PKWare and Winzip Reach A Secure Zip Compromise

richard_za writes "Until now the rival compression software vendors PKWare and Winzip have had different (incompatible) ways of password protecting the ZIP format. In a bid to prevent fragmentation of the standard they have agreed to have their software support opening of the other's files. They have however not agreed to support a single standard. PKZip's encryption is RSA-based while Winzip use an AES approach which is fully documented here. The Register is running this story. PKWare has this press release."

no difference as far as the user is concerned

[MrRTFM]

if either program opens the others files the user wont (and shouldn't have to) give a shit which method is used.

"As long as it works"

Re:no difference as far as the user is concerned

[vasqzr]

What about those people who use a version that isn't the latest and greatest?

2 standards only cause confusion. Remember the Word 95/97/2000 confusion?

"Call him back and tell him we need it saved as Word 95!"

Re:no difference as far as the user is concerned

[DrXym]

Well yes and no. PkZip seems to have licenced RSA BSAFE for their mechanism which make it less likely you'll see versions of InfoZip that support it (at least fully) because it is more complex and possibly proprietary. So there goes portability. And let's hope it doesn't favour some appallingly slow public key based encryption.

Whereas WinZip have chosen an off-the-shelf algorithm, a GPL implementation of that algorithm and published the full specs to how they've extended the zip format.

So a user who knows not about such matters might conclude that PKZip performs like a slug, costs more thanks to licencing or is non-standard while WinZip is none of those things.

Ten years too late

[heironymouscoward]

Zip file management has virtually been absorbed into both Windows and Linux, and even if these two vendors agreed on a standard it would not mean much. PKzip became irrelevant when Infozip's portable zip tool became widely available, around 15 years ago. Further, all archiving tools today already deal with such a variety of formats that I can't see the crying need for a standard.

Re:Ten years too late

[nathana]

Yes; as other posters have pointed out, you can not only open ZIP files in Windows XP natively and use them as if they were normal folders *without installing a third-party piece of software*, but you can add and remove files from these ZIP archives quite easily (drag-'n-drop) and even create new ZIP archives quite easily, too: either right-click file -> Send To -> Compressed Folder, or right-click empty space -> New -> Compressed Folder, and start dragging things into it.

Of course, if you want to verify this yourself, you are going to have to make sure that you test it on a virgin XP box that you haven't raped yet by installing WinZip on it...that'll kill the built-in ZIP "folder" class as WinZip messes with the file associations.

Oh, and by the way, the Windows ZIP folder class has been around since Windows 98, when it came with the Windows 98 Plus! pack. The first version of Windows to include it as part of the operating system was Windows ME. And if you look hard enough, you can actually find a copy of it on Microsoft's web site (disguised as an update/bug fix for the ZIP folder; it won't install if you don't have it already, but you can extract the files from the self-extracting CAB and install it manually). It runs on virtually every Win32-based Microsoft OS. Heck, I have managed to install and use the Microsoft ZIP folder on Windows NT 4.0 (regsvr32 zipfldr.dll), and it ran perfectly fine.

Infinitely superior to WinZip in every way (except for the fact that it doesn't do disk spanning). It even has an encryption feature.

Who's running PKWare

Since the PKZip guy killed himself?

Re:Who's running PKWare

[vasqzr]

Here's a brief history of Phil Katz

Re:Who's running PKWare

[FattMattP]

Here's the rest of the story.

The issue is encryption standards

[aheath]

The real issue here is that PKWARE and PKZIP chose to use RSA encryption to secure ZIP files. A digital certificate or a password can be used to encrypt the file. WinZip is use AES encryption to encrypt ZIP files. PKWARE products will now be able to read WinZIP encrypted ZIP files. WinZip products will now be able to read PKWARE encrypted ZIP files.

There is still a problem with interoperability at the level of creating encrypted ZIP files. There is no longer a problem with interoperability at the level of reading encrypted ZIP files. The best way for this problem to go away would be for PKWARE to expand the SecureZIP standard to include RSA and AES encryption.

Re:Easy to crack?

[Troed]

Old zip-encryption used three internal 32-bit keys - which by today's standard is quite easy to break. You need 11 bytes (or was it 14?) of known cleartext though when searching.

