author avatar
    Senior Product Manager
 

Summary

If some people want to encrypt a file, they can zip it and add a password to the zip. But is it safe? How to create password-protected zip files better? Get the answer in this essay!



1. Why Encrypted Zip Files are Not Safe?

Zip files are very common in our daily life. This Zip format, used for lossless data compression, goes through lots of operating versions. When zipping files, we can also use the built-in tool to add a password to encrypt them.

Although this tool is convenient, it is not safe enough. For example, you need to enter the password when you want to zip out the file. Yet, the other people can also directly open the zip to check the file types, file names and the latest modified date. That still affects the privacy security.

enter password to open the protected zip file

Importantly, there are many ways to crack the encrypted zips. Next, we will talk about the encryption principle of zip files, the ways to crack encrypted zips and then introduce the other safer ways to encrypt files in a zip file.

2. What is Zip File?

Computer users are familiar with zip files. ZIP is the file format for data compression and archive storage, with the file extension “.zip”. Currently, this format is still popular. There are other similar formats, including WinRAR and 7-Zip (7z), the open source software used for file compression.

As for performance, the compression ratio of WinRAR and 7z is higher than that of WinZip. But WinZip is available in many operating systems, Windows, MacOS and Linux included. Even users who never install the relative software can open the WinZip files. Therefore, if you want to share files online, WinZip is the first choice.

use password to protect zip files

3. Encryption Principle and Crack Principle of Zip Files

The encryption of zip files is the public-key scheme where the user can use the same key (only 1 key in fact) to encrypt and decrypt. Through the encryption ways, such as AES256, the plaintext can be converted to the ciphertext. If the user can enter the correct password, the ciphertext will be returned to the plaintext. That is the process of decryption.

how about the encryption process

Yet, this way is only a combination of encryption and zipping files. Users can directly open the zip to check the file types, file names and the modified date. That is not safe for privacy information.

Meanwhile, this encryption way can be cracked easily. Basically, people can preset a password used to match with the target password until they test out the correct password. Some crack software is designed based on this principle, too. They can continously crack the zip files as there is no access limitation.

Hot Topic - ADsRenee File Protector - Overall Protection to Your Data

Easy to use Few clicks for whole folder encryption process.

Overall protection Users can hide, lock or get other protection to files in local disk or USB disk.

High Security Classified encryption method prevents data from leakage.

Compression transfer Support to compress and encrypt any files to secure the file transfer security.

Advanced self protection Provide self

Easy to use Few clicks for whole folder encryption process.

Overall protection Users can hide, lock or get other protection to files in local disk or USB disk.

High Security Classified encryption method prevents data from leakage.

Free TrialFree Trial 800 users have downloaded and protect data!

4. Common Ways to Encrypt Zip Files

(1) Standard zip 2.0

Standard Zip 2.0 is an older encryption technique that provides a simple protection against casual users who do not have the password but try to open the password-protected zip files. However, this way is known to be relatively weak so it cannot be expected to provide protection for data security. Given the higher data security, AES is the better choice.

Compared with AES, Standard Zip 2.0 is supported by more compression programs. Only by entering the correct password can you use a compression program to open zip files at any time.

(2) Advanced Encryption Standard

AES, fully known as Advanced Encryption Standard, is the block encryption standard adopted and sponsored by the U.S. Government. Now, AES has been one of the popular symmetric-key algorithms.

The common zipping programs support AES encryption in two different strengths: 128-bit AES and 256-bit AES. Simply speaking, 256-bit AES is stronger than 128-bit AES while 128-bit AES runs quicker than 256-bit AES. That means that 128-bit AES takes less time to encrypt or decrypt a file. But both of them can provide significantly greater security than the standard Zip 2.0 method. If you value the encryption security, you should take priority to 256-bit AES.

Advanced Encryption Standard

(3) Is it Good to Encrypt Files in a Zip File?

WinZip and the other zipping programs have provided the standard zip 2.0 and AES now. They are able to meet the need that many users prevent their confidential information from being viewed by unauthorized individuals. There are, however, some limitations of encrypting files are in a zip file.

use password to protect the zip files

    • Encryption applies only to the contents stored within a Zip file. Information, such as file name, data, size and property, is stored in unencrypted form in the Zip file’s directory. Those people who have no right to view can access to the information of the Zip file without a password.
    • The encryption method of zip files is different from that of the authentication method. The encryption of zip files is intended to prevent someone who doesn’t know the correct password from finding out the contents of the encrypted data. However, the password is not needed for actions that do not involve decryption of the encrypted contents of data stored within a Zip file. For example, people can deleted the encrypted files for a zip file, or rename the files, or add new, unencrypted files to the zip file. All these actions are free from entering password.
    • Encrypting in a zip file uses password-based encryption. If your password is weak, or you do not keep the password in a safe way, a strong encryption algorithm like AES has no benefit. Those passwords, “123456”, “password” and “123”, are too simple.
    • If your computer is attacked by malicious cod (i.e. virus), the password may be recorded when you are entering. Please pay attention to the computer health and use the reliable zipping programs.

