Recent Topics
-
Unsolved line spacing in file list on hires screen
Tech Support2 -
Unsolved Can not extract iTunes installer
Tech Support4 -
Unsolved %APPNAME% should not contain the version
Translations10 -
Unsolved PowerArchiver 18.01.04 / Shell Extension in PowerArchiver
Tech Support1 -
Solved Language Issues (Dutch)
Tech Support21 -
Unsolved Dark skin, button not transparent.
Tech Support3 -
Fast Ring: PowerArchiver 2018 18.01.04
Tech Support7 -
Unsolved french text does not fit in add window and few other translation issues
Tech Support7 -
Solved Shell extension: option to move the Compress With Options into the submenu
Tech Support6 -
Solved GUI: Buttons not aligned
Tech Support6 -
Solved [BUG] UAC support broken in PowerArchiver 2018
Tech Support18 -
Solved Not prompting for Password
Tech Support11 -
Solved auto open first level in folder treeview when archive is opened
Wishlist7 -
Solved Command Line Switch for View Mode
Wishlist12
Security
-
Good day,
I just stumbled across this story about the use of brute force techniques to crack passwords.
What hash algorithm do the encrypted forms of zip, 7z, and Rar use? Knowing this may make helps users decide which format is most secure.
I gather, too, that you intentionally slow down the unencryption of PAE2 files to avoid brute force attacks. Correct?
Having some of this info can guide future decisions about which file types to use for delicate data.
-
yes, both pae and pae2 are much slower to brute-force due to design… i know sometimes people complain having to wait for whole archive to be decrypted before “wrong password” is shown but it works well in this case.
Both 7zip and ZIP AES encryption use sha256 hashes. Together with proper length not dictionary based passwords, it is still extremely hard/slow to brute force.
Of course, lets put this straight - article talks about linkedin using sha1 but of course as article mentions, this is completely unusable against real world online services where it is not possible to guess password more than few times, let alone 100 billion times per second.
-
PAE2 also use a sha256 hash?
-
pae/pae2 require full decryption of the file first, so basically they use aes 256bit. they can not quickly check hash to see if guessed password is correct.
