Recent Topics
-
UNSOLVED PA 19.00.57 crashes Firefox 69.0.1 in module pashlext64.dll | UserCallWinProcCheckWow
Tech Support18 -
UNSOLVED PA 19.00.57 - Drawing issue on file type collumn
Tech Support1 -
UNSOLVED PA standard 2019 can not create PA-archives
Tech Support1 -
UNSOLVED ZIPX-jpeg-compression
Tech Support1 -
UNSOLVED Include all PowerArchive Toolbox features in the offline installer
Tech Support3 -
SOLVED Find file in archive.
Wishlist7 -
UNSOLVED The PACL does not extract files from the self-extracting archive
Tech Support2 -
UNSOLVED PA 2019 explorer preview window always blank
Tech Support3 -
UNSOLVED Encrypt files inside archive that has already been created [.zipx]
Wishlist5 -
UNSOLVED PA 19.00.51 / Access Violation
Tech Support12 -
UNSOLVED PA 19.00.57 (and earlier) Duplicate files possible in .pa archive in some cases.
Tech Support3 -
Fast Ring: PowerArchiver 2019 19.00.51/54/57
Tech Support6 -
UNSOLVED GUI: In need of a complete overhaul
Tech Support3 -
UNSOLVED GUI: move label
Tech Support3 -
UNSOLVED GUI: too much frames
Tech Support2 -
UNSOLVED PowerArchiver shell extensions possibly crashing windows explorer.exe
Tech Support10 -
SOLVED PA 19.00.51 - bug / unwanted code execution
Tech Support8 -
SOLVED Strange file size seen in 2019 portable
Tech Support5 -
SOLVED Fast Extract large files directly to target directory
Wishlist4
Security
-
Good day,
I just stumbled across this story about the use of brute force techniques to crack passwords.
What hash algorithm do the encrypted forms of zip, 7z, and Rar use? Knowing this may make helps users decide which format is most secure.
I gather, too, that you intentionally slow down the unencryption of PAE2 files to avoid brute force attacks. Correct?
Having some of this info can guide future decisions about which file types to use for delicate data.
-
yes, both pae and pae2 are much slower to brute-force due to design… i know sometimes people complain having to wait for whole archive to be decrypted before “wrong password” is shown but it works well in this case.
Both 7zip and ZIP AES encryption use sha256 hashes. Together with proper length not dictionary based passwords, it is still extremely hard/slow to brute force.
Of course, lets put this straight - article talks about linkedin using sha1 but of course as article mentions, this is completely unusable against real world online services where it is not possible to guess password more than few times, let alone 100 billion times per second.
-
PAE2 also use a sha256 hash?
-
pae/pae2 require full decryption of the file first, so basically they use aes 256bit. they can not quickly check hash to see if guessed password is correct.