The breaking of zip-encryption was considered to be quite a feat when it happened in the middle of the 90's, if memory serves me correctly.

Symmetric vs. asymmetric

[kasperd]

I doubt that PKZip is based only on RSA. RSA is an asymmetric encryption. For some purposes this is nice, but it is inefficient. For that reason you almost always use asymmetric encryption together with a symmetric encryption. You generate a one time symmetric encryption key. The data is encrypted with the symmetric key, typically in CBC or CFB mode. Then only the symmetric encryption key is encrypted asymmetrically, which means much better speed.

Actually I think this is one of the cases, where there is no need for asymmetric encryption at all. So AES sounds like a better idea. Can anybody explain why PKZip use RSA? And which symmetric cipher is it combined with?

Re:Symmetric vs. asymmetric

[hey!]

Actually I think this is one of the cases, where there is no need for asymmetric encryption at all.

That's only true if you are interested in creating an archive for your own future use. However, if you are interested in exchanging archives with other people, then you have the headache of key exchange, and assymetric encryption is quite useful. Probably most people who need to do this would prefer a solution that handles e-mail and other kinds of documents as well. However if you already have the public key infrastructure in place, it is probably going to be nice to use it for your zip archives too, in a belt-and-suspenders kind of way. I haven't looked at the PKZIP product, but the assymetric encryption should allow for digial signatures on archives as well, which would provide authentication and non-repudiaiton.

I'd say that the PKZip way would be more attractive to companies that need enteprise wide security and may have built it around RSA, and the WinZip way would be adequate for users who simply want to avoid having people poke around in their files.

I wonder if 7zip will support both?

[Daath]

7zip is pretty cool - much better compression than ordinary zip. So I wonder if 7zip will support PKZip/WinZip encryption... From the looks of their fileformat page, they support AES encryption...
Oh yeah and 7zip is under the LGPL license :)

Re:I wonder if 7zip will support both?

[fredrikj]

Meh use tar/bzip2. That gets better compression than 7zip.

Well, no. 7zip's 7z format is generally FAR superior to bzip2 in terms of compression ratio.

A few examples:
doom2.wad: 14604584 bytes
doom2.wad.bz2: 5868846 bytes
doom2.7z: 4560296 bytes

All MIDI files I've made: 8146186 bytes
music.tar.bz2: 1007529 bytes
music.7z: 630357 bytes

The Python-2.3.2 source code:
unpacked: 33378982 bytes
python.tar.bz2: 7216151 bytes
python.7z: 6034907 bytes

Those might not even be optimal values. 7z lets you customize a number of parameters (dictionary size, etc) at the expense of compression and decompression speed.

Also note that the 7z format is modular and can use any compression method supported by the program, including bz2. More info on Wikipedia.

Merry Poppins Encryption

They should name the one ecryption scheme:
Zip-a-dee-do-da

and the other encryption scheme:
Zip-a-dee-day

They could even create new encryption algorithms based on finding the primes of "supercalifragelisticexpealidocious" in various base-N counting systems...

Ooohhh.. what fun. Makes me want to dance on the rooftops with a bunch of chimney sweeps, seeing songs about PKWare and WinZip... Next thing I know, I'm going to get hired as a Window cleaner...

Re:Easy to crack?

[mwilliamson]

I don't care even if zip is using 2046 bit RSA keys...it's fairly easy to crack when all you have is a few dozen bits of entropy derived from a lame password. Remember, why bother brute forcing the key when is's easier to brute force the password used to generate the key. I'd bet most people using zip for encrypting their files choose dictionary passwords. Easy to crack? What do you think?

BTW, the same doesn't quite hold true for PGP/GPG users because they use a key that includes much more entropy than which is derived from the password. Also, the password itself is useless in generating the key. If they choose lame passwords (or none at all), you'd still have to steal their key.

Why bother?

[Ckwop]

I have PGP to encrypt the zip files.. This software has recieved a lot attention and we know that it's probably okay!

The new standard these guys may agree will have recieved little public analysis when it is fielded.. Not something to trust at all!

Simon.

