CHMlib Logo Leading Translation Management System for Translation Agencies, Top Translation Management Software for Freelance Translators, Time Tracking Software, Word Count, Character Count and Line Count Software, Computer Assisted Translation Tool for Easy Word Count, Clipboard Character Count Software, User-Friendly Translation Memory Software, Terminology Management Software, Terminology Management Server, Microsoft Glossary Software, Dictionary of Acronyms, Social Network for Translators and Translation Agencies, Acronyms and Abbreviations Search Engine, Russian Translation Lab, Ukrainian Translation Lab.
You are reading help file online using chmlib.com
CrisisHelper - First Aid in Tough Times of World Economic Crisis


About Encryption

About encryption and encryption methods

WinZip's encryption facility gives you a way to protect sensitive documents contained in your archives from unauthorized viewing. The contents of the files that you want to protect are encrypted by WinZip® based on a password that you specify. In order for WinZip to later extract the original contents of the encrypted files, the correct password must again be supplied.

This section gives a general overview of WinZip's encryption facilities. Once you are familiar with this information, you can read about the specifics of using encryption.

Additional or updated information about WinZip encryption may also be available on the WinZip web site.

WinZip provides two encryption methods for Zip files:

Limitations to be aware of

WinZip's AES encryption facility represents a significant advance on the previous Zip 2.0 encryption, and it can help meet the need that many WinZip users have for preventing their confidential information from being viewed by unauthorized individuals. There are, however, some limitations that you should be aware of:

Notes on encryption safety

Encryption provides a measure of safety for your sensitive documents, but even encrypted documents can be compromised (regardless of whether they were encrypted by WinZip or by other encryption software). Here are some of the ways this can occur. This is by no means an exhaustive list of potential risks; it is intended only to give you an idea of some of the safety issues involved with sensitive documents.

You may be able to eliminate some of these exposures using specialized software such as virus scanners, disk erasers, etc.

Technical information on AES key generation

When you use AES encryption with WinZip, the passwords that you enter are converted into keys of the appropriate length (128 bits or 256 bits, depending on the AES key length that you specify). This is done through the PBKDF2 algorithm defined in RFC 2898 (also available as Public Key Cryptography Standard #5) with an iteration count of 1000. WinZip uses 8-byte salt values with 128-bit AES encryption and 16-byte salt values with 256-bit encryption.

One purpose for the "salt" values used with WinZip's AES encryption is to yield different encryption keys for each file, even if multiple files are encrypted with the same password. With the 8-byte salt values used with WinZip's 128-bit encryption it is likely that, if approximately 4 billion files are encrypted with the same password, two of the files will be encrypted with the same key. Someone who obtained copies of two files encrypted with the same key could learn information about their contents, so it is advisable to stay well below this limit. This is why we recommend that if you are going to be using the same password to encrypt very large numbers of files with WinZip's AES encryption (that is, files totalling in the millions, for example 2000 Zip files, each containing 1000 encrypted files), you use 256-bit AES keys, which use 16-byte salt values, rather than 128-bit AES-keys, with their 8-byte salt values.

As part of the process outlined in RFC 2898 a pseudorandom function must be called; WinZip uses the HMAC-SHA-1 function for this purpose, since it is a well-respected algorithm that has been in wide use for this purpose for several years. The PBKDF2 function repeatedly calls HMAC-SHA-1, which produces a 160-bit hash value as a result, mixing the outputs in a fairly complicated way, eventually yielding a 128- or 256-bit encryption key as a result.

Note that, if you are using 256-bit AES encryption, the fact that HMAC-SHA-1 produces a 160-bit result means that regardless of the password that you specify, the search space for the encryption key is unlikely to reach the theoretical 256-bit maximum, and cannot be guaranteed to exceed 160 bits. This is discussed in section B.1.1 of the RFC 2898 document.

Information for software developers

Zip file utility developers who wish to provide WinZip-compatible AES encryption support in their own products can find complete technical information on the WinZip web site.

See also

Using Encryption

Encryption Passwords



You are reading help file online using chmlib.com

If you want your help file to be removed or added please send e-mail to chmlibcom@gmail.com
Partner sites: Logo Design, Simple Anti-Crisis Accounting Software, Voice Search for Web