PKWare Files a Patent Application for Secure .zip 281
prostoalex writes "The battle of ZIP formats might intensify as PKWare filed an application with USPTO to obtain a patent on its Secure Zip technology, which pretty much involves archiving with strong cryptography. If the patent gets granted, PKWare will license its algorithms for other software manufacturers. A representative of Aladdin Systems summed it up: "The good thing about the .zip file format was that you knew you could send it to everyone. Now that's getting broke.""
Use PGP (Score:5, Informative)
secure and compressed
Re:Use PGP (Score:5, Interesting)
Re:Use PGP (Score:5, Informative)
Re:Use PGP (Score:3, Informative)
PGP's algorithm of choice for compression may not be as cool as yours though, so you may want to use bzip2 anyway for particularly large files.
Re:No, that's not the reason (Score:3, Informative)
Re:No, that's not the reason (Score:3, Interesting)
The problem (if it is indeed a problem) is that compressing the data may, in practice, be as hard as decrypting the data.
Re:Use PGP (Score:3, Interesting)
A strong encryption process shouldn't need compression for security. But compression can easily improve the speed of the encryption, since if you compress the text that means that much less text to encrypt (and compression is usually a lot faster than encryption).
Re:Use PGP (Score:3, Insightful)
Says who?
Consider piping your PGP output through this:
Is it compressable? Yes. Less secure? No.
Re:Use PGP (Score:2)
Can we all say, "late!"
Why not GPG? (Score:4, Insightful)
Why not zip and then use GPG [gnupg.org]?
geek factor (Score:3, Informative)
I use PGP for just about everything (I have a built in "roaming profile" via PGPdisk) but I don't believe it compresses stuff (if it does you sure can't tell it - a 600MB PGPdisk won't hold more than 550MB before it gets so fragged you can hardly use the CD). You can use NTFS and compression, but that's not nearly as efficient as zip and you can't mount
Re:Use PGP (Score:5, Funny)
There is still room for encryption programs that make files bigger. I've been thinking of making a program that would automatically pad a document with additional legal verbiage and routinely add one billable hour, and see if I could sell it to the legal community.
Re:Use PGP (Score:2, Informative)
tar: to combine multiple files
gzip: to compress one file
pgp: to encrypt one file
Of course, we can use them in any other, but the order that makes most sense is: (1)gzip, (2)pgp, (3)tar.
Re:Use PGP (Score:2, Interesting)
The main reason I picked 1 gig as an arbitrary number when starting a thread is this: I came up with a backup system that backs up the files on the network I admin. This can create a severe security hazard. For instance I have accounting, HR, and management's files all on the same computer - this would be a jackpot if anyone busted through our firewall and managed to hack the backup server itself -
Re:Use PGP (Score:3)
(Yea, I don't know anything about PGP/GPG, shush.)
That's fine and all.... (Score:5, Funny)
Re:That's fine and all.... (Score:2, Funny)
Re:That's fine and all.... (Score:2)
Sure nerds are sexy but too many of them lack the interpersonal skills to find a girlfriend. I'm still looking, and don't pl
Ironic quote from Aladdin Systems (Score:3, Funny)
A representative of Aladdin Systems summed it up: "The good thing about the
[/quote]
This quote is funny coming from a company that sells a competing compression format (.sit)
Re:Ironic quote from Aladdin Systems (Score:4, Informative)
Aladdin writes software handles zip files, too. So they DO care about inter-operability. They have a perfectly honest and legitimate interest in this.
Re:Ironic quote from Aladdin Systems (Score:2)
Re:Ironic quote from Aladdin Systems (Score:5, Informative)
You're partly right. StuffIt was the main compression format until OS X came along, but it's not the only format that preserves resource forks.
Today you'll mainly see .dmg (disk image) format, which features compression, optional encryption, and preserves resource forks. Also common are .pkg (a compressed installer, which can include files with resource forks) and .tar.gz files (I don't think they preserve resource forks).
And some folks still use Stuffit .sit files.
Re:Ironic quote from Aladdin Systems (Score:3, Insightful)
Thus Aladdin took full advantage of the openness of the ZIP format for so long, for compatibil
Re:Ironic quote from Aladdin Systems (Score:2)
"I'll get you Hey Steve if it's the last thing I ever doooooooo!!!"
