this (obviously) so I could be totally pulling this from my ass.

Expert or not, you should know what's coming out of your ass at all times.

Re:i thought good cyphertext can't be compressed

[Ian+Bicking]

This is correct. So the secure pkzip involves compression, encryption, and archiving in that order. This is in contrast to tar, where you usually archive first, then compress (with gzip), and then perhaps encrypt the result (though most encryption programs also compress).

If they get a patent...

[brianosaurus]

I can't even believe there is any doubt they will receive a patent for this, even if it isn't anything particularly interesting. In fact I'll be presently surprised if the PTO actually recognizes the existance of plenty of prior art. Maybe they don't even need to recognize prior art, just the fact that encrypting a zip file is obvious.

Its insane that you can patent "Doing something someone already did, but doing it to THIS instead of THAT." I can, perhaps, buy an argument that encryption (like the first time anyone did it) was patentable. Maybe even that different algorithms for encryption could be patentable.

But once encryption is there, applying encryption to ANYTHING should not be patentable. A zip file is just data. Encrypting it (or encrypting the contents) is not a novel concept.

So while I would love to see the PTO demonstrate some miniscule amount of clue and reject the patent, I will be very surprised if they actually do.

Re:If they get a patent...

[istartedi]

Its insane that you can patent "Doing something someone already did, but doing it to THIS instead of THAT."

OK then it's insane that you can patent...

...using a cable to control a control a fixed-wing aircraft.

...using a weight to prevent a boiler explosion.

...using a centrifugal device to regulate a steam engine.

In fact, aren't most patents just a case of using X on Y, where the combination of X and Y were never thought of before?

That's the key though--never thought of before. Also, it has to be "non obvious". For example, using a wrench to pound nails is pretty obvious to anyone who has ever needed to hang a picture and had a wrench handy but not a hammer.

Let me state uniquivocally that applying strong encryption to ZIP is about as obvious as you can get. If I were a patent examiner not only would I not grant the patent, but I'd stamp REJECTED on their foreheads as well as their applications and tell them not to come back for at least a year.

It would be nice to think that we could weed out junk patents by applying your "no X used to Y" rule, but alas we can't. We still have to use judgement.

Re:If they get a patent...

> So while I would love to see the PTO demonstrate some miniscule amount of clue and reject the patent, I will be very surprised if they actually do.

I just recently learned the name for this phenomenon -- it's called "regulatory capture". It also goes by some other names too -- in yesterday's DOJ article, people often referred to it as "going native".

The idea is that government regulators usually end up spending a significant amount of their time communicating with the people in the industry that they regulate. These personal relationships then cause the regulators to develop a strong bias in favor of the industry, since they have little or no contact with other people who can present the public-interest side of the issues.

This phenomenon appears to be the primary psychological glue that binds the government and corporate worlds together to act against the best interests of the public. The result is devastating, and there seems to be little that anyone can do about it, except talk about how much impact it has.

Re:If they get a patent...

[iendedi]

Let me state uniquivocally that applying strong encryption to ZIP is about as obvious as you can get. If I were a patent examiner not only would I not grant the patent, but I'd stamp REJECTED on their foreheads as well as their applications and tell them not to come back for at least a year.

Many applications use Zip files as random-access compressed archives. Simply encrypting such archives would prohibit this type of use, so it would be neccessary to create a new technique for individually encrypting all entries in the zip file in such a way that you maintain your security requirements while simultaneously allowing random-access to compressed entries.

I think this actually would be novel...

Re:If they get a patent...

[acceleriter]

In current ZIP encryption, directory information is already accessible, and random access is possible. Individual files are encrypted, not the entire envelope.

Re:If they get a patent...

[iendedi]

n current ZIP encryption, directory information is already accessible, and random access is possible. Individual files are encrypted, not the entire envelope.

Yes.. yes.. But I think the parent post was about STRONG encryption. This fact does weigh in pretty heavy here. It would be slow to create 1 symmetric key, encrypted with the publisher's private key for each zip entry and it would massively weaken a single symmetric key to be used repetitively on multiple zip entries with common headers. So my point was: "Doing this right would require a novel approach"...