RAR

[Jugalator]

I couldn't care less about WinZip. WinRAR came in version 3.30 today, for the same price as WinZip and a lot more features. IMHO, it would be better than WinZip even if it didn't support RAR, simply from its arhiver support and features. :-)

That it happens to use the superior RAR format makes the decision easy for me. We're installing it at our company too, since it isn't even a hard to use archiver for geeks in any way. I know about for example bzip2 and 7-zip, but 7-zip still seems like a rather immature archiver, although it's interesting. The problem is the lack of a good feature set besides the core archiving part. And the official bzip2 package compiled for Windows doesn't come with a GUI so that makes it a bit less useful to me at least, especially when RAR has a comparable compression ratio. Sure, I can use a command line archiver, but I wouldn't like to. :-)

The only downside I can see is that RAR is a closed source format, with only the decompressor being open.

Sometimes, I think it's better to not have two different companies trying to get control over a single format. :-P

Re:Easy to crack?

[Troed]

My passwords are usually >16 characters long, some are more than 30 (depends on the strength of the algorithm they're used in). While I agree that a lot of people use easy to guess passwords, the old zip encryption was most easily broken through the internal key - NOT by brute forcing the password. Do the math if you don't believe me ;)

A-Z,a-z,0-9 and a few special chars makes a 24 char password contain 128 bits of entropy. That's secure enough for everyone using symmetric ciphers.

Do one thing...

[Ed+Avis]

I don't really see why it makes sense for zip and unzip programs to care about encryption. If you want to encrypt the whole archive, it's simple to use GPG on the whole thing. If you want encryption on a per-file basis - again, use GPG on individual files before or after archiving. This is true on Windows too, using whatever your preferred GUI encryption program might be.

The only reason to stuff both functions into a single program seems to be the perennial problem of installing anything on Windows systems (you can't assume that an encryption tool is available) and marketing - why should users pay $20 twice for two different pieces of tacky shareware when they could pay Winzip $40 for one?

Creeping Featurism

[irw]

As plugins to existing applications are so popular these days, I see this issue as an irrelevance.

Both sides are competing using incompatible creeping featurism. Last I looked, Zip applications where supposed to combine and squash files (and that was enough).

What should be done is to separate the operations:
- file browsing (WinRAR's interface trumps both)
- archiving (combining files)
- compression
- encryption

and implement the latter three as functions of the first using plugins (and let the user choose).

Incidentally, Zip's file format (directory last) sucks. It is practically impossible to do the following using zip:

tar Bcf - . | gzip -1c | rsh -n over_there gzip -dc | tar -C /path -Bxvf -

To this end, plugins suggested above should be written as filters where possible.

I have no problem with browser-like interfaces combining other functions, but the Golden Rule still stands: One Tool, One Job.

Trapped by pkware!

A very dumb company I once worked for chose pkware to archive (and sell) many terabytes of text and images. Unfortunately this was done through a binary only pkware library (for SCO but running on Sequent).. This decision was made around '92 (when many superior alternatives available), before my arrival.

In the mid-90's they wanted to migrate off of their crap sequent boxes to something better.. Unfortunately, pkware refused to accomodate them by porting the library version to SGI.

The company was in a bit of a panic as the sequent gear was no longer a viable solution. New customers and scalability problems were rapidly increasing..

I suggested that they simply decompress on the Sequent and re-compress on the SGI with a better algorithm (source). Forget using pkware. The migration could have been automated such that customer requests resulting in a de-compress would re-file the data in the new system. Requests would check the new servers first. Pretty simple. Batch conversions could occur during off-peak times.

Nope. Too easy. That would not have been a sufficient crisis.. People would not have looked busy enough.

The amount of money they were offering pkware finally became sufficient for them to do a version for SGI. So they kept using pkware.

Oh yeah.. They re-hired the guy who originally decided to use pkware (as a consultant).

Unicode

[Midnight+Thunder]

A little off topic, but it would be nice if the decided to start supporting unicode filenames in Zip files. With unicode becoming more common in OSs ( this inclues MacOS X, Linux and MS-Windows), I find it ridiculouse that this doesn't even seem to be on their scopes. Well at least it seemed that way when I contacted PKware.