Text compression (Score:5, Funny)
It's good to see Aladdin Systems are demonstrating their lossy text compression technology by saying that the ZIP format is "getting broke" rather than "getting broken"
</tongue>
Re:Uh Oh XML Police (Score:2)
Your XML is not well formed, it should look like this:
You need to quote all attribute values!7-zip (Score:5, Interesting)
Re:7-zip (Score:5, Informative)
No kidding. It amazes me that a lot more people don't use this - It handles all the major formats (zip, tar, gz, bz2, cab, no "sit", though) better than the "native" program for them does, and hey, open source to boot. And, its "7z" format really does get 10-30% better compression than even bzip2.
Gotta agree with the other response to you, though - the interface needs MAJOR work. It doesn't "look" bad, but feels very counterintuitive. Hell, if they totally eliminated the psuedo-explorer-esque look and just let me drag-and-drop, I'd consider it perfect.
Re:7-zip (Score:2)
Re:7-zip (Score:3, Informative)
o) It's windows only, and WINE won't run the main thing
o) The self extractors it creates *do* run under wine - so if you get a
o) I want a native linux version!
extensions (Score:5, Insightful)
But it's likely that they'll keep using ZIP because of its brand recognition. That's really too bad, but at the same it might frustrate people enough to get them to try another compression format, like BZIP.
Re:extensions (Score:5, Insightful)
What's an extension? I use Content-Types like application/x-patented-zip and name all my Zip(TM) files "archive.this.is.not.tar", and when I am forced to use Windows I never see an "extension".
Seriously, the true value of their intellectual "property" (sic) is that of their trademarked brand name. As an archive format it is pretty uninteresting. Everybody knows what "zip" means. Adding a patent in this area to me seems like a dumb move; another one of those all-to-common desparation moves by a failing company to have the USPTO save it. In the late 1990s companies looked for VC firms to save them from their own shortcomings, today the trendy savior seems to be the USPTO.
To me this move just screams "Use our patented technology to secure your important files....BTW you must use only our software and we can revoke your rights to use our patent at any time rendering your important files so secure that not even you can read them legally again!" That's enough to keep me from using their format; it's my data and I don't want my access to it to be contingent upon some party outside of my control.
Re:extensions (Score:2)
That makes no sense, and I think you're making it up.
First of all, you say you use Windows (when forced to or whatever), so if you name an ZIP file "archive.this.is.not.tar" it will open in your TAR opener when double clicked, and probably just give you an error. Plus it will have a TAR icon (or none at all) instea
Re:^H^H^H^H^H??? (Score:2)
Re:^H^H^H^H^H??? (Score:2)
Apparently not. I think if more people used the backspace key, we wouldn't have to see those damn ^H corrections everywhere.
just another example... (Score:5, Interesting)
seems like a familiar story to me.
Re:just another example... (Score:3, Interesting)
Re:just another example... (Score:2)
Re:just another example... (Score:2)
Anywasy, it does kind of s
Re:just another example... (Score:4, Interesting)
Except Katz didn't innovate that much. (Score:5, Interesting)
Except that they started out in hell, because their founder ripped off Thom Henderson's ARC to make his original program.
Back in the BBS days, we were all rallied to support good ol' Phil against the evil Big Company, System Enhancement Associates, who was suing to keep Phil's faster PKARC from eating the original ARC program's lunch. BBS sysops were encouraged to boycott ARC. It worked. It ruined System Enhancement Associates.
Except the funny thing is, SEA was right. They won the lawsuit because Katz hadn't just reimplemented ARC, he stole their source code. That always gets left out of the retelling, even though the reason ZIP exists as a format is because Katz was ultimately prevented from using the ARC format and compression routine. The reality is also that even then, PKWare was a bigger company than SEA ever was. ARC was a commercial program, but had a very unusual license (for the time) allowing people free access to the source code if they wanted to port it to non-DOS platforms. Katz baldly abused this license and, in the end, got away with it. ZIP did end up with an improved compression scheme which I presume PKWare came up with, although there's some evidence that the all-but-ignored ARC 7 outperformed it. (PKARC was, IIRC, based on ARC 5.)
Ben Baker has a description of the history [esva.net] of this whole affair at the website of Thom Henderson (ARC's author). Henderson also has his own commentary, which I would describe as "gently acid."
Re:Except Katz didn't innovate that much. (Score:2)
Re:just another example... (Score:2)
Does anyone remember the dedication message which came with the original ZIP?
