Slashdot Mirror
PKWare and Winzip Reach A Secure Zip Compromise
richard_za writes "Until now the rival compression software vendors PKWare and Winzip have had different (incompatible) ways of password protecting the ZIP format. In a bid to prevent fragmentation of the standard they have agreed to have their software support opening of the other's files. They have however not agreed to support a single standard. PKZip's encryption is RSA-based while Winzip use an AES approach which is fully documented here.
The Register is running this story. PKWare has this press release."
PowerArchiver is shareware and supports lots of encryption standards (and file formats). Extracted from http://www.powerarchiver.com/features/ >Encryption of files and archives using 5 different methods: Blowfish (128-bit), DES (64-bit), Triple DES (128-bit), AES 128-bit, and AES 256-bit
Both formats still allow you to view the filenames contained within the protected archives, and the only way around that is to zip the protected zip file again to hide this information. This is inelegant - they'd be better off agreeing an improved third standard.
biopowered.co.uk - catalytically cracking triglycerides for home automotive use since 2008. Just say no to big oil!
Here's a brief history of Phil Katz
7zip is pretty cool - much better compression than ordinary zip. So I wonder if 7zip will support PKZip/WinZip encryption... From the looks of their fileformat page, they support AES encryption... :)
Oh yeah and 7zip is under the LGPL license
Any technology distinguishable from magic, is insufficiently advanced.
RarLabs.com
I love it, use it and bought it!
I couldn't care less about WinZip. WinRAR came in version 3.30 today, for the same price as WinZip and a lot more features. IMHO, it would be better than WinZip even if it didn't support RAR, simply from its arhiver support and features. :-)
:-)
:-P
That it happens to use the superior RAR format makes the decision easy for me. We're installing it at our company too, since it isn't even a hard to use archiver for geeks in any way. I know about for example bzip2 and 7-zip, but 7-zip still seems like a rather immature archiver, although it's interesting. The problem is the lack of a good feature set besides the core archiving part. And the official bzip2 package compiled for Windows doesn't come with a GUI so that makes it a bit less useful to me at least, especially when RAR has a comparable compression ratio. Sure, I can use a command line archiver, but I wouldn't like to.
The only downside I can see is that RAR is a closed source format, with only the decompressor being open.
Sometimes, I think it's better to not have two different companies trying to get control over a single format.
Beware: In C++, your friends can see your privates!
...then both share a common flaw: you have to unpack the container to work on the files within, and that leaves the unpackaged files open to interception.
I've been using ScramDisk to store my critical data. For those using a newer OS than I do, there is an updated version called DriveCrypt. Both gves you the choice of what sort of encryption to use and you can use up to four passwords on any given file. It also supports stegnography.
In short, I don't give a rats ass about what sort of encryption PKZIP or WinZip supports - if the file contains things I want protected, I'll zip it as normal and then drop it into a ScramDisk container.
Everything in the world is controlled by a small, evil group to which, unfortunately, no one you know belongs.
Oops. For the script kiddies that should be:
/path -Bxvf -'
tar Bcf - . | gzip -1c | rsh -n over_there 'gzip -dc | tar -C
And YES, I know there are Good Reasons why zip has the directory last. I just don't see they're universally necessary.
.tar.bz2.asc
.bz2 file and choose "Encrypt file".
Encrypted (open PGP), and uses less disk space/bandwidth than RAR files.
It's easy as well. In Konqueror 3.2, right click on a file or folder, and choose "Create bzipped archive", then right click on the
Follow me
As I've understood it, ZIP compresses files one by one. "Tar and feather" compression, on the other hand, is based on merging the files in an archive and then compressing the whole lot. This may result in a slightly better compression ration because multiple files can be examined at single time (for example, if you're compressing text files, like source code, the similarities in two files might be picked up in a single compressed block).
Also, tar and the future formats are "native" *NIX formats, so the file system metadata is more likely stored correctly. Not necessarily so in formats born in non-*NIX worlds. (ZIP file format, I think, now supports owner/permission info, sorta, I think, at least in infozip's *NIX port; not sure if RAR format does.)
Yeah, if it wasn't for the ability to have tar run the archive through b/gzip for me with the -g or -j flag, I would probably just use plain tar files. However, it is convenient enough to just stick the j in, so I bzip all my archives.
