Slashdot Mirror

← Back to Stories (view on slashdot.org)

PKWare Files a Patent Application for Secure .zip

Posted by michael on from the dumb-de-dumb-dumb dept.

prostoalex writes "The battle of ZIP formats might intensify as PKWare filed an application with USPTO to obtain a patent on its Secure Zip technology, which pretty much involves archiving with strong cryptography. If the patent gets granted, PKWare will license its algorithms for other software manufacturers. A representative of Aladdin Systems summed it up: "The good thing about the .zip file format was that you knew you could send it to everyone. Now that's getting broke.""

18 of 281 comments (clear)

  1. Re:Use PGP by Nathan+Ramella · · Score: 5, Interesting

    Doesn't PGP already compress things before it encrypts? (Adds to the difficulty in decyphering it..)

    --
    http://www.remix.net/
  2. 7-zip by fredrikj · · Score: 4, Interesting

    Everybody, start using the (open source) 7-zip instead.

    1. Re:7-zip by Anonymous Coward · · Score: 1, Interesting

      I've used 7-Zip... it sucks donkey cock in terms of interface design. I've been using FilZip as of lately. It handles basically any file format flawlessly (even RAR and ACE!) with a nice interface that doesn't suck as much cock.

  3. just another example... by Satan's+Librarian · · Score: 5, Interesting
    of a a company going to hell after its founder is gone, it can't innovate anymore, and it starts getting beaten to a pulp by its competitors.

    seems like a familiar story to me.

    --
    I write code.
    1. Re:just another example... by interiot · · Score: 2, Interesting

      Interesting how some dying companies spawn off their stuff as open source, and some put 100% of their efforts on suing others for IP infringement.

    2. Re:just another example... by FattMattP · · Score: 3, Interesting

      Can't innovate anymore? How about can't innovate to start with? Phil Katz took an open-source program, copied it wholesale, rewrote some stuff in assembler, and ignored the original author's license entirely.

      --
      Prevent email address forgery. Publish SPF records for y
  4. gzip? by mwing · · Score: 2, Interesting

    I think all windows Zip software supports tar and gzip.. Why, oh why do people still compress everything with zip? If they want to compress whatever they want, why not use the open standards?

    Hell, even the "pirates" and "hackers" are using something else (rar, ace).

  5. encrypting version of gnu tar by phr2 · · Score: 4, Interesting
    Would an encrypting version of GNU Tar be prior art? I put Blowfish into GNU Tar in the mid 90s and posted to Usenet about it in 1996 and at various other times. I've offered to send out copies and a few people have asked for and gotten them. I'd think that constitutes publication.

    There's also a Usenet thread about encrypting archive programs including some modified Zip programs.

  6. i thought good cyphertext can't be compressed by kaltkalt · · Score: 2, Interesting

    Just thinking out loud to myself here. I thought good cyphertext is as close to random as possible, and thus can't be compressed. Or can you compress the file first, then encrypt it? I am no expert on this (obviously) so I could be totally pulling this from my ass. Anyone know how this works?

    --

    Stupid people make stupid things profitable.
  7. Re:Use PGP by Ian+Bicking · · Score: 2, Interesting
    Also you can't usefully compress encrypted content -- if you could find compressable patterns in an encrypted message, it wouldn't be very well encrypted, would it?

    A strong encryption process shouldn't need compression for security. But compression can easily improve the speed of the encryption, since if you compress the text that means that much less text to encrypt (and compression is usually a lot faster than encryption).

  8. help, I don't understand by lfourrier · · Score: 4, Interesting

    1. "What we've filed a patent for is the whole method of combining.zip and strong encryption to create a secure.zip file," said Steve Crawford, the chief marketing officer at PKWare. The patent was filed with the Patent Office on July 16, he said.
    2.In May of this year, WinZip developed its own method of strong encryption, which incompatible with the PKWare product.
    3.Crawford believes that WinZip will be a potential licensee. "The basic approach of combining encryption of.zip is covered by the patent, so what WinZip has done, I believe, would be covered by the patent."

    If 3 is true, 2 is clearly prior art. So why patent?

    There is something rotten in IP kingdom.

  9. Re:The next widespread compression by Ian+Bicking · · Score: 3, Interesting
    I believe the zip format allows for much faster decryption of individual files inside an archive, compared with tar+gzip -- pkzip keeps an index of all the files in the archive, whereas gzip is content neutral, so you have to decompress to get at the underlying tar file.

    .gz.tar would be something different (a tar with its constituent files gzipped). I know nothing about how efficient tar is about accessing individual files, but I don't believe it's very efficient.

  10. Re:No, that's not the reason by Anonymous Coward · · Score: 3, Interesting

    I agree. Encrypted data which occupies the same space as the decrypted data should, in principle, be just as compressible as the decrypted data.

    The problem (if it is indeed a problem) is that compressing the data may, in practice, be as hard as decrypting the data.

  11. Except Katz didn't innovate that much. by Watts+Martin · · Score: 4, Interesting

    Except that they started out in hell, because their founder ripped off Thom Henderson's ARC to make his original program.

    Back in the BBS days, we were all rallied to support good ol' Phil against the evil Big Company, System Enhancement Associates, who was suing to keep Phil's faster PKARC from eating the original ARC program's lunch. BBS sysops were encouraged to boycott ARC. It worked. It ruined System Enhancement Associates.