The file format of the files created by these programs, which file format is original with the first release of this software, is hereby dedicated to the public domain. Further, the filename extension of .ZIP, first used inconnection with data compression software on
the first release of this software, is also hereby dedicated to the public domain, with the fervent and sincere hope that it will not be attempted to be appropriate
I'll stick to bzip (Score:3, Insightful)
Re:I'll stick to bzip (Score:2)
(Speaking of which, what's up with the bzip2 option changing from I to y to j? Couldn't they just pick something and stick with it?)
By the way, although WinZip can decompress gzip files, it cannot decompress bzip2 files AFAIK, which
The next widespread compression (Score:4, Insightful)
Re:The next widespread compression (Score:4, Interesting)
Zip+encryption? (Score:4, Funny)
"No no, pkzip isn't prior art... the patent only covers the novel idea of using strong encryption"
-- this is not a
Re:Zip+encryption? (Score:2)
- Encryption + Image format
- Encryption + EDI Data
- Encryption + Weblogs
- Encryption + Audio files
- Encryption + VCS
I know you're all thinking "prior art", but since when has that ever stopped anyone from getting a patent? Besides, I am using strong encryption, oh yes.
gzip? (Score:2, Interesting)
Hell, even the "pirates" and "hackers" are using something else (rar, ace).
Re:gzip? (Score:2)
All of the implementations of Winzip-type applications I've used on Windows don't treat
Which to the 15% of the non-technical computer user base that's actually figured out what ZIP does and how to use it would mean a flo
Re:gzip? (Score:2)
It does if you want to compress more than 1 file into an archive...
forget the public domain (Score:2)
I guess we won't be seeing a free Linux version any time soon either. Not that we need it, GPG does a good enough job at compression and multi-platform compatibility to make this completely unnecessary.
PK (Score:5, Informative)
AFAIK the company is now run by his mom pretty much.
Re:PK (Score:3, Interesting)
He basically stole it.
[esva.net]
http://www.esva.net/~thom/philkatz.html
Any karma really belongs to the person who posted this last time it came up on slashdot, but I thought this should be mentioned at +2.
encrypting version of gnu tar (Score:5, Interesting)
There's also a Usenet thread about encrypting archive programs [google.com] including some modified Zip programs.
Re:encrypting version of gnu tar (Score:2)
If that is the case, and considering how many i
Some notes about the pkzip encryption. (Score:4, Informative)
differs from other pkzip crypto methods.
A zip45 file begins with:
central file header signature 4 bytes (0x02014b50)
version made by 2 bytes
version needed to extract 2 bytes
general purpose bit flag 2 bytes
In a zip file, if the GENERAL PURPOSE bit flag is set
(bit 0 of the 2 byte field) it means the file is encrypted.
The PKZIP encryption scheme was designed by Roger
Schalfly, who is evidently the son of the famous
(1980s anti-women's rights) republican spin mastah
Phyllis Schlafly. But anyway.
Each encrypted file has an extra 12 bytes stored at
the start of the data area defining the encryption
header for that file. The encryption header is originally
set to random values, and then itself encrypted, using
three, 32-bit keys. The key values are initialized using
the supplied encryption password. After each byte
is encrypted, the keys are then updated using
pseudo-random number generation techniques in
combination with the same CRC-32 algorithm
used in PKZIP and described elsewhere in this document.
The following is the basic steps required to decrypt a file:
1) Initialize the three 32-bit keys with the password.
2) Read and decrypt the 12-byte encryption header, further
initializing the encryption keys.
3) Read and decrypt the compressed data stream using the
encryption keys.
For step one, you jack up your karma whorin' by pasting
the following key sets:
Key(0) > 24)
end update_keys
In step two, often associated with total karma whorin',
one also (*cough* karma whore) loops through the
buffer with:
loop for i > 8
end decrypt_byte
After the header is decrypted, the last 1 or 2 bytes in
Buffer should be the high-order word/byte of the CRC for
the file being decrypted, stored in Intel low-byte/
high-byte order. Versions of PKZIP prior to 2.0 used a
2 byte CRC check; a 1 byte CRC check is used on
versions after 2.0. This can be used to test if the
password supplied is correct or not.
In step 3, we continue to blatantly violate copyright laws
while whorin' karam with:
loop until done
read a character into C
Temp - C ^ decrypt_byte()
update_keys(temp)
output Temp
end loop
So that's about it.
Re:Some notes about the pkzip encryption. (Score:3)
Might be useful to note that you just described the OLD encryption method used back in PKZIP 2.04g. The method that's already fully described in the publically available PKZIP Application Note [pkware.com].