Don't you think?

Re:If they get a patent...

[acceleriter]

More importantly, in my mind, is that the directory information itself is often sensitive. But if the directory is inaccessible before decryption, then why even bother wrapping strong encryption with ZIP--just encrypt the ZIP file itself. And for that, there's prior art.

"Now that's getting broke"

[Eberlin]

C'mon, we all know that the correct way to say this statement is:

"now that's getting borken"

(with mad props and shout outs to the Opera folks)

Re:"Now that's getting broke"

[tchueh]

C'mon, we all know that the correct way to say this statement is:

"now that's getting borken"


"borken" eh?

Re:"Now that's getting broke"

[JCholewa]

> "borken" eh?

Just so you don't think he erred in his correction, Opera (as a joke and to prove a point) released a few months ago a version of their web browser that converted MSN pages to Swedish Chef language (as in "bork bork bork!").

And that was what he was referencing.

--
-JC
http://www.jc-news.com/coding/SFi/

Re:"Now that's getting broke"

"Borken" (adjective): The condition of interference of the correct operation of an accepted standard for purposes of parody. Derived from the Swedish, "bork" (noun), "bork" (verb), "bork" (conjunction), "bork" (adverb), "bork" (participle)...

Interestingly, "broke" is technically correct, although most dictionaries describe it as a colloquial or archaic use of the word (ie "If it ain't broke, don't fix it"). I love the English language; it's counterintuativness is so contrafibular, yet so tauroscatalogical.

What's worth a patent?

[jetmarc]

Ok, I know that ZIP is known for notoriously weak security.

But is it worth a PATENT to now associate the "security" features of ZIP
with "strong cryptography algorithms"?

That's like Microsoft filing a patent for a "not crashing OS", as reaction
to market research reports that show how people are not happy anymore with
traditional (crashing) MS products.

Bah

[SargeZT]

One company governing one extension is no way to run the world. Microsoft used these same principles to take over the computing world. What comes next, PKWare trying to put WinRAR and WinACE out of business for using compression technology that is vaguely related to there own? Stop them now before they start asserting power gained from such a patent.

</rambling>

WinZip Publishes AES Encryption Standard

[----]

With the WinZip 9.0 Beta announcement there is this little tidbit ...

"Advanced encryption
WinZip 9.0 supports 128- and 256-bit key AES encryption, which provide much greater cryptographic security than the traditional Zip 2.0 encryption method used in earlier versions of WinZip.

WinZip 9.0's advanced encryption (FIPS-197 certified) uses the Rijndael cryptographic algorithm which, in 2001, was specified by the National Institute of Standards and Technology (NIST) in Federal Information Processing Standards (FIPS) Publication 197 as the Advanced Encryption Standard (AES).

After a three-year competition, the AES was announced by NIST as an approved encryption technique for use by the U.S. government, private businesses, and individuals. When properly implemented as a key component of an overall security protocol, the AES permits a very high degree of cryptographic security, yet is fast and efficient in operation.

WinZip's AES encryption is just as easy to use as traditional Zip 2.0 encryption: all you have to do is select the encryption strength and specify your password.

Note: recipients to whom you send AES-encrypted Zip files must have a compatible Zip file utility in order to decrypt the files. At this time, WinZip 9.0 is required. We have, however, published the full specification for creating WinZip-compatible AES-encrypted Zip files, and we expect that other Zip file utility vendors will provide support for the format. "

Funny, it sounds like either they already reverse engineered the pkware zip encryption, or established their own encryption.

I wonder how many times users will complain to company xyz (that is using pkware encryption for their products) about their files not working in winzip, before company xyz will drop their pkware proprietary encryption in favor of winzip's published (and functional) encryption.

/* ---- */

Re:WinZip Publishes AES Encryption Standard

No need to reverse engineer; it looks like an AC posted the entire algorithm in another post! (Inside job?)

