Recent Topics
-
UNSOLVED Moving Files in to a 7Zip archive
Tech Support1 -
SOLVED Serpent-256 Encryption for PAE/PAE2
Wishlist5 -
UNSOLVED hang when using the Test function with 7z archives
Tech Support4 -
UNSOLVED PA 19.00.51 / Access Violation
Tech Support5 -
UNSOLVED Some buttons in "Modern Look" are too small
Translations3 -
Fast Ring: PowerArchiver 2019 19.00.51
Tech Support2 -
Fast Ring: PowerArchiver 2019 19.00.30/31/32/33/39/40/41/43/44/46/47/48/49
Tech Support23 -
UNSOLVED Searching for the specific Regkeys needed to default new installations in Modern Windows 10 not dark view
Tech Support2 -
UNSOLVED E-Mail problem
Tech Support7 -
UNSOLVED Some Strings in PowerArchiver 2019 are not translatable
Translations3 -
UNSOLVED Strange file size seen in 2019 portable
Tech Support4 -
UNSOLVED Missing or ugly SFX-Icon
Tech Support5 -
UNSOLVED PA 2016-19 freezing when unpacking 4GB+ files
Tech Support7 -
UNSOLVED PA 19.00.43...47 stops me moving .tar.xz, .tar.gz, .7z and .iso files.
Tech Support18 -
UNSOLVED Bug report
Tech Support (Bugs, Crashes)7 -
UNSOLVED Resize: Frames overlap
Tech Support2 -
UNSOLVED Typo: SmartiAI
Tech Support2 -
UNSOLVED GUI: Center the buttons
Tech Support1 -
UNSOLVED TYPO: Gesture
Tech Support2
Security
-
Good day,
I just stumbled across this story about the use of brute force techniques to crack passwords.
What hash algorithm do the encrypted forms of zip, 7z, and Rar use? Knowing this may make helps users decide which format is most secure.
I gather, too, that you intentionally slow down the unencryption of PAE2 files to avoid brute force attacks. Correct?
Having some of this info can guide future decisions about which file types to use for delicate data.
-
yes, both pae and pae2 are much slower to brute-force due to design… i know sometimes people complain having to wait for whole archive to be decrypted before “wrong password” is shown but it works well in this case.
Both 7zip and ZIP AES encryption use sha256 hashes. Together with proper length not dictionary based passwords, it is still extremely hard/slow to brute force.
Of course, lets put this straight - article talks about linkedin using sha1 but of course as article mentions, this is completely unusable against real world online services where it is not possible to guess password more than few times, let alone 100 billion times per second.
-
PAE2 also use a sha256 hash?
-
pae/pae2 require full decryption of the file first, so basically they use aes 256bit. they can not quickly check hash to see if guessed password is correct.
