What encryption scheme is used for the password protection feature of 7-zip?
From the 7-Zip Help, topic "7z Format":
7-Zip also supports encryption with AES-256 algorithm. This algorithm uses cipher key with length of 256 bits. To create that key 7-Zip uses derivation function based on SHA-256 hash algorithm. A key derivation function produces a derived key from text password defined by user. For increasing the cost of exhaustive search for passwords 7-Zip uses big number of iterations to produce cipher key from text password.
The current AES algorithm is Rijandel, and that's what 7-Zip uses, as far as I know.
Thanks Ares. I did see the same documentation soon after I posted my question. One thing that stirs some concern for me is the term 'also supports encryption with AES-256'. I guess that leads me to believe this is a configurable item and I cannot see where the settings are for this piece. Is it enable by default?
AES-256 is part of the 7z format, and is the only algorithm used when you encrypt to the 7z format. However, I do *not* think that the ZIP format uses AES-256.
I believe it uses standard ZIP-encryption with ZIP files, which is obvoiusly not very strong and easily broken. I encrypted some files with ZIP compression using both Winzip and 7-zip. When looking at the detailed archive information in Winzip, the Winzip AES encrypted archive mentioned that it had AES encryption, while the 7-zip zip-encrypted archive just said "Deflate; encrypted." When I made a standard ZIP-encrypted file with Winzip, it also only said the method was "Deflate; encrypted."
So, basically what I'm saying is that as long as you encrypt to the 7z format, you are using AES-256. If you use ZIP format, however, it will only do standard weak ZIP-encryption. Not to mention the 7z format allows you to encrypt the filenames, whereas the ZIP format does not. That alone clued me off to the ZIP format probably using standard ZIP-encryption instead of AES-256.
Hope that helps,
The zip format does offer encryption for filenames, see http://www.pkware.com/company/standards/appnote/. Unfortunately, as far as I know, only PKWare's pkzip supports it. Igor said, he might add it later http://sourceforge.net/forum/forum.php?thread_id=1180498&forum_id=45797
Oh sorry, I guess I wasn't specific enough. I meant *7-zip* doesn't support encryption for filenames, as of yet.