PA 21.00.18 running on Windows 7 64 bit.
I made a big .PA file and thought I’d check it was made correctly with Menu / Actions / Test.
Discovered:
a) PA always issues a UAC prompt to do this!
b) PA always says there are many errors in PA files.
WinRAR 5 has a rather useful option in some cases, which is to be able to create an archive by replacing identical files with a reference to the first occurrence (hardlink) within the archive.
In case you choose to convert the file with PowerArchiver to another format, however, the resulting archive does not have all the files. It does not consider those that were present as hardlinks.
If you do a normal extraction of the RAR archive instead, even with PowerArchivier, all the files are extracted correctly.
When adding to a file archive, and selecting for example PA format, strong optimization method, extreme compression. In the Advanced Options section you change to Automatic, EXE Filter and PDF filter . You return to the main section and save the Profile. When you then reload the profile you do not have the Automatic options of EXE Filter and PDF saved there.
I noticed that instead if you change other options they are saved correctly (except for the Filter box values).
Also among the various changes to the advanced options you click the “Calculate RAM usage” button the value seems to be added to the previous one. You can see it for example just by clicking the button twice in a row, the value changes. Edit: actually after many attempts now it seems to write a stable value (it does not change with each click). Maybe a synchronization problem in the calculation?
Used PowerArchivier 2023 but there is the same behavior with the 2022
Security
-
Good day,
I just stumbled across this story about the use of brute force techniques to crack passwords.
What hash algorithm do the encrypted forms of zip, 7z, and Rar use? Knowing this may make helps users decide which format is most secure.
I gather, too, that you intentionally slow down the unencryption of PAE2 files to avoid brute force attacks. Correct?
Having some of this info can guide future decisions about which file types to use for delicate data.
-
yes, both pae and pae2 are much slower to brute-force due to design… i know sometimes people complain having to wait for whole archive to be decrypted before “wrong password” is shown but it works well in this case.
Both 7zip and ZIP AES encryption use sha256 hashes. Together with proper length not dictionary based passwords, it is still extremely hard/slow to brute force.
Of course, lets put this straight - article talks about linkedin using sha1 but of course as article mentions, this is completely unusable against real world online services where it is not possible to guess password more than few times, let alone 100 billion times per second.
-
PAE2 also use a sha256 hash?
-
pae/pae2 require full decryption of the file first, so basically they use aes 256bit. they can not quickly check hash to see if guessed password is correct.