That said, when I used to use Windows, if I needed an encrypted ZIP file, I zipped it up with 7-zip, and ran the resulting zip archive through PGP to encrypt it. Archiving and encryption are separate. However, a flag for tar to run the final archive (after bzipping) through GPG would be nice. Otherwise, I would have to be un-lazy and type out a longer command, or be really un-lazy and make a wrapper script. And I am too lazy for that.
/usr/games/fortune
According to this apge, RAR uses AES-128 encryption (see the last paragraph).
Follow me
I suspect that Infozip's tool won't handle ZIPs encrypted with recent versions of PK's or WZ's software....
That's because Info-ZIP is waiting for volunteers to produce a patch to read and write WinZip's fully documented encryption.
I don't know abot PKWare's windows zip program (the last time I used it, which was only once, their gui was atrocious) but at least in the case of WinZip, upgrades are free, and the serial numbers haven't changed in aeons, so there is no excuse for not upgrading. It's not like winzip is a huge program.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Whereas WinZip have chosen an off-the-shelf algorithm, a GPL implementation of that algorithm and published the full specs to how they've extended the zip format.
So a user who knows not about such matters might conclude that PKZip performs like a slug, costs more thanks to licencing or is non-standard while WinZip is none of those things.
Depends on how you look at it?
Gzip is GNU's version of zip and was made - as in most cases - as a Free alternative to avoid problems with patents (LZW, I believe in this case). Gzip can only create archives with single files, which is okay, because this is where Tar comes in.
Tar (the Tape Archiver), as you know simply stores multiple files in a single file. You could create the file on a tape drive (hence the name), but these days you'd probably just pipe it into your archive program of choice.
Bzip is a more sophisticated archiver and uses a block-sorting algorithm, like RAR, which generally allows for better compression.
So basically, I'd say Bzip is most certainly better than your average zip programs. As for Gzip, I haven't compared it to PkWare's zip, but I would expect similar compression ratios.
When you need and archiver that works as a filter, both Gzip and Bzip - as opposed to most other archivers - will provide this. Say:
ls /home/some_user -la | gzip | uuencode file_list.gz | mail -s "Here's directory listing of your home dir" some_user@domain.com
You can probably think of a better example. :-)
zWhat would an EWOULDBLOCK block, if an EWOULDBLOCK could block would? -- me
.tar.bz2.asc ...uses less disk space/bandwidth than RAR files.
Um, no. For all the files I've ever archived, RAR ends up about 5-8% smaller than tar + bzip2.
Bzip2's advantage that it's free and open (and compresses better than the archaic zip and gzip). It does not compress better than RAR.
If you want to champion a free compression tool, I suggest 7-zip, which does often do better than RAR, but has a rather pathetically small user base.
Yes; as other posters have pointed out, you can not only open ZIP files in Windows XP natively and use them as if they were normal folders *without installing a third-party piece of software*, but you can add and remove files from these ZIP archives quite easily (drag-'n-drop) and even create new ZIP archives quite easily, too: either right-click file -> Send To -> Compressed Folder, or right-click empty space -> New -> Compressed Folder, and start dragging things into it.
Of course, if you want to verify this yourself, you are going to have to make sure that you test it on a virgin XP box that you haven't raped yet by installing WinZip on it...that'll kill the built-in ZIP "folder" class as WinZip messes with the file associations.
Oh, and by the way, the Windows ZIP folder class has been around since Windows 98, when it came with the Windows 98 Plus! pack. The first version of Windows to include it as part of the operating system was Windows ME. And if you look hard enough, you can actually find a copy of it on Microsoft's web site (disguised as an update/bug fix for the ZIP folder; it won't install if you don't have it already, but you can extract the files from the self-extracting CAB and install it manually). It runs on virtually every Win32-based Microsoft OS. Heck, I have managed to install and use the Microsoft ZIP folder on Windows NT 4.0 (regsvr32 zipfldr.dll), and it ran perfectly fine.
Infinitely superior to WinZip in every way (except for the fact that it doesn't do disk spanning). It even has an encryption feature.
IIRC PGP/GPG zip their input by default. Less redundancy means better encryption. I just checked my gpg and it uses zlib by default. No point on zipping it twice. Though if you're using bzip2 you'll probably save some space.
Give me Classic Slashdot or give me death!