Password protection does not work

2012-07-29
2016-08-05
  • drDubbelklick

    drDubbelklick - 2012-07-29

    If I right-click a folder and select 7-zip/Add to archive…, the main dialogue appears, allowing you to set a password with a choice of AES256 and some proprietary algoritm.

    The problem is that the password does not work!

    I can even use the Windows File Explorer to expand the archive without any warnings or error messages appearing.

     
  • Shell

    Shell - 2012-07-29

    I tried to create a password-protected ZIP archive and it worked. Please tell what you are doing and what options you are selecting step-by-step. Also, please check whether Explorer expands the archive correctly - maybe it does not recognize the password protection and extracts garbage instead of files.

     
  • drDubbelklick

    drDubbelklick - 2012-07-29

    I tested further on and found out that all individual files were encrypted by the password, but the entire directory structure, including the file names are still visible from the Windows Explorer.
    I think that it is a security breach to be able to browse the archive to see the file names, even if individual files cannot be opened.
    WinZip, on the other hand, first prompts you for the password, then opens the archive, so that none of its contents is visible until you provide the correct password.
    I believe this to be a slight bug in 7-zip.
    I use 7-zip almost everyday, and have found to be the best compression utility, so otherwise I'm very satisfied with it.

     
  • Shell

    Shell - 2012-07-29

    I think this is is a flaw not in 7-Zip, but in the ZIP format itself. Try creating a password-protected archive in WinZIP and then open it with Explorer, 7-Zip, WinRAR or something else. Would the directory structure be visible in that case?

    By the way, when you create a 7z archive, a checkbox "Encrypt file names" appears under the password box. If it is not present for a ZIP archive, then it is probably impossible to protect file names in it.

     
  • drDubbelklick

    drDubbelklick - 2012-07-29

    Unfortunately, I do not have WinZip to compare to, but I have received encrypted WinZip files before. Windows then said that the file was encrypted and prompted me for a password.
    Can we test this by having someone who has access to "the real WinZip" to compress a random directory with files in it, and set the encryption key to the digit one (1), then sending it to me at drdubbelklick ( a t ) gmail (d o t) com?

    Besides, encrypting the archive with the 7zip format demands the recipient to also have 7zip, which is not the case with ordinary zip files, which Windows handle natively.

     
  • Shell

    Shell - 2012-07-29

    From WinZIP's help:

    Encryption applies only to the contents of files stored within a Zip file. Information about an encrypted file, such as its name, date, size, attributes, CRC, and compression ratio, is stored in unencrypted form in the Zip file's directory and can be viewed, without a password, by anyone who has access to the Zip file.

    I tried WinZIP 16.5 Pro, it really does not encrypt file names. So if you want to secure file names, I suggest you to create an archive without encryption, and then encrypt this single archive into another archive (without compression now).

     
  • drDubbelklick

    drDubbelklick - 2012-07-29

    Thank you u_shell. That was a very good idea. I tried to send a software package to a colleague of mine, who is also a software developer, and the mail was rejected, since gmail inspects the archive, and files with a certain extension (vb in my case) are not allowed to be sent.
    I'll go for that idea,

    Thanks!

     
  • fernando

    fernando - 2012-07-29

    Gmail will REJECT a ZIP archive stored within a ZIP archive
    Gmail will currently ACCEPT any 7-Zip archive.

     
  • drDubbelklick

    drDubbelklick - 2012-07-29

    So, I have to rename the inner zip archive to something else, like donald_duck.txt?

     
  • drDubbelklick

    drDubbelklick - 2012-07-29

    According to gmail,

    "ade", "adp", "bat", "chm", "cmd", "com", "cpl", "exe",
    "hta", "ins", "isp", "jse", "lib", "mde", "msc", "msp",
    "mst", "pif", "scr", "sct", "shb", "sys", "vb", "vbe",
    "vbs", "vxd", "wsc", "wsf", "wsh"

    Gmail won't accept these types of files even if they are sent in a zipped (.zip, .tar, .tgz, .taz, .z, .gz, .rar) format.

    In my case, it was an encrypted zip file inside a regular zip file, and according to the above information, the mail should not have bounced, which I just saw it did.

     
  • fernando

    fernando - 2012-07-29

    Who knew an encrypted zip file is not considered of zip format?

    I suspect your developer partner is capable of dropping the 7za executable in PATH and performing
    7za x archive.7z -pPresharedPassword

     
  • drDubbelklick

    drDubbelklick - 2012-07-29

    Yes, he is. I am thinking more of a general scenario, where the recipient is not as skilled with computers as he and I, and does not have 7-zip installed.

    I gave it another try, and renamed an unencrypted zip to donald_duck.txt and sent it to him 22:40 (GMT+1), and it has not bounced yet. My previous attempts bounced within minutes.

    Let's see how intelligent gmail really is about detecting what is really being attached…

     
  • Anonymous - 2012-10-19

    @drdubbleklick: You say you're investigating the scenario where the recipient does not have 7-zip installed. Are you able to create a password protected zip file using 7-zip which you can extract using the built-in Windows zip file support? I at least cannot get this to work - Windows won't extract the exncrpted file(s) from the archive and won't prompt for the password either. I can only extract the file from the zip using 7-zip.

    Did you find a solution to this problem?

     
  • Emily MCGill

    Emily MCGill - 2016-08-04

    @Drdubbleklick: Wow this thread is old, but I'm having the same trouble in 2016. Details:

    Goal - Creating a password protected .zip folder
    7-zip Archive pane selections - .zip file format, AES-256 encryption, password input
    Result - a supposedly encrypted zip folder, that acts in Win7 like it's not a zip folder nor encrypted

    It's a dead easy process to encrypt so I'm positive I'm not making an error in the archive pane. I'm following exactly how it's described here: http://www.medicalnerds.com/how-to-encrypt-zip-files-securely-using-7zip/

    When I have my resulting .zip folder/file, I can open it easily with windows explorer, I don't even have to extract, and there is no request to enter a password although I set one when archiving.

    Is this a bug??

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks