Password Option: Encrypt Headers
A free file archiver for extremely high compression
Brought to you by:
ipavlov
Menu
▾
▴
#1570 Password Option: Encrypt Headers
open
nobody
6
2022-08-01
2022-07-06
No
The option to encrypt filenames is very useful, but it is still easy to identify a 7z file and know that it is password-protected. I propose adding an option to encrypt the entire file, so that the contents of the 7z file appears to be 100% random data. The only remaining clue that it is a 7z file will be the file extension and context, which users can easily change at their discretion.
Rationale:
I discovered today that Google is blocking all passworded archives from its Gmail service. I tested it and did not find an easy way to defeat it. This is a clear-cut case of advancing tyranny under the pretense of safety, and I think the maintainers of 7-Zip are in a position to do something about it. This will also be useful for similar situations and for secrecy in general.
Challenges:
1. The first bytes of the encrypted data could happen to match the magic number of some other format, and I believe 7-Zip also attempts to scan unknown files for readable sub-sections. 7-Zip could automatically check whether the entire file is well-formed before deciding whether or not to display the password prompt, or it could provide a button on the password prompt to attempt to read as an unencrypted file.
2. Some users will expect "Open in 7-Zip" to do the right thing even if the extension is wrong. It should be enough to show a password prompt along with the "unknown format" error message. Later it might be helpful to add a button to reinterpret strange files as an encrypted 7z.
Other thoughts:
Maybe it is better or easier to add a general "Encrypted" file format to the list of container formats and make the "encrypt headers" option a shortcut to wrapping an unencrypted 7z file with this format. If so, this format could eventually expose cipher and KDF options.
Thank you.
Today i tried both sending and receiving an encrypted 7-zip archive as attachment using Gmail. Everything was normal, except the warning prompt by Gmail about how encrypted attachments can be dangerous.