The encryption used now is quite a bit different, supporting RC2/RC4-64/128, 3DES-112/168, and AES-128/192/256. Oh, and there's also the business about using a passphrase and/or a list of recipients (dig certs) to encrypt the files. THAT is the strong encryption they're talking about.
Re:Some notes about the pkzip encryption. (Score:2)
They are using the zip format (which is in the public domain per the origional author), and AES (which is in the public domain thanks to the fed governments mandate that the winner be made such) and combining them, and suddenly this is patent worthy..... I just LOVE the USPTO, NOT.
Re:Some notes about the pkzip encryption. (Score:2)
"you jack up your karma whorin"
"total karma whorin'"
"(*cough* karma whore)"
"we continue to blatantly violate copyright laws while whorin' karam"
Informative, indeed.. Only information there was possibly the zip header structure, and even that is probably suspect...
i thought good cyphertext can't be compressed (Score:3, Interesting)
Re:i thought good cyphertext can't be compressed (Score:2, Funny)
Expert or not, you should know what's coming out of your ass at all times.
Re:i thought good cyphertext can't be compressed (Score:3, Informative)
If they get a patent... (Score:5, Insightful)
Its insane that you can patent "Doing something someone already did, but doing it to THIS instead of THAT." I can, perhaps, buy an argument that encryption (like the first time anyone did it) was patentable. Maybe even that different algorithms for encryption could be patentable.
But once encryption is there, applying encryption to ANYTHING should not be patentable. A zip file is just data. Encrypting it (or encrypting the contents) is not a novel concept.
So while I would love to see the PTO demonstrate some miniscule amount of clue and reject the patent, I will be very surprised if they actually do.
Re:If they get a patent... (Score:2)
Its insane that you can patent "Doing something someone already did, but doing it to THIS instead of THAT."
OK then it's insane that you can patent...
...using a cable to control a control a fixed-wing aircraft.
...using a weight to prevent a boiler explosion.
...using a centrifugal device to regulate a steam engine.
In fact, aren't most patents just a case of using X on Y, where the combination of X and Y were never thought of before?
That's the key though--never thought of before. Also, it has t
Understanding prior art... (Score:2)
Understand unique doesn't have to mean "no one else did it." All it has to mean is "THIS is how WE did it and you can't do it OUR way without paying us." This is how MPEGLA can make people pay for using MPEG - even 'tho there's a thousand similar ways to do it, most of them don't interoperate without making use of that IP.
If your goal is to protect an invention, patents can do it. But they
What's worth a patent? (Score:5, Insightful)
But is it worth a PATENT to now associate the "security" features of ZIP
with "strong cryptography algorithms"?
That's like Microsoft filing a patent for a "not crashing OS", as reaction
to market research reports that show how people are not happy anymore with
traditional (crashing) MS products.
WinZip Publishes AES Encryption Standard (Score:5, Insightful)
Funny, it sounds like either they already reverse engineered the pkware zip encryption, or established their own encryption.
I wonder how many times users will complain to company xyz (that is using pkware encryption for their products) about their files not working in winzip, before company xyz will drop their pkware proprietary encryption in favor of winzip's published (and functional) encryption.
The whole method? (Score:3, Funny)
Who would patent just half the method?
I sure hope he didn't mean they're trying to patent the entire concept of encrypting zip files regardless of the algorithm or method. Because I've been encrypting zip files (among many other types) for a decade.
help, I don't understand (Score:5, Interesting)
2.In May of this year, WinZip developed its own method of strong encryption, which incompatible with the PKWare product.
3.Crawford believes that WinZip will be a potential licensee. "The basic approach of combining encryption of.zip is covered by the patent, so what WinZip has done, I believe, would be covered by the patent."
If 3 is true, 2 is clearly prior art. So why patent?
There is something rotten in IP kingdom.
Two years (Score:2)
Re:help, I don't understand (Score:2)
If I were the author of WinZip, I'd tell them to go fsck themselves, remain incompatible with them, and watch while the "original" PKware is marginalized. Hardly anyone uses it, anyway.
True story. (Score:2)
The ones you can crack in 4 hours at most.
Why? "everyone has zip" and "it's good enough" (Yes, indeed! Evil hacker people who intercept your e-mail on the internet through a myriad of complicated hacks and deceptions will never think to download a
Nevermind that everyone has Outlook [other S/MIME mailreaders available], and that for all it failings, it does a pretty good job of strong S/MIME encryption using X.509 c
BS (Score:2)
BULLSHIT. PkWare gets this patent, and not two seconds will elapse before Aladdin Systems licenses it for use in their StuffIt program. That's because they will need to support the format in order to be relevant.