Re:WinZip Publishes AES Encryption Standard

Yeah, takes a real inside job to read a public document.

The whole method?

[dmeranda]

"What we've filed a patent for is the whole method of combining.zip and strong encryption to create a secure.zip file," said Steve Crawford, the chief marketing officer at PKWare.

Who would patent just half the method?

I sure hope he didn't mean they're trying to patent the entire concept of encrypting zip files regardless of the algorithm or method. Because I've been encrypting zip files (among many other types) for a decade.

Re:No, that's not the reason

you're both right.. 'encrypted data' doesn't compress well not because it's random, but because it's redundancy is relative to the encryption method and not to specific patterns within text sets, image sets, number sets.. since conventional compression like burrows-wheeler, huffman, gzip, pkzip, etc. are all designed to remove patterns from 'natural' data sets you'll have much poorer compression rates.. but that hardly means the data is not compressible

help, I don't understand

[lfourrier]

1. "What we've filed a patent for is the whole method of combining.zip and strong encryption to create a secure.zip file," said Steve Crawford, the chief marketing officer at PKWare. The patent was filed with the Patent Office on July 16, he said.
2.In May of this year, WinZip developed its own method of strong encryption, which incompatible with the PKWare product.
3.Crawford believes that WinZip will be a potential licensee. "The basic approach of combining encryption of.zip is covered by the patent, so what WinZip has done, I believe, would be covered by the patent."

If 3 is true, 2 is clearly prior art. So why patent?

There is something rotten in IP kingdom.

Re:help, I don't understand

[woods]

I believe that as long as you file your patent within one year of any prior art, and can show that you conceived of the idea before the competing party, the prior art doesn't count against you. Here's the relevant part of the U.S. patent code:

"[a patent is not allowed if] the invention was patented or described in a printed publication in this or a foreign country or in public use or on sale in this country, more than one year prior to the date of the application for patent in the United States."

-- Scott

Re:help, I don't understand

[acceleriter]

So that's the strategy. They can't sell their POS crippleware Windows product, so they'll file a patent to go after the good Windows product that kicked their butts in the marketplace.

If I were the author of WinZip, I'd tell them to go fsck themselves, remain incompatible with them, and watch while the "original" PKware is marginalized. Hardly anyone uses it, anyway.

Prior Art

I believe there is prior art from the folks who brought us CuteFTP, in their CuteZip product. Strong crypto with Twofish. (At least as far as strong crypto on zip goes....) Also, they have a handy self-unzipper for that format, so compat isn't an issue..under windows anyway.

http://cuteftp.com/cutezip/

Thoughts?

OT: Re: Extensions

I was wondering. Why do some still insist on 3 letter extensions? Doesn't windows support extensions that are longer and more descriptive than 3 letters?

Re:OT: Re: Extensions

[TheRealSlimShady]

Legacy support. It's for downlevel compatability with older DOS versions, but for around 99.99999% of the world, longer extensions would be possible. Windows will generate 8.3 filenames by default - although you can turn this off under Windows 2k/XP for a (very) slight performance increase.

Re:OT: Re: Extensions

Yeah, but Macintosh doesn't.

That's why you see such brain-dead Mac OS X extensions as .sit and .dmg instead of Windows' .msstyles.

I hear you can control these extensions using the Macintosh "Extensions Manager," but I don't have $3,000 to spend on a giant cheese grater to emolumate these claims.

Two years

[autopr0n]

You have two years from when you 'announce' before you have to file a patent. So if PKware announced encrypted zip, and then WinZip also implemented encrypted zip, PKware can still file a patent.

Patent Application pendency

Encryption and Computer Security art units are about 3 years behind in applications. Figure about 6-12 months after the app. is docketed, so about 3-4 years maximum, 2-3 if pendency is alleviated. By that time, it might be too late.

True story.

[wfberg]

People working on secret project. Send sensitive files in.. Encrypted .zips.
The ones you can crack in 4 hours at most.

