Recent Topics
-
UNSOLVED It's impossible to keep the "Use Deflate64 compression" option un-checked
Tech Support4 -
UNSOLVED E-Mail problem
Tech Support1 -
UNSOLVED PA 19.00.47 spurious messsage when extracting particular .pa file.
Tech Support6 -
SOLVED PA 2019 register type associations everytime.
Tech Support23 -
UNSOLVED Shell extension detects executable as archive, but does nothing
Tech Support2 -
UNSOLVED I found a solution to OneDrive problem
Tech Support3 -
UNSOLVED PA 19.00.43 Queue re-enabled every Windows reboot
Tech Support10 -
Fast Ring: PowerArchiver 2019 19.00.30/31/32/33/39/40/41/43/44/46
Tech Support17 -
UNSOLVED Message popping up.
Tech Support8 -
UNSOLVED PowerArchiver 2019 Cloud is one-stop application for multiple clouds
Tech Support2 -
UNSOLVED PA 19.00.43 stops me moving .tar.xz, .tar.gz and .7z files.
Tech Support5 -
UNSOLVED PA needs longer to close when mp3-file from archive is opened
Tech Support6 -
UNSOLVED Outdated SFX-Text & Design
Tech Support5 -
SOLVED Security vulnerability in UnAceV2.dll
Tech Support17 -
SOLVED Skins Page not displayed correctly
Tech Support3 -
SOLVED Running PA 2019.00.39 maximized in Win 10 Home
Tech Support6 -
UNSOLVED Ugly progress bar with old skins
Skins6 -
SOLVED FIPS
Tech Support13 -
UNSOLVED Smart AI: Preferences not intuitive
Tech Support10
WinZIP AES AE-2 Encryption Vulnerability Found! PowerArchiver may be vulnerable!
-
WinZIP AES AE-2 Encryption Vulnerability Found! PowerArchiver may be vulnerable!
A vulnerability has been found in the WinZIP AES AE-2 Encryption Method to encrypt and protect ZIP files.
From the documentation I have read about PowerArchiver, PowerArchiver has implemented the same AES AE-2 Encryption Method that WinZIP uses to encrypt ZIP files to maintain compatability between the two programs. Based upon that statement, there is a good chance that PowerArchiver’s ZIP AES AE-2 Encryption Method is also vulnerable.
For more information, please see the link below.
http://eprint.iacr.org/2004/078/
-
Actually PowerArchiver only reads AE-2, does not create it.
PowerArchiver creates and reads PkWare’s AES encryption and is more secure than WinZips AE-2 encryption, although separate from few WinZip’s inherited issues - problems outlined in that paper are problematic in a sense that a. people will not manage their data securly, b. way compression formats work in general.
Based on my experience, most people are by far more vunerable due to the passwords they use to encrypt their data, which are in 99% cases extremly vunerable to dictionary based attacks and almost never randomized nor is ever correct password key lenght used which makes using 256 bit AES encryption unsecure.
thanks,
-
I have to use WinZip at work; I hate it! I never liked WinZip and I never will! With all the other programs to choose from, WinZip should NOT be so popular! I don’t know why it is! Here’s just another example as to why it shouldn’t be!
On this subject, if AES (Rijndael) was compromised, PowerArchiver shines because it has other encryption options to choose from. All encryption programs should be this robust; there should ALWAYS be other options to choose from in case one algorithm is cracked! It has happened (DES-56 bit) and will definitely happen again (Rijndael (AES)-128 bit will definitely be cracked in our lifetime).
Which brings up a problem with the PowerArchiver documentation… it states:
“PowerArchiver has 5 different methods of encryption available with Rijndael - AES (default) being the most secure.”
Rijndael is NOT the most secure of the 5 offered. Just because it was chosen as the AES doesn’t mean it’s the absolute best; there were a number of factors in the consideration. After doing some research, of the 5 offered I’d choose Blowfish. If Twofish were offered I’d probably choose that over Blowfish. (Twofish was an AES finalist.) Wish List… Wish List: add Twofish encryption.
In my honest opinion, of the 5 that PowerArchiver offers, only 3 are viable: Blowfish and the 2 Rijndael offerings. But all are significantly better than the previous PKZIP attempt at encryption.
As the Administrator has stated, the password is definitely the weakest link in all of the encryption methods!!!
-
Just to mention it - AES was not compromised, article talks about how attacker can find connection and might be able to compromise data based on someone sending the file via email, someone else recovering it and knowing something about data from zip header info, which is unencryped. It is all by very, very, very long shot and more deals in absolute security. It very much deals with how compression utilities have always worked.
In that sense, PAE is more secure since nobody knows anything about data encrypted.
Nevertheless, compared to standard zip 2.04g encryption, all these techniques seem as space age technology.
If you are really concerned about security, this would be my priority:
1. chosing coorect, randomized, long password (minimum of 10 characters)
2. securing your own computer against both external and on the site attacks by encrypting important data at all times.In any case, thanks for liking PA!
All everyone should keep in mind that not all data needs to be encrypted, we get few emails per week from people that forgot their PAE passwords for important working material that probably should not have been encrypted at all, such us mid-term papers, etc, etc. :-).
