-
Fast Ring: PowerArchiver 2021 20.00.53
Tech Support4 -
Someone using your name to sell their own product
Tech Support3 -
Extract to /example - BUG
Tech Support5 -
Patchbeam updates not finding new previews
Tech Support3 -
PA 20.00.47 bug extracting ZIP file.
Tech Support3 -
PowerArchiver 2021 20.00.32/44/45
Tech Support4 -
Unknown Files
Tech Support3 -
SOLVED encryption bug
Tech Support3 -
SOLVED File will not extract, takes forever to finish.
Tech Support12 -
PowerArchiver and PACL for macOS
Tech Support5 -
UNSOLVED [Bug / Feature Request] Integrate offline Virtual Drive into the PowerArchiver installer
Tech Support3 -
UNSOLVED extracting issue
Tech Support7 -
SOLVED No Updates Shown
Tech Support5 -
SOLVED PowerArchiver resend codes doesn't work
Tech Support6 -
UNSOLVED File Browser: Operations don't trigger UAC
Tech Support7 -
Fast Ring: PowerArchiver 2019 19.00.51/54/57/58/59
Tech Support24 -
SOLVED Problem: Backspace navigation in Explorer mode
Tech Support3 -
UNSOLVED Smart AI: Preferences not intuitive
Tech Support13 -
UNSOLVED PA 20.00.02 not executing .exe files from archive
Tech Support10 -
UNSOLVED Minor UI question
Tech Support7
Security
-
Good day,
I just stumbled across this story about the use of brute force techniques to crack passwords.
What hash algorithm do the encrypted forms of zip, 7z, and Rar use? Knowing this may make helps users decide which format is most secure.
I gather, too, that you intentionally slow down the unencryption of PAE2 files to avoid brute force attacks. Correct?
Having some of this info can guide future decisions about which file types to use for delicate data.
-
yes, both pae and pae2 are much slower to brute-force due to design… i know sometimes people complain having to wait for whole archive to be decrypted before “wrong password” is shown but it works well in this case.
Both 7zip and ZIP AES encryption use sha256 hashes. Together with proper length not dictionary based passwords, it is still extremely hard/slow to brute force.
Of course, lets put this straight - article talks about linkedin using sha1 but of course as article mentions, this is completely unusable against real world online services where it is not possible to guess password more than few times, let alone 100 billion times per second.
-
PAE2 also use a sha256 hash?
-
pae/pae2 require full decryption of the file first, so basically they use aes 256bit. they can not quickly check hash to see if guessed password is correct.