Why? "everyone has zip" and "it's good enough" (Yes, indeed! Evil hacker people who intercept your e-mail on the internet through a myriad of complicated hacks and deceptions will never think to download a .zip cracker!).

Nevermind that everyone has Outlook [other S/MIME mailreaders available], and that for all it failings, it does a pretty good job of strong S/MIME encryption using X.509 certs..

Gotta love ad-hoc cubicle solutions to the world's problems.

Re:True story.

Not everyone has a graduate level understanding of digital certificates and public key cryptography. Perhaps for those folks, ZIP encryption really is good enough. Maybe they have a gut feeling that the probability of some "evil hacker people" successfully intercepting their e-mail on the internet "through a myriad of complicated hacks" is rather miniscule.

~~~

BS

[rice_burners_suck]

"The good thing about the .zip file format was that you knew you could send it to everyone. Now that's getting broke."

BULLSHIT. PkWare gets this patent, and not two seconds will elapse before Aladdin Systems licenses it for use in their StuffIt program. That's because they will need to support the format in order to be relevant.

As for free software, you'll simply download a patch that says, "For educational purposes only, do not use without a license from PkWare." And guess what people will do.

On the other hand, how 'bout someone in the free software community invent a better compression algorithm that includes all kinds of encryption and other services that nobody's thought of yet, and distribute it everywhere...

Re:BS

[Sanction]

Ahh, and the magical upgrade fairy will pay for each and every user, worldwide, to license a new version of their zip software, as well as installing it for them? The wonderful thing about zip is that it has remained stable for ages, and is supported everywhere. Even if a few companies license it, others won't, and others still won't be able to get a version for their ancient platform. Zip will no longer be usable by everyone.

Understanding prior art...

[poptones]

If your goal is to foster a standard and then make money off licensing, how da fuck you gonna do it without a patent?

Understand unique doesn't have to mean "no one else did it." All it has to mean is "THIS is how WE did it and you can't do it OUR way without paying us." This is how MPEGLA can make people pay for using MPEG - even 'tho there's a thousand similar ways to do it, most of them don't interoperate without making use of that IP.

If your goal is to protect an invention, patents can do it. But they can also protect a standard. It's called a design patent - and that's what this is about.

PACK!!!

OMFG -- USE TEH PACK

IT MAKES LITTLE "z" AT THE END OF THE FILE AND ALWAYZ WORKS BEST1!!!!! /BIN/SH FOEVAH!

ONLY N00BZ DON'T USE ex

Re:No, that's not the reason

I agree. Encrypted data which occupies the same space as the decrypted data should, in principle, be just as compressible as the decrypted data.

The problem (if it is indeed a problem) is that compressing the data may, in practice, be as hard as decrypting the data.

PKware? HA!

[the+mop+for+which+fl]

I haven't used one of their products since I used DOS. *cough cough*

Re:PKware? HA!

[Little+Brother]

Likewise, of course that was last night...

(I like old stuff, what can I say? BTW anyone know where I can get 16 hardsector 5 3/4" Double sided quad density floppies? Or a copy of MP/M?)

Shades of SEA & .ARC?

[bobwoodard]

Now all we need is PKWare suing Winzip for patent infringement and we'll have poor Phil spinning (sloshing?) in his grave!

Re:Shades of SEA & .ARC?

Heh. Great minds--check out this post. It's errie!

Re:Shades of SEA & .ARC?

[bobwoodard]

You're not kidding, we're talking within minutes!

PKZIP is irrelevant now, anyway.

[acceleriter]

The de facto standard for ZIP files today for the dominant platform, which, whether we like it or not, is Windows, is WinZip, anyway.

This attempt to "embrace and extend" what was previously an open format is pretty sad. I'm sure Phil Katz is spinning in his grave, since he created PKware to market his alternative to System Enhancement Associates' .ARC format. The .ARC extension had been in use since just about the dawn of time, but SEA sued Phil Katz for using it. Thus, .ZIP was born. Now it looks like the company he created is going down the same ugly road as SEA did. And will end up in the same place--penury and obscurity.

WinZip will implement an incompatible encryption, utilities on other platforms will copy it, and WinZip will win the day.

