PKWare Files a Patent Application for Secure .zip 281
prostoalex writes "The battle of ZIP formats might intensify as PKWare filed an application with USPTO to obtain a patent on its Secure Zip technology, which pretty much involves archiving with strong cryptography. If the patent gets granted, PKWare will license its algorithms for other software manufacturers. A representative of Aladdin Systems summed it up: "The good thing about the .zip file format was that you knew you could send it to everyone. Now that's getting broke.""
Use PGP (Score:5, Informative)
secure and compressed
Re:Use PGP (Score:5, Informative)
Re:Use PGP (Score:1, Informative)
Re:Use PGP (Score:2, Informative)
tar: to combine multiple files
gzip: to compress one file
pgp: to encrypt one file
Of course, we can use them in any other, but the order that makes most sense is: (1)gzip, (2)pgp, (3)tar.
Re:Use PGP (Score:3, Informative)
PGP's algorithm of choice for compression may not be as cool as yours though, so you may want to use bzip2 anyway for particularly large files.
geek factor (Score:3, Informative)
I use PGP for just about everything (I have a built in "roaming profile" via PGPdisk) but I don't believe it compresses stuff (if it does you sure can't tell it - a 600MB PGPdisk won't hold more than 550MB before it gets so fragged you can hardly use the CD). You can use NTFS and compression, but that's not nearly as efficient as zip and you can't mount ntfs partitions in read only mode from win2k, so NTFS parts on CD are essentially useless. It's easy enough to install, but then you gotta be comfortable with formatting and all that stuff - where does this leave people who think "explorer" is just "how you get the internet?"
The problem with pgpdisk is it's not pervasive and there doesn't seem to be a well supported fork out from under the thumb of NA. It would be fantastic if there were a lightweight pgpdisk runtime (ie not a 15MB download, with a braindead consumer oriented GUI) available that was supported in the oss community, but I don't know of one.... do you?
PK (Score:5, Informative)
AFAIK the company is now run by his mom pretty much.
Some notes about the pkzip encryption. (Score:4, Informative)
differs from other pkzip crypto methods.
A zip45 file begins with:
central file header signature 4 bytes (0x02014b50)
version made by 2 bytes
version needed to extract 2 bytes
general purpose bit flag 2 bytes
In a zip file, if the GENERAL PURPOSE bit flag is set
(bit 0 of the 2 byte field) it means the file is encrypted.
The PKZIP encryption scheme was designed by Roger
Schalfly, who is evidently the son of the famous
(1980s anti-women's rights) republican spin mastah
Phyllis Schlafly. But anyway.
Each encrypted file has an extra 12 bytes stored at
the start of the data area defining the encryption
header for that file. The encryption header is originally
set to random values, and then itself encrypted, using
three, 32-bit keys. The key values are initialized using
the supplied encryption password. After each byte
is encrypted, the keys are then updated using
pseudo-random number generation techniques in
combination with the same CRC-32 algorithm
used in PKZIP and described elsewhere in this document.
The following is the basic steps required to decrypt a file:
1) Initialize the three 32-bit keys with the password.
2) Read and decrypt the 12-byte encryption header, further
initializing the encryption keys.
3) Read and decrypt the compressed data stream using the
encryption keys.
For step one, you jack up your karma whorin' by pasting
the following key sets:
Key(0) > 24)
end update_keys
In step two, often associated with total karma whorin',
one also (*cough* karma whore) loops through the
buffer with:
loop for i > 8
end decrypt_byte
After the header is decrypted, the last 1 or 2 bytes in
Buffer should be the high-order word/byte of the CRC for
the file being decrypted, stored in Intel low-byte/
high-byte order. Versions of PKZIP prior to 2.0 used a
2 byte CRC check; a 1 byte CRC check is used on
versions after 2.0. This can be used to test if the
password supplied is correct or not.
In step 3, we continue to blatantly violate copyright laws
while whorin' karam with:
loop until done
read a character into C
Temp - C ^ decrypt_byte()
update_keys(temp)
output Temp
end loop
So that's about it.
OS operating system common formats (Score:3, Informative)
In both cases, the files are essentially concatinated into a single file by the tape archiver (tar) and then that file is compressed using either the gzip or bzip2 utility. While bzip2 is capable of much better ratios, it takes a lot more processing power, and is not nearly as ubiquitous as gzip is.
In some older UNIXes and most Linux distros, there is still the zip utility that makes files with the extension .tar.Z . This is an older format, but it is still being used sometimes.
Re:7-zip (Score:5, Informative)
No kidding. It amazes me that a lot more people don't use this - It handles all the major formats (zip, tar, gz, bz2, cab, no "sit", though) better than the "native" program for them does, and hey, open source to boot. And, its "7z" format really does get 10-30% better compression than even bzip2.
Gotta agree with the other response to you, though - the interface needs MAJOR work. It doesn't "look" bad, but feels very counterintuitive. Hell, if they totally eliminated the psuedo-explorer-esque look and just let me drag-and-drop, I'd consider it perfect.
Re:OS operating system common formats (Score:3, Informative)
Re:No, that's not the reason (Score:3, Informative)
Re:i thought good cyphertext can't be compressed (Score:3, Informative)
Re:Ironic quote from Aladdin Systems (Score:4, Informative)
Aladdin writes software handles zip files, too. So they DO care about inter-operability. They have a perfectly honest and legitimate interest in this.
Re:Not free (technically) but (Score:1, Informative)
tar and gzip are based on pipes and streams. They're surprisingly flexible. If gzip craps out in the middle of the input, it will still output as much as it can figure, and tar will work from that, even if it is incomplete.
Threat to encrypted gzip? (Score:5, Informative)
How?
Zip and gzip use the same 'deflate' compression alogrithm. In fact, zlib [gzip.org] was based on the Info-Zip [info-zip.org] code, a free software/open source alternative to pkzip, and the GZip homepage [gzip.org] specifically credits Info-Zip as where "all this started", and mentions that the decompression code was based on the code of the major author of Info-Zip. And WinZip's
So, gzip, zlib, Info-Zip, and WinZip all share common code from common authors implementing the same algorithm. As a result, it would take a very narrowly-tailored patent to allow gzip-and-encryption without allowing Winzip's zip-and-encryption.
Re:Ironic quote from Aladdin Systems (Score:5, Informative)
You're partly right. StuffIt was the main compression format until OS X came along, but it's not the only format that preserves resource forks.
Today you'll mainly see .dmg (disk image) format, which features compression, optional encryption, and preserves resource forks. Also common are .pkg (a compressed installer, which can include files with resource forks) and .tar.gz files (I don't think they preserve resource forks).
And some folks still use Stuffit .sit files.
Re:PKZIP is irrelevant now, anyway. (Score:2, Informative)
Re:7-zip (Score:2, Informative)
I'll stick to IZArc that can do 256 bit AES."
So you must have missed:
http://www.7-zip.org/7z.html
7-Zip also supports encryption with AES-256 algorithm. This algorithm uses cipher key with length of 256 bits. To create that key 7-Zip uses derivation function based on SHA-256 hash algorithm. A key derivation function produces a derived key from text password defined by user. For increasing the cost of exhaustive search for passwords 7-Zip uses big number of iterations to produce cipher key from text password.
Re:7-zip (Score:3, Informative)
o) It's windows only, and WINE won't run the main thing
o) The self extractors it creates *do* run under wine - so if you get a
o) I want a native linux version!