-
Update system issue
Tech Support3 -
Missing icons on PA Backup toolbar (file selection screen)
Tech Support1 -
Minimize/Expand Ribbon
Tech Support3 -
Burn Disk from .ISO
Tech Support2 -
Fast Ring: PowerArchiver 2021 20.00.56
Tech Support1 -
SOLVED Zipping up with folders but without root folder
Tech Support4 -
Fast Ring: PowerArchiver 2021 20.00.53
Tech Support17 -
PowerArchiver and PACL for macOS
Tech Support8 -
Fast Ring: PowerArchiver 2021 20.00.55
Tech Support10 -
SOLVED powerarchiver not able to compress / decompress files with long file names
Tech Support8 -
License Code Not Working / Missing
Tech Support2 -
Upgrade for 2019 users?
Tech Support3 -
UNSOLVED Resize: Frames overlap
Tech Support4 -
SOLVED TYPO: Gesture
Tech Support3 -
UNSOLVED GUI: Center the buttons
Tech Support2 -
UNSOLVED label56
Tech Support9 -
SOLVED GUI Alignment
Tech Support3 -
Preview of pdf files
Tech Support5 -
I would like to test this for the Mac
Tech Support2 -
Preview doesn't support Unicode
Tech Support4
Security
-
Good day,
I just stumbled across this story about the use of brute force techniques to crack passwords.
What hash algorithm do the encrypted forms of zip, 7z, and Rar use? Knowing this may make helps users decide which format is most secure.
I gather, too, that you intentionally slow down the unencryption of PAE2 files to avoid brute force attacks. Correct?
Having some of this info can guide future decisions about which file types to use for delicate data.
-
yes, both pae and pae2 are much slower to brute-force due to design… i know sometimes people complain having to wait for whole archive to be decrypted before “wrong password” is shown but it works well in this case.
Both 7zip and ZIP AES encryption use sha256 hashes. Together with proper length not dictionary based passwords, it is still extremely hard/slow to brute force.
Of course, lets put this straight - article talks about linkedin using sha1 but of course as article mentions, this is completely unusable against real world online services where it is not possible to guess password more than few times, let alone 100 billion times per second.
-
PAE2 also use a sha256 hash?
-
pae/pae2 require full decryption of the file first, so basically they use aes 256bit. they can not quickly check hash to see if guessed password is correct.