Re:PKZIP is irrelevant now, anyway.

>The .ARC extension had been in use since just about
> the dawn of time, but SEA sued Phil Katz for using it.

Incorrect. SEA sued Phil Katz for using their source code illegally in violation of their license agreement. SEA made ARC open source and permitted you to port it to any platform you wanted as long as you kept it free. They were also selling the DOS version. Phil Katz copied their source, rewrote the core in assembly instead of C, and then advertised how much faster his code was in in magazine adds selling it.

http://www.esva.net/~thom/baker.html

Re:PKZIP is irrelevant now, anyway.

[acceleriter]

It's been awhile, but IIRC, the settlement agreement is under seal, and that's a he-said, she-said affair. Of course, back then, shareware was just about the same as public domain in most people's minds, before the rampant greed associated with it started.

Re:PKZIP is irrelevant now, anyway.

[forwhomthebelltrolls]

I don't agree that winzip will win.

Now that zip support is built in to the latest version of windows, nobody (execpt geeks) will download an alternative. In much the same way non geeky users won't download mozilla when they have IE.

The user interface in windows zip is much better for non geeks. It's simple and works. They don't have fine control over compression levels and encryption, but do they really care? The majority of people using windows zip won't even realise that they are using it, never mind what it is actually doing.

As much as I hate it, Windows zip support will have the same market share that IE has, then Microsoft will probably make a change to the zip format that breaks the minority of other zip applications.

Re:PKZIP is irrelevant now, anyway.

[Catiline]

back then, shareware was just about the same as public domain in most people's minds

I hope you aren't trying to assert that this has magically improved since then ... it seems (judging from P2P) that people now draw very little difference between copyright and public domain.

Re:PKZIP is irrelevant now, anyway.

[acceleriter]

Good point--Windows XP's inevitable market penetration among buyers of new PCs who don't have a choice (as opposed to almost everyone else, who stayed with Win2K rather than opt for the eye candy, spyware, and DRM) will strangle WinZip's market--I hadn't thought about that.

Re:PKZIP is irrelevant now, anyway.

[Coneasfast]

Yes, Winzip does has the upper hand since it is far more popular than pkzip. I probably haven't used pkzip since the early-mid 90's era during the DOS days. How many people actually use it right now? PKWare is making a big mistake by going through with this, and they will lose market share on zip clients. If they had a big chunk of the market share it may have meant something, but they don't.

Once the patent is granted, pkware will surely go downhill.

Threat to encrypted gzip?

[SEE]

It'd be interesting to see exactly what the scope of the claims are in the patent, since this is a potential threat to encrypted gzip as well.

How?

Zip and gzip use the same 'deflate' compression alogrithm. In fact, zlib was based on the Info-Zip code, a free software/open source alternative to pkzip, and the GZip homepage specifically credits Info-Zip as where "all this started", and mentions that the decompression code was based on the code of the major author of Info-Zip. And WinZip's .zip support is another direct derivative of this Info-Zip code.

So, gzip, zlib, Info-Zip, and WinZip all share common code from common authors implementing the same algorithm. As a result, it would take a very narrowly-tailored patent to allow gzip-and-encryption without allowing Winzip's zip-and-encryption.

I've already got

[Apreche]

I've already got and had secure zip files for years.

somestuff.zip.pgp

whoah! what a concept!

If they're smart, it won't break .zip's usefulness

[charlesbakerharris]

If they patent the process, the smart thing for them to do would be to release the decoder as a part of their basic freeware utility, then charge for the ability to zip/compress everything.

That way, you could always still send either an unencrypted or an encrypted zip - you pay for the ability to encrypt them, fine, but you can unencrypt them easily enough no matter where you are or whose winzip you're using.

It's kinda like Acrobat - anyone can read their files, nobody can create them without buying the utility (blah blah freeware acrobat writers, I know...)

Except Katz didn't innovate that much.

[Watts+Martin]

