Let's suppose that I share an illegal copy of a material on web which is in password protected zip file, can the owner send me a copyright notice or know what's inside the zip without knowing the password?
-
2Possible duplicate of [Are password-protected ZIP files secure?](https://security.stackexchange.com/questions/35818/are-password-protected-zip-files-secure) – Alexei May 31 '18 at 18:06
-
They can definitely try to crack it and succeed, but the question then might become about law: is it legal to crack o try to crack a password protected file to check if it contains something that breaks copyright? You might want to ask on law.stackexchange, if you don't I might do it myself because it seems interesting. – reed May 31 '18 at 18:27
-
1There was a criminal case involving an encrypted archive from F-Secure where all that was needed for a conviction was file names and sizes, no file contents. – forest Jun 01 '18 at 00:15
-
2**Yes, and trivially.** An attack from '94 has allowed decrypting ZipCrypto-encrypted files in minutes without knowledge of the password. – forest Jun 01 '18 at 14:46
3 Answers
Yes. Aside from the fact that the filenames are unencrypted, the contents of a password-protected Zip file can be recovered if it uses the old, insecure ZipCrypto cipher which uses the insecure, non-cryptographic CRC algorithm for data confidentiality. A research paper from 1994 showed that an attack against the underlying encryption can be done in several hours regardless of the strength of the password on a contemporary home PC. Nowadays, such an attack can be completed in seconds with free and publicly available tools. You must not rely on default, legacy Zip encryption.
The PKZip format supports three encryption methods. The first is the legacy, highly-insecure ZipCrypto. The second is AES-based encryption stored in the compression field in the metadata, and the third is AES-based encrypting using its own header format. The encryption specification is online. Using AES-based encryption rather than legacy encryption can result in incompatibilities, especially with older programs, but most modern, well-designed Zip programs can handle it.
In order to protect the contents of a Zip file, you should use strong encryption. Various tools such as WinZip and 7zip support an ad hoc AES-based format for Zip files which additionally encrypts the individual filenames and sizes within the compressed archive.
- 65,613
- 20
- 208
- 262
-
sorry, I found your answer while further researching my own question (https://security.stackexchange.com/questions/231757/recovery-of-files-from-a-zip-containing-a-directory-unencrypted-and-3-files-e) does this seem like a viable approach? – Dr.Avalanche May 16 '20 at 16:53
Potentially, yes.
Encrypted zip files protect the data reasonably well (perhaps the equivalent of a cheap lock) but leak meta-data about the files inside the zip. Like a cheap lock, an attacker with a small degree of training could still break the underlying encryption. The far easier scenario is the meta-data, which requires no cracking. That means the filenames, file dates, file lengths, and directory names of all the files inside the zip file are all stored in the clear. This is extremely trivial to find without the password, and can be done using the command line zip utility to list the contents of the zip file.
If the file names inside the zip file have names associated with copyrighted content, the copyright holder is going to assume the zip file contains copy-written content. Matching file sizes of the original files would only provide further evidence.
One way to protect against this is to simply zip up your files, and then zip-encrypt the resulting zip file again. The meta-data at the lower level should now be protected by the outer layer zip file. You'd still be vulnerable to the attacks above to decrypt the data since the encryption is still "cheap lock" equivalent.
