Compression - whats better than winrar?(not much it seems)

Author

whats better than winrar?(not much it seems)

Developwebsites

2004-11-14, 8:55 pm

Now that Winzip 9.0 uses 128- and 256-bit AES encryption, I see no reason to
use any crypto
software such as PGP, Kremlin, Puffer. Winzip's old algo was weak, and could
be broken
by several apps provided on the net.
How does the present algo used by Winzip compare though?
However, Winrar 3.11 claims: "RAR archives are encrypted by the much stronger
AES-128 standard." [same as in Winzip 9.0]
It does make smaller files than winzip, and does not reveal files until
password is entered unline Winzip.
Is there anything better than Winrar's compression that has password
protection, creates self-extract exe?

2004-11-14, 8:55 pm

On 14 Nov 2004 21:20:43 GMT, developwebsites@aol.comBATSPAM (Developwebsites) wrote:

}Now that Winzip 9.0 uses 128- and 256-bit AES encryption, I see no reason to
}use any crypto
}software such as PGP, Kremlin, Puffer. Winzip's old algo was weak, and could
}be broken
}by several apps provided on the net.
}How does the present algo used by Winzip compare though?
}However, Winrar 3.11 claims: "RAR archives are encrypted by the much stronger
}AES-128 standard." [same as in Winzip 9.0]
}It does make smaller files than winzip, and does not reveal files until
}password is entered unline Winzip.
}Is there anything better than Winrar's compression that has password
}protection, creates self-extract exe?

Winace.com

it utilizes a 160bit Blowfish encryption, which is almost as powerful as 168bit Tripel-DES
encryption, which, as far as we know, has not been hacked yet.

this is taken off their "FAQ"

It's good idea to a have WinRAR & WinACE together on your sys.

CAB is oldy but still compresses just as better as the best of them today but it is slower
and you'll have to find an app that can utilize encryption with it. It's out there just
use google and make sure it uses encryption / CAB because some apps do not. Like I have
Powerarchiver and it has the password greyed out when I want to use it on a CAB formation

Malcolm Taylor

2004-11-15, 3:55 am

Hi,

Checkout WinRK. It provides some of the best compression ratios
available, SFX archives, and a choice of encryption algorithms.

See http://www.msoftware.co.nz.

Malcolm

Developwebsites wrote:
> Now that Winzip 9.0 uses 128- and 256-bit AES encryption, I see no reason to
> use any crypto
> software such as PGP, Kremlin, Puffer. Winzip's old algo was weak, and could
> be broken
> by several apps provided on the net.
> How does the present algo used by Winzip compare though?
> However, Winrar 3.11 claims: "RAR archives are encrypted by the much stronger
> AES-128 standard." [same as in Winzip 9.0]
> It does make smaller files than winzip, and does not reveal files until
> password is entered unline Winzip.
> Is there anything better than Winrar's compression that has password
> protection, creates self-extract exe?
>

2004-11-15, 3:55 am

On Mon, 15 Nov 2004 15:19:30 +1300, Malcolm Taylor <me@me.com> wrote:

~~Hi,
~~
~~Checkout WinRK. It provides some of the best compression ratios
~~available, SFX archives, and a choice of encryption algorithms.

JC, It would be nice to dl the thing instead of having to provide my whole life story in
to start a download. I'll pass, thank U.

~~
~~See http://www.msoftware.co.nz.
~~
~~Malcolm
~~
~~
~~Developwebsites wrote:
~~> Now that Winzip 9.0 uses 128- and 256-bit AES encryption, I see no reason to
~~> use any crypto
~~> software such as PGP, Kremlin, Puffer. Winzip's old algo was weak, and could
~~> be broken
~~> by several apps provided on the net.
~~> How does the present algo used by Winzip compare though?
~~> However, Winrar 3.11 claims: "RAR archives are encrypted by the much stronger
~~> AES-128 standard." [same as in Winzip 9.0]
~~> It does make smaller files than winzip, and does not reveal files until
~~> password is entered unline Winzip.
~~> Is there anything better than Winrar's compression that has password
~~> protection, creates self-extract exe?
~~>

Michael Brindley

2004-11-15, 8:55 am

In my view, if you are really looking for very good cryptography with good
compression options, then PKZip (SecureZip) is a better option than WinZip
9.0. Just because WinZip uses AES, it doesn't mean that everything is hunky
dory. Merely using a certain crypto algorithm doesn't guarantee tight
security at all. What is important is how the crypto algorithm is applied.
PKZip worked closely with security professionals on their encryption (RSA
security) whereas WinZip created more of a homegrown solution. The result is
that the latest Win/Zip, even with AES encryption, has been exposed as
cryptographically weak (see
http://www-cse.ucsd.edu/users/tkohno/papers/WinZip/).