Except that they started out in hell, because their founder ripped off Thom Henderson's ARC to make his original program.

Back in the BBS days, we were all rallied to support good ol' Phil against the evil Big Company, System Enhancement Associates, who was suing to keep Phil's faster PKARC from eating the original ARC program's lunch. BBS sysops were encouraged to boycott ARC. It worked. It ruined System Enhancement Associates.

Except the funny thing is, SEA was right. They won the lawsuit because Katz hadn't just reimplemented ARC, he stole their source code. That always gets left out of the retelling, even though the reason ZIP exists as a format is because Katz was ultimately prevented from using the ARC format and compression routine. The reality is also that even then, PKWare was a bigger company than SEA ever was. ARC was a commercial program, but had a very unusual license (for the time) allowing people free access to the source code if they wanted to port it to non-DOS platforms. Katz baldly abused this license and, in the end, got away with it. ZIP did end up with an improved compression scheme which I presume PKWare came up with, although there's some evidence that the all-but-ignored ARC 7 outperformed it. (PKARC was, IIRC, based on ARC 5.)

Ben Baker has a description of the history of this whole affair at the website of Thom Henderson (ARC's author). Henderson also has his own commentary, which I would describe as "gently acid."

Re:Except Katz didn't innovate that much.

[LostCluster]

As always, the victor ends up getting to write the history most people know...

Re:Except Katz didn't innovate that much.

Or someone like Cringely comes along and makes shit up.

Re:Except Katz didn't innovate that much.

[Toad-san]

Yeah, I remember it well. All of us rooting for good old Phil .. even though we kind of suspected he'd ripped off the code anyway.

When he lost the law suit, that kind of drove the nail in his coffin.

I was glad to see him come out with PKZIP .. but even more glad when we found the unzip.c source code written by yet another fellow (back engineered and not stolen, so far as we could tell).

Then someone else wrote a zip.c .. and then we started porting it .. and Info-ZIP was born. I think The Info-ZIP Workgroup was maybe one of the first big distributed programming efforts in the world, via Usenet. I was the moderator for a year or so, sure was interesting. Funny sillinesses .. had to get the crypto portions hacked in France since the US wouldn't let us export it :-) (dumb)

Cave Newt (Greg Roelofs) took it over when I started getting out of my depth. But I was glad to be a part of the effort. Think I still have a minor credit somewhere in the documentation ("David Kirschbaum, who got us all into this mess in the first place")

Zip got ported from everything from a Commodore C-64 to a Cray .. for free. Not too shabby.

Through it all, Phil Katz never said an official thing about the group or our effort.

David Kirschbaum
Ex-moderator, Info-ZIP Workgroup

^H^H^H^H^H???

Can you please explain the whole ^H^H^H^H^H thing to me?

I know it means replace the previous with...

But why? Is there some geek program that uses ctrl-H for backspace or something?

Re:^H^H^H^H^H???

[Pieroxy]

Ctrl-H is backspace. Try it in a unix console: Vtrl-H and Backspace does the exact same thing.

Re:^H^H^H^H^H???

[eMartin]

"Vtrl-H and Backspace does the exact same thing."

Apparently not. I think if more people used the backspace key, we wouldn't have to see those damn ^H corrections everywhere. ;)

BZip2

[Mark_MF-WN]

I use bzip2 even in Windows these days. It's just a far superior compression aglorithm (just shy of perfect huffman lossless compression too, as I understand it). It's just too bad that more people don't know about. That goes double for GPG -- it's just impossible to convince most people that securing ANYTHING is worthwhile.

parent == troll

In step two, often associated with total karma whorin',
one also (*cough* karma whore) loops through the
buffer with:
loop for i > 8
end decrypt_byte

Software patents hurt everyone

[JVert]

Software alone should be an exception from patents. Copyrights are ok to protect branding but patenting algorithims is like patenting a shortcut for a daily commute. People built cars and roads to you could use them as you wish. Same thought behind people building hardware and compilers.

dupe?

[Wakkow]

Isn't this a dupe from last month?

http://slashdot.org/articles/03/06/10/1542216.shtm l?tid=185

Re:dupe?

[Catiline]

No, that was an article on how the two formats were diverging.