As for free software, you'll simply download a patch that says, "For educational purposes only, do not use without a license from PkWare." And guess what people will do.
On the other
PKZIP is irrelevant now, anyway. (Score:2)
This attempt to "embrace and extend" what was previously an open format is pretty sad. I'm sure Phil Katz is spinning in his grave, since he created PKware to market his alternative to System Enhancement Associates' .ARC format. The .ARC extension had been in use since just about the dawn of time, but SEA sued Phil Katz for using it. Thus, .ZIP was born. Now it looks like the
Re:PKZIP is irrelevant now, anyway. (Score:2, Informative)
Threat to encrypted gzip? (Score:5, Informative)
How?
Zip and gzip use the same 'deflate' compression alogrithm. In fact, zlib [gzip.org] was based on the Info-Zip [info-zip.org] code, a free software/open source alternative to pkzip, and the GZip homepage [gzip.org] specifically credits Info-Zip as where "all this started", and mentions that the decompression code was based on the code of the major author of Info-Zip. And WinZip's
So, gzip, zlib, Info-Zip, and WinZip all share common code from common authors implementing the same algorithm. As a result, it would take a very narrowly-tailored patent to allow gzip-and-encryption without allowing Winzip's zip-and-encryption.
I've already got (Score:2, Funny)
somestuff.zip.pgp
whoah! what a concept!
If they're smart, it won't break .zip's usefulness (Score:4, Insightful)
That way, you could always still send either an unencrypted or an encrypted zip - you pay for the ability to encrypt them, fine, but you can unencrypt them easily enough no matter where you are or whose winzip you're using.
It's kinda like Acrobat - anyone can read their files, nobody can create them without buying the utility (blah blah freeware acrobat writers, I know...)
Software patents hurt everyone (Score:3, Insightful)
dupe? (Score:2)
http://slashdot.org/articles/03/06/10/1542216.sht
Re:does this bother you? (Score:3, Funny)
OS operating system common formats (Score:3, Informative)
In both cases, the files are essentially concatinated into a single file by the tape archiver (tar) and then that file is compressed using either the gzip or bzip2 utility. While bzip2 is capable of much better ratios, it takes a lot more processing power, and is not nearly as ubiquitous as gzip is.
In some older UNIXes and most Linux distros, there is still the zip utility that makes files with the extension .tar.Z . This i
Re:OS operating system common formats (Score:3, Informative)
Re:score -1 obvious (Score:2)
Re:Not free (technically) but (Score:2)
gzip can only compress a single file, while zip can compress an entire hierarchial tree. This is why if you want to compress more than one file with gzip, you have to tar it first (.tar.gz aka
One disadvantage of this that I've heard is, if the compressed file becomes corrupt, it's much easier to recover most of the contents with zip than tar/gzip;
Re:Not free (technically) but (Score:2)
tar -cvf -
There's no way of doing...
gzip * -c | tar -cvf out.gz.tar
That'd be fairly neat.
Re:Not free (technically) but (Score:2)
tar cvfz out.tar.gz
Much easier, if you're using gnutar, or whatever supports the -z option. The dash is now deprecated, for some odd reason.
Re:Not free (technically) but (Score:2)
bzippy goodness.
Re:Not free (technically) but (Score:2)
Re:Not free (technically) but (Score:2)
Re:Not free (technically) but (Score:2)
-j, --bzip2 filter archive through bzip2, use to decompress
Re:Not free (technically) but (Score:2)
Resulting in a million little
Re:Looks like PKWare could screw up bad. (Score:2)
Re:BEST ZIP PROGRAM FOR WINDOWS (Score:2)
Re:BEST ZIP PROGRAM FOR WINDOWS (Score:2)
Re:"Now that's getting broke" (Score:2)
Just so you don't think he erred in his correction, Opera (as a joke and to prove a point) released a few months ago a version of their web browser that converted MSN pages to Swedish Chef language (as in "bork bork bork!").
And that was what he was referencing.
--
-JC
http://www.jc-news.com/coding/SFi/
Re:The good old days . . . (Score:2)
And yes, it ran on DOS (PC-DOS, or MS-DOS)
Re:PKware? HA! (Score:2)
(I like old stuff, what can I say? BTW anyone know where I can get 16 hardsector 5 3/4" Double sided quad density floppies? Or a copy of MP/M?)