It has been suggested at Oracle that the zip man page should warn about weak encryption when using the --encrypt option and it should recommend a more secure solution.
Beta Zip 3.1d is about to be released and includes AES strong encryption in addition to the admittedly weak original zip encryption. The man page has been updated to note that use of the original traditional zip encryption is no longer recommended because it is relatively weak.
We haven't considered having Zip put out a warning when the user selects traditional encryption, assuming the user understands the choice being made and has read the manual or the extended help that notes the weakness. No other major zip does that as far as we know. A user really should take the time to understand the strength of the encryption used before relying on it.
Zip 3.1d is expected to be a release candidate and should go out in a week or two. We expect the release to follow in a few weeks.
Regards,
Ed Gordon
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
<style type="text/css"><!-- DIV {margin:0px;} --></style>
Hi Jan,
Beta Zip 3.1d is about to be released and includes AES strong encryption in addition to the admittedly weak original zip encryption. The man page has been updated to note that use of the original traditional zip encryption is no longer recommended because it is relatively weak.
We haven't considered having Zip put out a warning when the user selects traditional encryption, assuming the user understands the choice being made and has read the manual or the extended help that notes the weakness. No other major zip does that as far as we know. A user really should take the time to understand the strength of the encryption used before relying on it.
Zip 3.1d is expected to be a release candidate and should go out in a week or two. We expect the release to follow in a few weeks.
Regards, Ed Gordon
-----Original Message-----
From: Jan Noha <nohajan@users.sf.net>
Sent: Sep 19, 2014 7:41 AM
To: Ticket 22 <22@patches.infozip.p.re.sf.net>
Subject: [infozip:patches] #22 Weak encryption warning
Status: open Group: Unstable (example) Created: Fri Sep 19, 2014 11:41 AM UTC by Jan Noha Last Updated: Fri Sep 19, 2014 11:41 AM UTC Owner: nobody
It has been suggested at Oracle that the zip man page should warn about weak encryption when using the --encrypt option and it should recommend a more secure solution.
Hi Jan,
Beta Zip 3.1d is about to be released and includes AES strong encryption in addition to the admittedly weak original zip encryption. The man page has been updated to note that use of the original traditional zip encryption is no longer recommended because it is relatively weak.
We haven't considered having Zip put out a warning when the user selects traditional encryption, assuming the user understands the choice being made and has read the manual or the extended help that notes the weakness. No other major zip does that as far as we know. A user really should take the time to understand the strength of the encryption used before relying on it.
Zip 3.1d is expected to be a release candidate and should go out in a week or two. We expect the release to follow in a few weeks.
Regards,
Ed Gordon
Thank you for the information. I believe this ticket can be closed now.
Jan Noha
Beta Zip 3.1d is about to be released and includes AES strong encryption in addition to the admittedly weak
original zip encryption. The man page has been updated to note that use of the original traditional zip
encryption is no longer recommended because it is relatively weak.
We haven't considered having Zip put out a warning when the user selects traditional encryption, assuming
the user understands the choice being made and has read the manual or the extended help that notes
the weakness. No other major zip does that as far as we know. A user really should take the time to
understand the strength of the encryption used before relying on it.
Zip 3.1d is expected to be a release candidate and should go out in a week or two. We expect the
release to follow in a few weeks.
Regards,
Ed Gordon
Related
Patches:
#22Change applied to upcoming beta.