Recent Topics
-
UNSOLVED PA 19.00.43..47 stops me moving .tar.xz, .tar.gz, .7z and .iso files.
Tech Support7 -
UNSOLVED It's impossible to keep the "Use Deflate64 compression" option un-checked
Tech Support5 -
UNSOLVED E-Mail problem
Tech Support1 -
UNSOLVED PA 19.00.47 spurious messsage when extracting particular .pa file.
Tech Support6 -
SOLVED PA 2019 register type associations everytime.
Tech Support23 -
UNSOLVED Shell extension detects executable as archive, but does nothing
Tech Support2 -
UNSOLVED I found a solution to OneDrive problem
Tech Support3 -
UNSOLVED PA 19.00.43 Queue re-enabled every Windows reboot
Tech Support10 -
Fast Ring: PowerArchiver 2019 19.00.30/31/32/33/39/40/41/43/44/46
Tech Support17 -
UNSOLVED Message popping up.
Tech Support8 -
UNSOLVED PowerArchiver 2019 Cloud is one-stop application for multiple clouds
Tech Support2 -
UNSOLVED PA needs longer to close when mp3-file from archive is opened
Tech Support6 -
UNSOLVED Outdated SFX-Text & Design
Tech Support5 -
SOLVED Security vulnerability in UnAceV2.dll
Tech Support17 -
SOLVED Skins Page not displayed correctly
Tech Support3 -
SOLVED Running PA 2019.00.39 maximized in Win 10 Home
Tech Support6 -
UNSOLVED Ugly progress bar with old skins
Skins6 -
SOLVED FIPS
Tech Support13 -
UNSOLVED Smart AI: Preferences not intuitive
Tech Support10
Security
-
Good day,
I just stumbled across this story about the use of brute force techniques to crack passwords.
What hash algorithm do the encrypted forms of zip, 7z, and Rar use? Knowing this may make helps users decide which format is most secure.
I gather, too, that you intentionally slow down the unencryption of PAE2 files to avoid brute force attacks. Correct?
Having some of this info can guide future decisions about which file types to use for delicate data.
-
yes, both pae and pae2 are much slower to brute-force due to design… i know sometimes people complain having to wait for whole archive to be decrypted before “wrong password” is shown but it works well in this case.
Both 7zip and ZIP AES encryption use sha256 hashes. Together with proper length not dictionary based passwords, it is still extremely hard/slow to brute force.
Of course, lets put this straight - article talks about linkedin using sha1 but of course as article mentions, this is completely unusable against real world online services where it is not possible to guess password more than few times, let alone 100 billion times per second.
-
PAE2 also use a sha256 hash?
-
pae/pae2 require full decryption of the file first, so basically they use aes 256bit. they can not quickly check hash to see if guessed password is correct.