5. How to Crack Encrypted Zip Files?

Perhaps, you are familiar with these scenes: you download a password-protected zip file but you don’t know the password; you encrypt a zip file but you forget the ciphertext. At that moment, you need to crack them. So, how to crack zip files? Here are some details.
Hot Topic - ADsRenee File Protector - Overall Protection to Your Data

Easy to use Few clicks for whole folder encryption process.

Overall protection Users can hide, lock or get other protection to files in local disk or USB disk.

High Security Classified encryption method prevents data from leakage.

Compression transfer Support to compress and encrypt any files to secure the file transfer security.

Advanced self protection Provide self

Easy to use Few clicks for whole folder encryption process.

Overall protection Users can hide, lock or get other protection to files in local disk or USB disk.

High Security Classified encryption method prevents data from leakage.

Free TrialFree Trial 800 users have downloaded and protect data!

(1) Check Zip Comment

In fact, checking the zip comment is not a way to crack the password. Most of people omit the point that some online publishers usually comment the zip file with the target password. You can try to check and see whether the author has marked the password.

check zip comment to find out the password

(2) Crack by ARCHPR

ARCHPR specializes in cracking the password-protected zip files. No matter easy or difficult passwords, this software can exploit various attack types to crack the vulnerabilities. Yet, the processing time depends on the complexity of the password. Besides, this software is very easy to use, only within some steps.

① Select the target zip file. Then, set the attack type and the brute-force attack range options. After that, begin the process.

set a range on archpr to crack password

② Finally, await the result.

await the result from archpr

In addition, the attack types will affect the results. Here are more details about the types.

Brute-force

Brute-force attack is a way that the groups formed by all characters will be tested until the correct password has been confirmed. It is primary but effective. The numerous failures of character groups can gradually make users close to the target characters and finally get the correct password.

Yet, if you do not know the length, the range of the characters (caps or small Latin, digits), you have to try the character groups continuously. If it is a complex password, it can takes a long time (1,000 years, maybe) to crack.

Dictionary

Dictionary attack is special part of brute force attack. Dictionary attack can take care of the common passwords (i.e. 123qwe, hello123) based on the huge amount of the human languages. That can skip to test the passwords recorded in the dictionary. If the password is fortunately right in the dictionary, the process will be completed quickly.

Some password dictionaries even collect millions of common passwords. This type can facilitate users to unblock the password-protected zip files and save their time greatly.

Mask

If you know the length or part of the characters, you can try mask attack to retrieve the password. For example, you know there are 6 figures and the second one is a, you can type “?a????” to test out the password.

Plain-text

Plain-text attack is an effective way. If a user wants to crack a password-protected zip file, as he/she holds one of the identical files, the zip file can be cracked by plain text attack.

Since all files in a zip files share one key, the known file can be used to look up the key and unblock the other files.

Hot Topic - ADsRenee File Protector - Overall Protection to Your Data

Easy to use Few clicks for whole folder encryption process.

Overall protection Users can hide, lock or get other protection to files in local disk or USB disk.

High Security Classified encryption method prevents data from leakage.

Compression transfer Support to compress and encrypt any files to secure the file transfer security.

Advanced self protection Provide self

Easy to use Few clicks for whole folder encryption process.

Overall protection Users can hide, lock or get other protection to files in local disk or USB disk.

High Security Classified encryption method prevents data from leakage.

Free TrialFree Trial 800 users have downloaded and protect data!

(3) Online Crack Services

If you prefer to online services, you can try password-online.com. You only need to upload the zip file and wait for the decryption result.

However, you have to send the file to the others servers. It relates to privacy security.

decrypt password protected zip files online

6. How to Avoid Zip Files Being Cracked?

From the above part, we know that an encrypted zip file does not mean 100% data security. In fact, data security depends not only on the encryption strength but also on the strength of the password and the additional protection methods. Here are two advices for protection of the password-protected zip files.