In addition, PKZIP can encrypt the central directory, thereby hiding the
contents of the Zip file which makes it even more secure (local dir entries
are set to 0 in this case).

Also don't forget that SecureZip is the only zipper that uses digital
certificates (as far as I am aware) which provides a greater level of
security than password-based encryption.

PKZip has more compression methods, which can compete with the compression
ratios of WinRar, ie by using bzip2. WinRar like to compare their best
compression method with PKZip's worst (deflate), which is intellectually
dishonest in my view.

The big problem with the non-Zip formats is that they are not ubiquitous
like the zip format, which means that the receiver has to have the same
program to read your archives which is unlikely in many cases. The
alternative of providing SFX files is not practical in many cases as
corporate firewalls often prevent these files from passing through.

Of course,if you only need to create zip files for yourself, then most of
the above won't apply.

regards
Mike

"Developwebsites" <developwebsites@aol.comBATSPAM> wrote in message
news:20041114162043.09736.00000243@mb-m20.aol.com...
> Now that Winzip 9.0 uses 128- and 256-bit AES encryption, I see no reason
to
> use any crypto
> software such as PGP, Kremlin, Puffer. Winzip's old algo was weak, and
could
> be broken
> by several apps provided on the net.
> How does the present algo used by Winzip compare though?
> However, Winrar 3.11 claims: "RAR archives are encrypted by the much
stronger
> AES-128 standard." [same as in Winzip 9.0]
> It does make smaller files than winzip, and does not reveal files until
> password is entered unline Winzip.
> Is there anything better than Winrar's compression that has password
> protection, creates self-extract exe?
>

Jim Leonard

2004-11-15, 3:55 pm

"Michael Brindley" <mbrindley@wol.co.za> wrote in message news:<cna1hg$53$1@ctb-nnrp2.saix.net>...
> The big problem with the non-Zip formats is that they are not ubiquitous
> like the zip format, which means that the receiver has to have the same
> program to read your archives which is unlikely in many cases.

Whoa, please slow down your spin cycle. The only ubiquitous zip
format is the older, deflate-based, non-AES, non-RSA-consulted format
circa 1990. If you give me one of your newer-format .zip files, I
guarantee I'll need to download a new program to read your archive
even though I already have several programs that read .zip.

Besides, the point is moot in the context of the OP: He wants to make
a self-extracting archive, so the universal compatibility option is
irrelevant as 1. he's extracting only, and 2. the archiver will be
tacked onto the archive.

Mike B

2004-11-15, 8:55 pm

> Besides, the point is moot in the context of the OP: He wants to make
> a self-extracting archive, so the universal compatibility option is
> irrelevant as 1. he's extracting only, and 2. the archiver will be
> tacked onto the archive.

Perhaps we understand the original question differently.

The first part reads:

>Now that Winzip 9.0 uses 128- and 256-bit AES encryption, I see no reason to
>use any crypto software such as PGP, Kremlin, Puffer. Winzip's old algo was weak, and >could be broken by several apps provided on the net.

As I understand it, the poster has been concerned about the vulnerability of traditionally encrypted zip files and has either used additional encryption software or used WinRar which has so-called strong encryption. WinRar have never made their specification public, so it is not known how strong their encryption techniques actually are. If the poster believes that WinZip 9.0 produces strongly encrypted SFX files, then he is mistaken as this version of WinZip is still only able to produce SFX's that are encrypted with the traditional encryption algorithm and not the newer AES methods. Therefore the point is not moot, as you put it.

>The only ubiquitous zip format is the older, deflate-based, non-AES, non-RSA-consulted >format circa 1990. If you give me one of your newer-format .zip files, I guarantee I'll need to >download a new program to read your archive even though I already have several programs >that read .zip.

Yes, this is probably the case at the moment, but this is set to change as both WinZip and PKZIP have been offering strong encryption for some time now. And considering that these two probably account for the majority of Zip users, and they now both support each other's AES extraction methods, this should encourage much greater use of strongly encrypted archives. Also, PKZIP offers a free zip reader that handles all encryption methods offered by both WinZip and PKZip including digital certificates.

> Whoa, please slow down your spin cycle.
Spin cycle? You must be American mate!

regards
Mike

Jim Leonard

2004-11-16, 3:55 pm

"Mike B" <mbrindley@wol.co.za> wrote in message news:<cnb543$nu9$1@ctb-nnrp2.saix.net>...
> Perhaps we understand the original question differently.
>
> The first part reads:

Yes, but the second part mentions self-extracting.

> Spin cycle? You must be American mate!

Is it that obvious? :-)

Me personally, I would use an open, universal format coupled with
universal, open tools. For best results, I would use either plain
..zip or .tar.gz coupled with PGP. Just my $0.02.

Sponsored Links