Tuesday 11 April 2017

WinZip Encryption Password Security (2017)

9 years ago I wrote a post on WinZip Encryption Security, that post has received tens of thousands of visits over the years and continues to be pretty popular, but it is high time for that advice to be refreshed. The advice below also applies to 7-Zip, which also supports the same type of encryption as WinZip.

Do not use WinZip ‘Standard Zip 2.0 Encryption’
WinZip pre-version 9 only offered WinZip's own proprietary encryption algorithm called Zip 2.0 encryption, which is broken, so never use WinZip pre-version 9 or the “WinZip's Zip 2.0 Encryption” as an option, as passwords of any strength can very easily be recovered with third party cracking tools. WinZip versions 9 to 21 defaults to use the National Institute of Standards and Technology (NIST) scrutinised and US government agency approved encryption algorithm called the Advanced Encryption Standard (AES) - http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html . This is great, however, WinZip still includes the option to change the encryption to use the flawed Zip 2.0 encryption.

Use AES-256, but there’s nothing wrong with AES-128
The latest version of WinZip (Version 21) defaults to use the AES-256 encryption and also supports AES-128. There is hardly any noticeable speed advantage in encrypting and decrypting with AES-256 over AES-128 given the brilliant efficiency in the way AES cryptographic algorithm works, so given the lack of overhead, it makes sense to stick with the default and much stronger flavour of AES-256. 
However, both AES-128 and AES 256 are considered strong enough for commercial industry best practice and both are NIST approved to use until at least the year 2031. To put the strength of AES-128 into perspective, the '128' bit number equates to 3,400,000,000,000,000,000,000,000,000,000,000,000,000 possible keys, so guessing or cracking a key of that length is far from feasible at the moment. We also know the AES algorithm doesn’t have any sufficiently serious flaws to get around the encryption process, the Achilles Heel is the password you choose to generate that encryption key.

Use a Complex Password (Super Important)
I recommend the following password rules if you are serious about protecting your data with WinZip AES encryption, or any other AES encryption which uses a password for that matter, use a password that is:
  • at least 12 characters in length
  • is random i.e. does not contain any dictionary, common words or names
  • is not commonly known or guessable password i.e. P@$$w0rD1
  • has at least one Upper Case Character e.g. A to Z
  • has at least one Lower Case Character e.g. a to z
  • has at least one number e.g. 0 to 9
  • has at least one Special Character e.g. !,",£,$,%,@,#
Recommended Vs WinZip Default Password Policy

Why you need a Complex Password
WinZip’s AES encryption uses “Symmetric” encryption, as such the password is used to generate an AES private encryption key, if you know or can guess the password, you beat the encryption. So the complexity and strength of the password is by far the weakness point. An attacker in possession of a WinZip encrypted file has unlimited attempts at guessing that password to decrypt the WinZip archive, the defence is time, by using a password complex and long enough the thwart the unlimited amount of attempts at being successful. Hackers mainly use two attack types to crack WinZip encrypted file passwords, Dictionary Attacks and Brute Force Attacks. We'll save Rainbow table encryption cracking for another post.

A Dictionary Attack is as it sounds, the attacker tries commonly known to be used passwords and words found in a dictionary. Hackers build their own password dictionary databases by harvesting password uncovered in past data breaches which are freely available online and on the dark web, such as the recent account passwords dump following the Yahoo Data Breach. The attacker then uses a tool to script attempts, allowing thousands of password attempts from their dictionary databases to be tried in minutes.

Dictionary Attack Tool

Top Ten Account Password in Breached Yahoo Accounts
  1. 123456
  2. password
  3. welcome
  4. ninja
  5. abc123
  6. 123456789
  7. 12345678
  8. sunshine
  9. princess
  10. qwerty
The other common password cracking technique is a Brute Force Attack, in which every single combination of characters possible e.g. aaaa to zzzz is attempted, which is why I recommend using different character cases and specialist characters within lengthy passwords, as it serious extends the timeline for this type of attack to be successful.

Brute Force Attack 

Document names can be read within Encrypted Archives
There is one final issue to be aware of with WinZip encryption, an issue you don't have with other file encryption applications. Without knowing the password it is still possible for anybody to browse and read the filenames within encrypted archive, which obviously can give an attacker vital clues about the content and whether the encrypted zip file password is worth the effort to crack. One way around this is to double zip the archive, giving initial zip archive a random name, or use an alternative encryption tool following the creation of the zip file.

Anyone can read the Encrypted Zip Archived file names without the password

File Encryption Applications to Consider
There are plenty of other encryption tools you can use for file encryption as an alternative to using WinZip. 
  • TrueCrypt is free, multi-platform and has been my personal recommendation for many years. However after its development was discontinued in May 2014 following an audit, it caused controversy in the cyber security industry. Despite that, I think the latest version of TrueCrypt is still safe to use.
  • Verhttps://veracrypt.codeplex.com/aCrypt spawned out of TrueCrypt, an excellent and supported encryption tool which also works with Windows, Mac and Linux
  • AxCrypt is another free Windows-based encryption tool I recommend.
  • GNU Privacy Guard is an open-source version of the legendary Pretty Good Privacy (PGP)


denglad said...

I would also like to note WinRar. It is even more difficult to crack it (even if you use GPU). In RAR3 the speed also depends on the archive size - each password is validated only after archive unzipping...

Quid said...

There is still some value in the older ZIP 2.0 encryption (3DES) in that Windows cannot inherently open the more modern AES encrypted password protected zip files.

Additionally, WinZip and even WinRAR are not truly free.
So a 3rd party freeware programs such as 7-Zip or PEAZip could be used to open ZIP AES files. The downside is that many organizations do not allow the common worker to install unapproved 3rd party software, much less use commercial software without paying. For F&F and associates that are not tech savvy, installing a new program may be a deal breaker.

While double-zipping will indeed hide the filenames, if the same password is used for both zip files, then potentially another vulnerability is unleashed, i.e. known plaintext aka meet-in-the-middle attack. So don't use the same password twice.

Even for the imperfect ZIP 2.0 encryption, if 4 or fewer files are protected with a long complex password, then even Elcomsoft does not guarantee the password can be recovered.
Ref: https://www.elcomsoft.com/help/en/archpr/index.html

The author is correct though, for personal use and for use between computer savvy individuals, don't use ZIP 2.0 if AES is available. 7-Zip and PEAZip can open and create AES Zip files, including those made in WinZip/SecureZip. They also have their own archiving algorithms, like WinRAR, but are free and not demoware.

Free password crackers do work, like John-the-Ripper, but it is not something the average person is typically interested in or capable of doing. In any case, do not capitalize the first letter of the password and do not put special characters or numerals just at the end. There are good password security videos on YouTube warning about such.

Anonymous said...

My account is has been locked plss iwant to my account