We help IT Professionals succeed at work.

7zip password

Andy
Andy used Ask the Experts™
on
Hello,

how secure is 7zip password protection?

Thank you
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
nociSoftware Engineer
Distinguished Expert 2018

Commented:
Apparently for some versions not very impressive: https://www.quora.com/How-do-I-crack-a-7z-file-password
There are lot of "instant" recoover your passwords tools floating around. (for zip, rar, 7z etc.)

If you need serious encryption for any file user aespipe ( http://loop-aes.sourceforge.net )
David FavorFractional CTO
Distinguished Expert 2018

Commented:
The question is better considered as how secure you require your password to be.

For best security, you'll run zip or zstd or any other compressor, then encrypt your file with a tool like noci mentions or use openssl.

Using openssl (gold standard) provides pretty much uncrackable encryption.

If you must have 100% uncrackable encryption, then you'll use openssl to encrypt your files, then periodically rotate your passwords... meaning you decrypt + re-encrypt your file with a new password.

Normally password rotation is overkill.

To use openssl, you'll do something like this...

# encrypt
openssl $algo -in $file -out $file.encrypted

# decrypt
openssl $algo -d -in $file.encrypted -out $file

Open in new window


Where the $algo you select sets your encryption level.

If you have many large files, setting a harsh/high encryption level can produce a very long processing time.

This means you'll chose your $algo based on number of files, size of files, required encryption strength.

If you require automating this for many files, https://linuxconfig.org/using-openssl-to-encrypt-messages-and-files-on-linux provides good examples of how to pass very long passwords to openssl.

Big Note: Whether you input a password by hand or pass to openssl using STDIN, real security of your process relates to how you store your passwords.
Commented:
Just use the newest version and the default settings are pretty safe already (just use a long random password to prevent fast brute force attacks).
The scary "instant" password recovery, must've worked on some version in the far past. They definitely do not work if you keep your 7zip up to date.
Top Expert 2016
Commented:
7Zip  currently uses AES 256-bit encryption, the strongest version of AES. so depending upon the password length will determine how secure it is.  This password length applies to all encryption methods.
Dr. KlahnPrincipal Software Engineer

Commented:
As mentioned above, the best password encryption scheme is no better than the password used.  I looked at "instant crack" software last year and it's "instant" only if the password is contained in the cracking dictionary.  If the password is not in the dictionary then the programs fall back to brute-force and that takes a good long time.

If you're worried about this then encrypt twice, once in the compressor and once using a good commercial encryptor program, using long passwords that are randomly generated.

Author

Commented:
7Zip  currently uses AES 256-bit encryption, the strongest version of AES. so depending upon the password length will determine how secure it is.  This password length applies to all encryption methods.

It seems secure

1.png
nociSoftware Engineer
Distinguished Expert 2018

Commented:
andy's tables are the worst case guess timings possible. If the first attempt succeeds then it is less then 1 s.
Assume you need any of the 256 byte values to reach that times. not just characters & digits and a few from +-&*^%$...
7z is quite decent

Zip is easily crackable

Rar has used different algorithms. It used to be quite safe but i am unsure nowadays

An alternative that has not be mentionned is pgp. Which i belive tobe quite safe.

but obviously, when it comes to symmetric encryption, whatever algo used is only as safe as the password itself : if your password is sunshine, even military grade encryption will be brute forced in an instant.

Real military grade safety is usually achievable by transferring parts of the encrypted file over different vectors.

it is virtually impossible to decrypt or brute force a decent algorythm if you only have access to even of odd bits
i forgot to mention that 10 passwords per second as mentioned above is a joke. my laptop probably can do 10 thousand per second without any specific optimisation. not speaking of tweaked arm chips, GPUs, a regular supercomputer, a botnet... brute forcing IS an actual issue nowadays. prefer passphrases over passwords with whatever useless complexity level.