Passwords, encryption, security, and retrieving lost passwords

ALZip uses the standard ZIP 2.0 encryption format, which protects ZIP files with a password. Password protected files contain a + (plus sign) at the end of the file name in the file list of the ALZip main application window.

Passwords must be set when first creating an archive. You are automatically prompted for the password by the Enter password dialog box when extracting, testing, or using the installation features on password protected archives.

The ZIP 2.0 encryption format, however, is not as secure as 3DES or the RSA public key formats used by programs such as PGP. ZIP password protection will offer you little in the way of protection against determined individuals with advanced cryptographic tools. Remember that the longer your password is, the more difficult it is to crack. A novice hacker trying to crack a ZIP password on an average PC computer can crack a weak four-character password in less than a minute and a five letter password in less than ten minutes. If you are using words as passwords, those times shrink to become almost negligible regardless of the word length. When creating a password, it should be at least 8 characters long and should contain at least one number or other non-alphanumeric character. Any password longer than 8 characters will take years to crack for novice hackers, however, experienced hackers can crack ZIP 2.0 passwords very quickly under the right circumstances. As an example of expert password cracking, the speed-record for cracking DES (not 3DES) is 22 hours and 15 minutes, done over a large distributed computing network of about 100,000 computers way back in the stone-age, 1999.

The reason why ALZip is not designed to adopt a more secure encryption format such as 3DES or RSA is to maintain compatibility with other zipping utilities. If you require strong encryption, we recommend you use specialized encryption software instead of the ZIP 2.0 encryption format.

In general, if you adopt a password like "purplehairyspidersareCOOL!01134", noone will ever crack it - it's just too long. Also, using alt-characters (alt escape sequences) will greatly add to the difficulty in cracking a password. You can type alt-characters by first pressing the alt key and while holding it down, keying in a numerical sequence, such as "alt-0220". These characters are viewed well with the Lucida Console font. Click here for a quick reference to some alt-characters. Please note that the numerical ranges 1~32, 127~255, and 0160~0247 are generally good choices with a few minor exceptions.

Note: You must specify your password when you first create the archive. Files added to the archive later are not password protected.

Warning: You cannot retrieve lost ALZ passwords.

Related Topics

- [ Contents ] - [ Index ] - New archive - Password, Add - Password, Menu - Options - Password, Setting passwords, Entering passwords, Retrieving lost passwords, Securing passwords with alt-characters