This is an article on how PKZip is trying to get a patent on something for which many people could claim prior art.

The Patent

Can't seem to find the filing. Can somebody please post it?

The good old days . . .

Ah, this reminds me of when I first was introduced to .zip files, with PKUnZip. Did that run in DOS originally, or was that just my imagination?

Those were the days. Apogee's Greatest Games was in the D: drive, I had no idea what filesharing was, and it took 30 minutes to rotate the map in SimCity 2000 (okay, it froze).

Re:The good old days . . .

[Little+Brother]

Yes, and for a long time. It was my first x86 Shareware (had some apple II before that) and is still a program that I think every system should have. Winzip just doesn't come close. The old PKzip could do everything from multi-disk spanning, to varriable levels of compression. It was small elegent, and worked. If PKware had made an OS at the same quality, Microsoft would have gone out of buisness before it was such a Monopoly :)

And yes, it ran on DOS (PC-DOS, or MS-DOS)

Re:The good old days . . .

use ARJ :)

Re:Uh Oh XML Police

[quasi_steller]

Your XML is not well formed, it should look like this:

<tongue location="in_cheek">

It's good to see Aladdin Systems are demonstrating their lossy text compression technology by saying that the ZIP format is "getting broke" rather than "getting broken"

</tongue>

You need to quote all attribute values!

And in the pot's opinion the kettle is...

Or perhaps they know more about PKZip's financial state than you realize...even so, its still poor grammar.

BTW, English is capitalized, as is the word starting a sentence. Does pressing the shift key really hurt that much, or are you trying to demonstrate an applied knowledge of piss poor English?

Re:Uh Oh XML Police

[smeenz]

:P

What are the claims in the patent?

Does anyone know what their patent claims are for this? There's prior art going back at least a decade (although that never stopped the USPTO).

Prior art?

[Felinoid]

I have an old 5 1/4 Dos floppy disk with a compressed file on it that I can't open becouse I desided to be cute and used a password for it. One that I'd never forget...

and I haven't remembered that pasword sense...
(Actually the file is probably dead by now)

Stupid Standard DES, GOST wins

Is correct that Expansion Permutation from DES to take the avalanche effect?
I believe that NO because introducing redundant bits (aka S-Boxes eliminates bits carefully) doesnt go up the strongless of encryption.

WinRAR + GOST (method of secure & strong encryption from Russia more easier than TripleDES)

open4free

Obvious

[jefu]

Isn't encrypting a compressed file obvious on some level - I've done things like this for years when needed :

#!/bin/sh
tar -cjvf /tmp/files.tar.bz2 $1
some-crypto /tmp/files.tar.bz2 -o $2

Doesn't Matter

[Goo.cc]

Most people who Zip now-a-days doesn't use new versions of PKzip. They either use an old shareware version, winzip, or the version built into Windows XP.

The founder of PKWare is dead. Maybe it's time for the company to die as well.

Talk about yer prior art

...and not just obvious to a skilled practitioner, but done every day. On a command line or with a script.

`gpg -se -r Bob swiss_numbers.gz`, etc.

Katz, PKWare, Alladin, et al. have been doing for years under an open spec. Any hint of a claim is long, long gone. What a joke.

--rgb

A modest proposal

[dradler]

This is a copy of something I posted on this subject on comp.compression: Darryl Lovato wrote in message news:... > Both companies appear to be fighting to be the "owner" > of the .zip file format, but IMHO, the day that Phil Katz > released the tech specs to the world, the user community > became the owner of the .zip format. Actually, Phil Katz quite explicitly and intentionally made both the ".zip" extension and the zip format public domain. He also committed to updating the PKZip application note, which describes the format, as the PKZip product evolved. That promise was kept while he was alive. Now however, PKWare appears to want to make parts of the format a trade secret, which as you point out completely undermines what makes the .zip format useful in the first place. In addition to the encryption, they have also declined to document the deflate64 format in their application note, despite at least two revisions of that note since deflate64 was introduced. In this case, it turns out to be not very difficult to reverse engineer the format. However the corporate intent is clear. The corporate intent is also