Recent Topics
-
UNSOLVED PA 2016-19 freezing when unpacking 4GB+ files
Tech Support7 -
Fast Ring: PowerArchiver 2019 19.00.30/31/32/33/39/40/41/43/44/46/47/48/49
Tech Support22 -
UNSOLVED E-Mail problem
Tech Support5 -
UNSOLVED PA 19.00.43...47 stops me moving .tar.xz, .tar.gz, .7z and .iso files.
Tech Support18 -
UNSOLVED Bug report
Tech Support (Bugs, Crashes)7 -
UNSOLVED Resize: Frames overlap
Tech Support2 -
UNSOLVED Typo: SmartiAI
Tech Support2 -
UNSOLVED GUI: Center the buttons
Tech Support1 -
UNSOLVED TYPO: Gesture
Tech Support2 -
UNSOLVED Shell extension detects executable as archive, but does nothing
Tech Support3 -
UNSOLVED PA 19.00.47 spurious messsage when extracting particular .pa file.
Tech Support12 -
UNSOLVED 1st char to select file in list fails (a reprise)
Tech Support1 -
UNSOLVED The PACL does not extract files from the self-extracting archive
Tech Support1 -
UNSOLVED The file list is not updated
Tech Support3 -
UNSOLVED Extracting single files and other issues
Tech Support6 -
UNSOLVED PA 19.00.43 Queue re-enabled every Windows reboot
Tech Support12 -
UNSOLVED How can I deactivate this annoying shoutbox?
General Chat4 -
SOLVED PA 2019 register type associations everytime.
Tech Support26 -
UNSOLVED It's impossible to keep the "Use Deflate64 compression" option un-checked
Tech Support5
WinZIP AES AE-2 Encryption Vulnerability Found! PowerArchiver may be vulnerable!
-
WinZIP AES AE-2 Encryption Vulnerability Found! PowerArchiver may be vulnerable!
A vulnerability has been found in the WinZIP AES AE-2 Encryption Method to encrypt and protect ZIP files.
From the documentation I have read about PowerArchiver, PowerArchiver has implemented the same AES AE-2 Encryption Method that WinZIP uses to encrypt ZIP files to maintain compatability between the two programs. Based upon that statement, there is a good chance that PowerArchiver’s ZIP AES AE-2 Encryption Method is also vulnerable.
For more information, please see the link below.
http://eprint.iacr.org/2004/078/
-
Actually PowerArchiver only reads AE-2, does not create it.
PowerArchiver creates and reads PkWare’s AES encryption and is more secure than WinZips AE-2 encryption, although separate from few WinZip’s inherited issues - problems outlined in that paper are problematic in a sense that a. people will not manage their data securly, b. way compression formats work in general.
Based on my experience, most people are by far more vunerable due to the passwords they use to encrypt their data, which are in 99% cases extremly vunerable to dictionary based attacks and almost never randomized nor is ever correct password key lenght used which makes using 256 bit AES encryption unsecure.
thanks,
-
I have to use WinZip at work; I hate it! I never liked WinZip and I never will! With all the other programs to choose from, WinZip should NOT be so popular! I don’t know why it is! Here’s just another example as to why it shouldn’t be!
On this subject, if AES (Rijndael) was compromised, PowerArchiver shines because it has other encryption options to choose from. All encryption programs should be this robust; there should ALWAYS be other options to choose from in case one algorithm is cracked! It has happened (DES-56 bit) and will definitely happen again (Rijndael (AES)-128 bit will definitely be cracked in our lifetime).
Which brings up a problem with the PowerArchiver documentation… it states:
“PowerArchiver has 5 different methods of encryption available with Rijndael - AES (default) being the most secure.”
Rijndael is NOT the most secure of the 5 offered. Just because it was chosen as the AES doesn’t mean it’s the absolute best; there were a number of factors in the consideration. After doing some research, of the 5 offered I’d choose Blowfish. If Twofish were offered I’d probably choose that over Blowfish. (Twofish was an AES finalist.) Wish List… Wish List: add Twofish encryption.
In my honest opinion, of the 5 that PowerArchiver offers, only 3 are viable: Blowfish and the 2 Rijndael offerings. But all are significantly better than the previous PKZIP attempt at encryption.
As the Administrator has stated, the password is definitely the weakest link in all of the encryption methods!!!
-
Just to mention it - AES was not compromised, article talks about how attacker can find connection and might be able to compromise data based on someone sending the file via email, someone else recovering it and knowing something about data from zip header info, which is unencryped. It is all by very, very, very long shot and more deals in absolute security. It very much deals with how compression utilities have always worked.
In that sense, PAE is more secure since nobody knows anything about data encrypted.
Nevertheless, compared to standard zip 2.04g encryption, all these techniques seem as space age technology.
If you are really concerned about security, this would be my priority:
1. chosing coorect, randomized, long password (minimum of 10 characters)
2. securing your own computer against both external and on the site attacks by encrypting important data at all times.In any case, thanks for liking PA!
All everyone should keep in mind that not all data needs to be encrypted, we get few emails per week from people that forgot their PAE passwords for important working material that probably should not have been encrypted at all, such us mid-term papers, etc, etc. :-).