(1) Set Complex Password

Take the simple cipher lock as an example. There are only three figures on the lock from 001 to 999. The lock must be opened within 1000 trials. This way is also part of brute force attack.

password used in real cipher lock

If you do not want your password to be cracked, the length and the complexity are critical. Even though people use a computer to continuously eliminate the character groups, it is very hard to get the password if it is complex and long enough. So, do you know the relationship between the password and the cracking time?

Types of figuresNumber of available figuresMax. cracking time
Length
4 digits6 digits8 digits10 digits
Latin (case-insensitive)26About 3sAbout 37minsAbout 17 daysAbout 32 years
Latin (case-sensitive) +number62About 2minsAbout 5 daysAbout 50 yearsAbout 200,000 years
Latin (case-sensitive) +number +symbol93About 9minsAbout 54 daysAbout 1,000 yearsAbout 10 million years
From the table, we can see that it is impossible to use brute force attack to crack a password it is complex enough.

(2) Protect Relative Information

In addition, you should not disclose any information about your passwords (the characters and the length included) even though they are complex. Once the attacker learns about any information, the password will be at risk.

pay attention to leakage of private information

7. Use Renee File Protector to Create Password-Protected Zip Files Better

Now, as we all know, the password-protected zip files are not safe and reliable enough. If you want to create a password-protected zip file better, Renee File Protector is here to help you. It is a guardian for your zip files.

Renee File Protector, professional software for encryption of local disks, can hide, lock and protect files with the high-level encryption techniques. In addition, files stored in a encrypted zip files can be locked, which can greatly ensure the data security.

Renee File Protector - Overall Protection to Your Data

Easy to use Few clicks for whole folder encryption process.

Overall protection Users can hide, lock or get other protection to files in local disk or USB disk.

High Security Classified encryption method prevents data from leakage.

Compression transfer Support to compress and encrypt any files to secure the file transfer security.

Advanced self protection Provide self

Easy to use Few clicks for whole folder encryption process.

Overall protection Users can hide, lock or get other protection to files in local disk or USB disk.

High Security Classified encryption method prevents data from leakage.

Free TrialFree Trial 800 users have downloaded and protect data!

(1) Lock Zip Files

Step 1: Download Renee File Protector.

press to the download button

Step 2: Run the software and click [Hard Disk] > [Lock File].

lock file in Renee File Protector

Step 3: Click [Lock File] to select the target zip file.

click to lock file in renee file protector

Step 4: Then, the file will be locked automatically.

use the password to lock the zip file and protect in renee file protector

Step 5: The locked file will not be accessed until you enter the correct password.

enter password to open the protected zip file

(2) Zip and Encrypt Files

Sometimes, the zip files are not only saved in the disks but shared or transferred to the other people. If you want to process a safe transferring process, Renee File Protector can encrypt the files. Importantly, this function has no limit to the file size. You can encrypt any file.

When transferring zip files, you only need to copy the encrypted gfl or exe files and decrypt them on the target computer. This function is simple and safe, even available in the free trial version.

Step 1: Download Renee File Protector.

press to the download button

Step 2: Run the software and select [Common] > [Encrypt File].

use renee file protector to encrypt file

Step 3: Click [Add Files] or [Add Folders] to select the target zip files.

add files or folders to encrypt in renee file protector

Step 4: Select to encrypt to gfl or exe.

use renee file protector to encrypt to gfl or exe password protected zip file

What is different between gfl and exe:

Gfl: When a file is encrypted to gfl, it can only be decrypted by the computer with Renee File Protector installed. This format is suitable for the owners of Renee File Protector.

Exe: If a file is encrypted to exe, it can be decrypted via the correct password, without Renee File Protector installed. It is more utility because it fits all who hold the password. We recommend you use this format in general situations.

Step 5: Set the storage location and the password. Click [OK] to generate the file.

set the file location and the password for encrypted exe zip file in renee file protector

(3) Can Renee File Protector Be Cracked?

No matter which encrypted files, they will be challenged by brute force attack. Renee File Protector is out of exception. Renee File Protector exploits the advanced ASE 256 encryption standard and all actions are limited in the local disks. These designs block the attackers to copy any information to the other computers and crack. If you zip the encrypted files, the encryption status will not change. Even though the storage device is lost, the other people are unable to view the encrypted contents. In other words, it ensures the safe transfer.

Meanwhile, you can set against the brute force attack. Once a user continuously enters the wrong password 5 times, the software will send an email to inform the file owner. You can also set the file cannot be accessed within 10mins if such situation happens. This function is intended to protect the data but also provide a chance for the owner when they forget the password.

enable self protection for renee file protector

Want to create a password-protected zip file better? Renee File Protector is your best choice!