Compression Forensics



  • I having been using Power Archiver exclusively for several years. Recently I have run into a problem that required me to reload WinZip along side Power Archiver. I’ll explain the situation in hopes that it is possibly a configuration issue and if not a configuration issue then an idea for future functionality.

    At the heart of the problem is that part of my job requires forensic examination of digital information. One of the techniques used for opening password protected .zip files is called a Known plaintext attack.

    As described in the above article the plaintext version of the archive must match the encrypted version of the archive minus the encryption. The problem I have discovered is that the same file compressed with Power Archiver and WinZip yields two different resulting files. I have tried every setting that I can image that would effect the creation of the file but in the end I can not get a file encrypted with WinZip to be attacked with a plaintext version compressed with Power Archiver.

    It has been my experience that programs that enable this type of attack check the CRC value of the encrypted file against the CRC value of the compressed plaintext file and the values between Power Archiver and WinZip do not match.

    So basically what I am seeking is a way to have Power Archiver compress a file so that it is identical (forensically the same) as a file compressed with WinZip. Is this possible today via some combination of settings? If not possible today is this (check box for WinZip forensic compatibility) something that could likely be added in a future version?



  • I would think that is was not possible unless PowerArchiver and WinZip both use the same compression engine. Yet, I’m no software programmer.


  • conexware

    It is not possible because of several reasons - zip engines are not the same which means that when you compress both files, you will end up with different results. Even more important, they use different encryption. PA uses PkWare’s standard while WZ uses WinZip standard. Both can read each other though but they differ.

    thanks



  • Just to be clear how encryption is implemented in either program is not the issue. The need is to have the non-encrypted files be the same between the two programs.

    Specifically I need a way to create a standard non-encrypted ZIP file with Power Archiver that would have the same CRC (and I suppose MD5 & SHA-1 hashes) as a standard non-encrypted ZIP file created with WinZip.

    In my naivety I am thinking that the ZIP format would allow for two programs to compress the same file in the same way thereby ending up with the same compressed file as a result.



  • As already stated by spwolf, PA and WZ use different Zip engines - so this is not likely to be possible for “real world” situations (by which I mean actually using compression as opposed to just “store”).
    The same would apply for other utilities such as 7-zip, which also uses a different zip engine.

    I have not checked but I would not be surprised if this could be a problem even using the same utility, but in different versions e.g. PA V7.0 vs PA V9.0 (or WZ V7.0 vs WZ V10.0).



  • there is one way ond only one which would be impractical but fesiable have two zip engines in the same program not worth it though. might as well install two programs but just a thought.

    winzip is solid but not upgraded regualy and if you look at winzip the features are a lot like powerarchives and pa came out with some of them when it was freeware.

    but each program have their benifts.



  • You may not vote on this poll

    😞



  • @klumy:

    😞

    I can’t vote either. But, I think it’s kind of a dead issue at this point.


 

6
Online

9.8k
Users

6.0k
Topics

36.6k
Posts

Copyright © 1998-2018 ConeXware, Inc.
All rights reserved. Privacy Policy