Slashdot Mirror


PKWare and Winzip Reach A Secure Zip Compromise

richard_za writes "Until now the rival compression software vendors PKWare and Winzip have had different (incompatible) ways of password protecting the ZIP format. In a bid to prevent fragmentation of the standard they have agreed to have their software support opening of the other's files. They have however not agreed to support a single standard. PKZip's encryption is RSA-based while Winzip use an AES approach which is fully documented here. The Register is running this story. PKWare has this press release."

4 of 219 comments (clear)

  1. Ten years too late by heironymouscoward · · Score: 5, Insightful

    Zip file management has virtually been absorbed into both Windows and Linux, and even if these two vendors agreed on a standard it would not mean much. PKzip became irrelevant when Infozip's portable zip tool became widely available, around 15 years ago. Further, all archiving tools today already deal with such a variety of formats that I can't see the crying need for a standard.

    --
    Ceci n'est pas une signature
  2. The issue is encryption standards by aheath · · Score: 5, Insightful
    The real issue here is that PKWARE and PKZIP chose to use RSA encryption to secure ZIP files. A digital certificate or a password can be used to encrypt the file. WinZip is use AES encryption to encrypt ZIP files. PKWARE products will now be able to read WinZIP encrypted ZIP files. WinZip products will now be able to read PKWARE encrypted ZIP files.

    There is still a problem with interoperability at the level of creating encrypted ZIP files. There is no longer a problem with interoperability at the level of reading encrypted ZIP files. The best way for this problem to go away would be for PKWARE to expand the SecureZIP standard to include RSA and AES encryption.

  3. Re:no difference as far as the user is concerned by vasqzr · · Score: 5, Insightful

    What about those people who use a version that isn't the latest and greatest?

    2 standards only cause confusion. Remember the Word 95/97/2000 confusion?

    "Call him back and tell him we need it saved as Word 95!"

  4. Creeping Featurism by irw · · Score: 5, Insightful

    As plugins to existing applications are so popular these days, I see this issue as an irrelevance.

    Both sides are competing using incompatible creeping featurism. Last I looked, Zip applications where supposed to combine and squash files (and that was enough).

    What should be done is to separate the operations:
    - file browsing (WinRAR's interface trumps both)
    - archiving (combining files)
    - compression
    - encryption

    and implement the latter three as functions of the first using plugins (and let the user choose).

    Incidentally, Zip's file format (directory last) sucks. It is practically impossible to do the following using zip:

    tar Bcf - . | gzip -1c | rsh -n over_there gzip -dc | tar -C /path -Bxvf -

    To this end, plugins suggested above should be written as filters where possible.

    I have no problem with browser-like interfaces combining other functions, but the Golden Rule still stands: One Tool, One Job.