Recent Topics
-
UNSOLVED Serpent-256 Encryption for PAE/PAE2
Wishlist2 -
UNSOLVED PA 19.00.51 / Access Violation
Tech Support5 -
UNSOLVED Some buttons in "Modern Look" are too small
Translations3 -
Fast Ring: PowerArchiver 2019 19.00.51
Tech Support2 -
Fast Ring: PowerArchiver 2019 19.00.30/31/32/33/39/40/41/43/44/46/47/48/49
Tech Support23 -
UNSOLVED Searching for the specific Regkeys needed to default new installations in Modern Windows 10 not dark view
Tech Support2 -
UNSOLVED E-Mail problem
Tech Support7 -
UNSOLVED Some Strings in PowerArchiver 2019 are not translatable
Translations3 -
UNSOLVED Strange file size seen in 2019 portable
Tech Support4 -
UNSOLVED Missing or ugly SFX-Icon
Tech Support5 -
UNSOLVED PA 2016-19 freezing when unpacking 4GB+ files
Tech Support7 -
UNSOLVED PA 19.00.43...47 stops me moving .tar.xz, .tar.gz, .7z and .iso files.
Tech Support18 -
UNSOLVED Bug report
Tech Support (Bugs, Crashes)7 -
UNSOLVED Resize: Frames overlap
Tech Support2 -
UNSOLVED Typo: SmartiAI
Tech Support2 -
UNSOLVED GUI: Center the buttons
Tech Support1 -
UNSOLVED TYPO: Gesture
Tech Support2 -
UNSOLVED Shell extension detects executable as archive, but does nothing
Tech Support3 -
UNSOLVED PA 19.00.47 spurious messsage when extracting particular .pa file.
Tech Support12
WinZIP AES AE-2 Encryption Vulnerability Found! PowerArchiver may be vulnerable!
-
WinZIP AES AE-2 Encryption Vulnerability Found! PowerArchiver may be vulnerable!
A vulnerability has been found in the WinZIP AES AE-2 Encryption Method to encrypt and protect ZIP files.
From the documentation I have read about PowerArchiver, PowerArchiver has implemented the same AES AE-2 Encryption Method that WinZIP uses to encrypt ZIP files to maintain compatability between the two programs. Based upon that statement, there is a good chance that PowerArchiver’s ZIP AES AE-2 Encryption Method is also vulnerable.
For more information, please see the link below.
http://eprint.iacr.org/2004/078/
-
Actually PowerArchiver only reads AE-2, does not create it.
PowerArchiver creates and reads PkWare’s AES encryption and is more secure than WinZips AE-2 encryption, although separate from few WinZip’s inherited issues - problems outlined in that paper are problematic in a sense that a. people will not manage their data securly, b. way compression formats work in general.
Based on my experience, most people are by far more vunerable due to the passwords they use to encrypt their data, which are in 99% cases extremly vunerable to dictionary based attacks and almost never randomized nor is ever correct password key lenght used which makes using 256 bit AES encryption unsecure.
thanks,
-
I have to use WinZip at work; I hate it! I never liked WinZip and I never will! With all the other programs to choose from, WinZip should NOT be so popular! I don’t know why it is! Here’s just another example as to why it shouldn’t be!
On this subject, if AES (Rijndael) was compromised, PowerArchiver shines because it has other encryption options to choose from. All encryption programs should be this robust; there should ALWAYS be other options to choose from in case one algorithm is cracked! It has happened (DES-56 bit) and will definitely happen again (Rijndael (AES)-128 bit will definitely be cracked in our lifetime).
Which brings up a problem with the PowerArchiver documentation… it states:
“PowerArchiver has 5 different methods of encryption available with Rijndael - AES (default) being the most secure.”
Rijndael is NOT the most secure of the 5 offered. Just because it was chosen as the AES doesn’t mean it’s the absolute best; there were a number of factors in the consideration. After doing some research, of the 5 offered I’d choose Blowfish. If Twofish were offered I’d probably choose that over Blowfish. (Twofish was an AES finalist.) Wish List… Wish List: add Twofish encryption.
In my honest opinion, of the 5 that PowerArchiver offers, only 3 are viable: Blowfish and the 2 Rijndael offerings. But all are significantly better than the previous PKZIP attempt at encryption.
As the Administrator has stated, the password is definitely the weakest link in all of the encryption methods!!!
-
Just to mention it - AES was not compromised, article talks about how attacker can find connection and might be able to compromise data based on someone sending the file via email, someone else recovering it and knowing something about data from zip header info, which is unencryped. It is all by very, very, very long shot and more deals in absolute security. It very much deals with how compression utilities have always worked.
In that sense, PAE is more secure since nobody knows anything about data encrypted.
Nevertheless, compared to standard zip 2.04g encryption, all these techniques seem as space age technology.
If you are really concerned about security, this would be my priority:
1. chosing coorect, randomized, long password (minimum of 10 characters)
2. securing your own computer against both external and on the site attacks by encrypting important data at all times.In any case, thanks for liking PA!
All everyone should keep in mind that not all data needs to be encrypted, we get few emails per week from people that forgot their PAE passwords for important working material that probably should not have been encrypted at all, such us mid-term papers, etc, etc. :-).