    Except the funny thing is, SEA was right. They won the lawsuit because Katz hadn't just reimplemented ARC, he stole their source code. That always gets left out of the retelling, even though the reason ZIP exists as a format is because Katz was ultimately prevented from using the ARC format and compression routine. The reality is also that even then, PKWare was a bigger company than SEA ever was. ARC was a commercial program, but had a very unusual license (for the time) allowing people free access to the source code if they wanted to port it to non-DOS platforms. Katz baldly abused this license and, in the end, got away with it. ZIP did end up with an improved compression scheme which I presume PKWare came up with, although there's some evidence that the all-but-ignored ARC 7 outperformed it. (PKARC was, IIRC, based on ARC 5.)

    Ben Baker has a description of the history of this whole affair at the website of Thom Henderson (ARC's author). Henderson also has his own commentary, which I would describe as "gently acid."

  12. Re:Use PGP by Anonymous Coward · · Score: 2, Interesting

    It has allways been my impression that the biggest use of PGP is exchanging short messages and documents.

    The main reason I picked 1 gig as an arbitrary number when starting a thread is this: I came up with a backup system that backs up the files on the network I admin. This can create a severe security hazard. For instance I have accounting, HR, and management's files all on the same computer - this would be a jackpot if anyone busted through our firewall and managed to hack the backup server itself - which is moderatly secure.

    So compression is a must where I work because backups are exported to remote locations (via sftp or whatever). But the question is - how do I secure this stuff, and if a user blows up their machine or mor likely wacks a few files, how do I get the file back, and how long does it take until I can give it back. A "secure" zip might not be much faster zipping and may not do as good with compression, but getting one file back is a hell of a lot easier.

    btw, I do essentially just bzip > openssl aes for now

  13. Re:PKZIP is irrelevant now, anyway. by Anonymous Coward · · Score: 1, Interesting

    >The .ARC extension had been in use since just about
    > the dawn of time, but SEA sued Phil Katz for using it.

    Incorrect. SEA sued Phil Katz for using their source code illegally in violation of their license agreement. SEA made ARC open source and permitted you to port it to any platform you wanted as long as you kept it free. They were also selling the DOS version. Phil Katz copied their source, rewrote the core in assembly instead of C, and then advertised how much faster his code was in in magazine adds selling it.

    http://www.esva.net/~thom/baker.html

  14. Re:PK by nadaou · · Score: 2, Interesting

    It should be noted that Mr. P.K. had some murky IP issues of his own. Basically he did some assembly level editing & optimizing of Thom Henderson's .ARC format and released it as his own, which grew to be .ZIP..
    He basically stole it.

    http://www.esva.net/~thom/philkatz.html


    Any karma really belongs to the person who posted this last time it came up on slashdot, but I thought this should be mentioned at +2.

    --
    ~.~
    I'm a peripheral visionary.
  15. A modest proposal by dradler · · Score: 2, Interesting

    This is a copy of something I posted on this subject on comp.compression: Darryl Lovato wrote in message news:... > Both companies appear to be fighting to be the "owner" > of the .zip file format, but IMHO, the day that Phil Katz > released the tech specs to the world, the user community > became the owner of the .zip format. Actually, Phil Katz quite explicitly and intentionally made both the ".zip" extension and the zip format public domain. He also committed to updating the PKZip application note, which describes the format, as the PKZip product evolved. That promise was kept while he was alive. Now however, PKWare appears to want to make parts of the format a trade secret, which as you point out completely undermines what makes the .zip format useful in the first place. In addition to the encryption, they have also declined to document the deflate64 format in their application note, despite at least two revisions of that note since deflate64 was introduced. In this case, it turns out to be not very difficult to reverse engineer the format. However the corporate intent is clear. The corporate intent is also self-destructive. So, now may be the time for the community, in particular the community that reads this newsgroup, to develop an open, scalable cross-platform format that supports archives of directory structures, files, and meta-data, high-quality lossless compression, and high-quality encryption and authentication. "Cross-platform" does not mean "Windows and Mac", but rather as wide a range of platforms as there are contributors. The PNG format effort is in my opinion a good model for this sort of development. (I played a small part in that development.) A difficulty with this concept is that the development of high-quality compression over a wide range of types of data requires a great deal of time, determination, and expertise--perhaps more so than one should expect to achieve in contribution to a free, open-source effort. Therefore I might suggest a compensation scheme where corporate users of the software would be obligated to contribute directly to the authors of the compression/decompression methods that they use. This would encourage the development of better compression methods over time, in whatever dimensions are of interest to the paying users (space, time, specialized models for specific data, etc.). How it would be decided when to add a new method to the official format is left as an exercise for the reader. Also whether or not to accept methods with patented components, licensed for free use, is left for the reader to ponder. In any case, as much thought would probably have to be put into the business and legal model as is put into the format itself. I am posting this idea merely to stimulate discussion. I personally don't have the time or inclination to play a major role in such a development. (My day job is both interesting and time-consuming.) But if a good group is motivated to do so, and can produce on a schedule, I'm thinking on the order of 12 to 18 months, everyone will benefit greatly in the long run. Mark Adler (co-author of Info-ZIP, gzip, and zlib.)