self-destructive. So, now may be the time for the community, in particular the community that reads this newsgroup, to develop an open, scalable cross-platform format that supports archives of directory structures, files, and meta-data, high-quality lossless compression, and high-quality encryption and authentication. "Cross-platform" does not mean "Windows and Mac", but rather as wide a range of platforms as there are contributors. The PNG format effort is in my opinion a good model for this sort of development. (I played a small part in that development.) A difficulty with this concept is that the development of high-quality compression over a wide range of types of data requires a great deal of time, determination, and expertise--perhaps more so than one should expect to achieve in contribution to a free, open-source effort. Therefore I might suggest a compensation scheme where corporate users of the software would be obligated to contribute directly to the authors of the compression/decompression methods that they use. This would encourage the development of better compression methods over time, in whatever dimensions are of interest to the paying users (space, time, specialized models for specific data, etc.). How it would be decided when to add a new method to the official format is left as an exercise for the reader. Also whether or not to accept methods with patented components, licensed for free use, is left for the reader to ponder. In any case, as much thought would probably have to be put into the business and legal model as is put into the format itself. I am posting this idea merely to stimulate discussion. I personally don't have the time or inclination to play a major role in such a development. (My day job is both interesting and time-consuming.) But if a good group is motivated to do so, and can produce on a schedule, I'm thinking on the order of 12 to 18 months, everyone will benefit greatly in the long run. Mark Adler (co-author of Info-ZIP, gzip, and zlib.)

IFS Kit is $1000

[yerricde]

It would be fantastic if there were a lightweight pgpdisk runtime (ie not a 15MB download, with a braindead consumer oriented GUI) available that was supported in the oss community

Filesystem development on Windows NT (2000, XP, etc) is economically unfeasible. The headers necessary for developing file systems on NT (called the "IFS Kit") cost $1000.

Burn All GIFs

[yerricde]

That's exactly what Unisys did (and continues to do in territories where counterparts to U.S. Patent 4,558,302 have not expired) with the LZW compression in GIF.

Burn All GIFs

Who cares about PKZip anymore

[S.Lemmon]

PKZIP is perhaps the poster child for the idea of "de-facto" standards. The main reason the zip format is so universal is not only that is was open, but more importantly that it caught on. It's popularity is what mandated it's adoption by others.

However, how many people use the *actual* PKZIP anymore? In Windows most people use WinZIP (or one of its many clones) while most unix-ish systems use zip/unzip. I think what PK does to the format has long ago lost any relevance. If a major player like WinZIP announced an open encryption format of their own I'd expect now days more people would support that over PK's now proprietary stuff.

ideally, extension = whatever the heck you want.

[Craig+Ringer]

This is what MIME is for. Rather than adding yet more incomprehensible 3-letter codes on the end of filenames, why don't we use slightly-less-incomprehensible MIME coding in the filesystem metadata?

Think something (under UNIX) like:
$ ls -t filename
file image/jpeg

More and more filesystems support it, as do some other apps. I seem to remember talk of internal MIME type tracking being possible in WinFS (the SQL-Server based MS filesystem for their newer OSes) and maybe even NTFS, as well as in Reiser4, Ext3, maybe reiser3, and no doubt others.

The file extension is the horrible legacy of the MS-DOS 8.3 filenames, and we'd be well rid of it. I'd expect a LONG transition period though (file ext commonly used, but MIME type understood, always used where supported, and considered authorative) - yuk.

Tar is not the other half you need

[Craig+Ringer]

Gzip is all well and good, but as you point out only does half the job. Tar /could/ be used for archiving, but I'd prefer a format not designed around the concept of linear tape archives myself.

Perhaps something with indexing and the ability to be CLEANLY EXTENDED for more file attributes in the future (MIME type, etc) so that they could be ignored if not undersood?