Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
ZIP (file format)
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Encryption === ZIP supports a simple [[password]]-based [[symmetric-key algorithm|symmetric encryption]] system generally known as ZipCrypto. It is documented in the ZIP specification, and known to be seriously flawed. In particular, it is vulnerable to [[known-plaintext attack]]s, which are in some cases made worse by poor implementations of [[random-number generator]]s.<ref name="zipattack">{{cite web|author=Stay, Michael|url=http://math.ucr.edu/~mike/zipattacks.pdf|title=ZIP Attacks with Reduced Known Plaintext|website=Math.ucr.edu|access-date=2017-09-09|archive-url=https://web.archive.org/web/20171028074139/https://www.cs.auckland.ac.nz/~mike/zipattacks.pdf|archive-date=2017-10-28}}</ref> Computers running under native [[Microsoft Windows]] without third-party archivers can open, but not create, ZIP files encrypted with ZipCrypto, but cannot extract the contents of files using different encryption.<ref>{{Cite web |title=How To Password Protect A Zip File |author=Sandeep |website=Tech News Today |date=15 September 2021 |url= https://www.technewstoday.com/password-protect-a-zip-file/}}</ref> New features including new [[Data compression|compression]] and [[encryption]] (e.g. [[Advanced Encryption Standard|AES]]) methods have been documented in the ZIP File Format Specification since version 5.2. A [[WinZip]]-developed AES-based open standard ("AE-x" in APPNOTE) is used also by [[7-Zip]] and [[Xceed (software company)|Xceed]], but some vendors use other formats.<ref>{{cite web|url=https://www.winzip.com/win/en/aes_info.html |title=AES Encryption Information: Encryption Specification AE-1 and AE-2|website=Winzip.com|access-date=2017-09-09}}</ref> PKWARE SecureZIP (SES, proprietary) also supports RC2, RC4, DES, Triple DES encryption methods, Digital Certificate-based encryption and authentication ([[X.509]]), and archive header encryption. It is, however, patented (see {{section link||Strong encryption controversy}}).<ref name="pkware">{{cite web|url=http://www.pkware.com/support/zip-app-note/|title=APPNOTE - PKZIP/SecureZIP - PKWARE Support Site|website=Pkware.com|access-date=9 September 2017}}</ref> [[File name]] [[encryption]] is introduced in .ZIP File Format Specification 6.2, which encrypts metadata stored in Central Directory portion of an archive, but Local Header sections remain unencrypted. A compliant archiver can falsify the Local Header data when using Central Directory Encryption. As of version 6.2 of the specification, the Compression Method and Compressed Size fields within Local Header are not yet masked.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)