Knowledgebase
Ask a Question
Search:     Advanced search
KB Home / WinZip / Encryption / How strong is WinZip's encryption?

How strong is WinZip's encryption?
Article ID: 80
Last updated: 16 May, 2012
Print
Email to friend
Views: 23740

WinZip offers two kinds of encryption: strong AES encryption and weak Zip 2.0 (Legacy) encryption.

If you have important security requirements for your data, you should use WinZip's AES encryption. AES is the Advanced Encryption Standard, which is the result of a three-year competition sponsored by the U.S. Government's National Institute of Standards and Technology (NIST). This encryption method, also known as Rijndael, has been adopted by NIST as a Federal Information Processing Standard.

WinZip supports AES encryption in two different strengths: 128-bit AES and 256-bit AES. These numbers refer to the size of the encryption keys that are used to encrypt the data. 256-bit AES is stronger than 128-bit AES, but both of them can provide significantly greater security than the standard Zip 2.0 method. An advantage of 128-bit AES over the 256-bit AES is that it is slightly faster, that is, it takes less time to encrypt or decrypt a file.

The security of your data depends not only on the strength of the encryption method but also on the strength of your password, including factors such as length and composition of the password, and the measures you take to ensure that your password is not disclosed to unauthorized third parties.

Note: The extension to the Zip file format used by WinZip to store AES-encrypted files is not supported by versions of WinZip earlier than version 9.0. Also, this format extension is supported by some other Zip file utilities (but not all). In order to extract a file encrypted with AES, WinZip 9.0 or higher may be required. Because the full technical specification for WinZip's AES format extension is available on the WinZip web site other Zip file utilities can add and have added support for this format extension.

The Zip 2.0 (Legacy) encryption format is supported by most, if not all, other Zip file utilities. Password protecting a Zip file with Zip 2.0 encryption provides a measure of protection against a casual user who does not have the password and is trying to determine the contents of the files. However, the Zip 2.0 encryption format is known to be relatively weak, and cannot be expected to provide protection from individuals with access to specialized password recovery tools.

Do not rely on Zip 2.0 encryption to provide strong data security.

If you have any questions about this information please email Technical Support.

Related Articles:
What is AES Encryption?
Password Policy for Encryption
WinZip AES is not FIPS 140-2 certified
This article was:   Helpful | Not Helpful
Prev   Next
What is AES Encryption?     What must I do to remove encryption from my Zip file?

RSS
Powered by KBPublisher (Knowledge base software)