- 21,530
- 8
- 50
- 76
-
-
2@dandavis Now that I think about it, I think you're right. There's no need to encrypt the inner zip. I'll change the answer. – Steve Sether May 31 '18 at 19:54
-
2Zip encryption (when using the default ZipCrypto rather than one of the two strong ad hoc implementations using AES) is _not_ reasonably good. In fact, it's really, really bad. – forest Jun 01 '18 at 00:14
-
@forest How bad is really really bad? Could I crack it with a high entropy password on my home PC in a month? – Steve Sether Jun 01 '18 at 13:58
-
1@SteveSether In a month? You could crack it in a [few hours](https://link.springer.com/content/pdf/10.1007%2F3-540-60590-8_12.pdf) on a 10+ year old home PC. It literally uses a non-cryptographic CRC to encrypt the files. – forest Jun 01 '18 at 14:02
-
The attack described in the paper requires 13 known plain text bytes. While that's a significant break, I still think it falls into the realm of "reasonably secure". It sounds like any idiot can't simply download a program and crack zip encryption within an hour. Based on the paper, the security sounds like maybe the equivalent of a cheap fire safe. The locks on my house are "reasonably secure", but I've no doubt that someone without much training and some determination could break into it. – Steve Sether Jun 01 '18 at 14:12
-
113 known plaintext bytes is trivial, to the point where any file will contain significantly more than that. Even a blank JPEG will contain that many known plaintext bytes. I would actually be surprised if you could show me a single Zip file that does _not_ contain that. Also it can require even less with more computing power (and it turns out it took a few hours on a '94 home PC so 20+ years old, not 10, so it should take a fraction of a second today). Given that a simple program could automate decryption for someone without any crypto knowledge, it's more like a sign saying "keep out". – forest Jun 01 '18 at 14:14
-
@forest If you can point me to a program that does this automatically, and "any motivated idiot" can use, I'll change the answer. "reasonably secure" isn't particularly well defined, and I still maintain it applies to house locks, which most everyone on the planet relies on to keep people out. – Steve Sether Jun 01 '18 at 14:17
-
1Cryptography and physical security are different. A lock is useful because it often requires being visibly broken to get in. But [here you go](http://www.securiteam.com/tools/5NP0C009PU.html). This is an old program that automates the decryption of Zip files using ZipCrypto. There are other tools out there that are even more automated. This one requires you give it a whole file of known plaintext (however small), but that is a limitation of the laziness of the programmer. I mean really, using a CRC for crypto is about the worst thing you could do. – forest Jun 01 '18 at 14:19
-
Also, you mention double-zipping. That alone provides enough known plaintext because the inner zip will have a header far larger than a few bytes! So your "only solution" actually makes it easier to crack. It's at the point where even an unmotivated idiot could do it as long as they know how to use Google, much less a motivated one. This crypto was broken in '94. It is still broken today. – forest Jun 01 '18 at 14:21
-
1Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/78307/discussion-between-steve-sether-and-forest). – Steve Sether Jun 01 '18 at 14:24
-
3DON'T DO THE "ONE WAY..." OPTION - zips are bad for security, just don't. – Jonathan Jun 01 '18 at 18:24
-
@Jonathan It depends on what you're trying to protect. It's the "cheap lock" equivalent. Cheap locks can be broken with paperclips, and sometimes even bic pens. The advantage of zip is that it's ubiquitous. It's true the security stinks, but if all you need is cheap lock protection, it's OK. – Steve Sether Jun 01 '18 at 18:44
-
@SteveSether - would have agreed with you a year ago. but now disagree because there are better solutions --- finally --- than encrypted zip. (send.firefox.com). – Jonathan Jun 01 '18 at 19:03
-
@Jonathan There have been online file transfer services for well over a decade. In fact, there have even been direct P2P web-based transfer services out there for quite a while. The real benefit of an encrypted, compressed archive is the ability to upload it to, say, an FTP site for distribution. In that case, Zip with AES encryption (e.g. using WinZip) is fine. Or even better, use 7zip with AES encryption since 7zip not only encrypts filenames, but uses the far superior LZMA compression algorithm. – forest Jun 02 '18 at 20:48
Yes. Yes. They can.
https://unix.stackexchange.com/questions/289999/how-to-zip-directory-with-encryption-for-file-names
The main point is in zip encryption, the filenames are not encrypted. WHAT A JOKE.
That means if you name your file "taylor swift's latest song", they could reasonably infer that your zip archive contains tailor swift's song, and file a takedown notice.
I haven't tried this, but maybe you can double zip. 1. zip the files into a file called "files.zip", and 2. zip and encrypt the file "files.zip". Then when you look into the encrypted archive's files, all you see is "files.zip" and that reveals no information about the actual data.
Do not use zip for security. --- INSTEAD try send.firefox.com
- 2,318
- 13
- 16
-
The compression algorithm is fixed, zip within zip file size will leak original file name size. You should add some "salt" file to the inner zip. – mootmoot Jun 01 '18 at 15:39
-
@mootmoot the size of the filename isn't part of the new zip file. But regardless, it doesn't matter. Don't use zip for security. – Jonathan Jun 01 '18 at 18:20
-
Not sure I'd recommend trusting a web service for encrypting files when it's really not necessary – AndrolGenhald Jun 01 '18 at 23:41
-
-
Whether or not send.firefox.com was ever a good idea or not, it has now been permanently closed. – Simon Kissane Dec 04 '20 at 11:52