Edit - Information Security Stack Exchange

1. Home
2. Questions
3. Unanswered
4. AI Assist
5. Tags
7. Chat
8. Users
10. Companies
Stack Internal

Stack Overflow for Teams is now called Stack Internal. Bring the best of human thought and AI automation together at your work.
Try for free Learn more
Stack Internal
Bring the best of human thought and AI automation together at your work. Learn more

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

Required fields*

Are password-protected ZIP files secure?

Following my answer. If I can list contents of a password-protected ZIP file, check the file types of each stored file and even replace it with another one, without actually knowing the password, then should ZIP files be still treated as secure?

This is completely insecure in terms of social engineering / influence etc.

I can hijack (intercept) someone else's file (password-protected ZIP file) and I can replace one of the files it contains, with my one (fake, virus) without knowing the password. Replaced file will remain unencrypted, not password-protected inside the ZIP, but other files won't be modified.

If a victim unpacks a password-protected archive, extracting program will ask for the password only once, not every time per each file. So end user will not see the difference -- whether the program does not ask for a password, because it already knows it (original file) or because the file being extracted doesn't need a password (file modified by me). This way, I can inject something really bad into a password-protected ZIP file, without knowing its password and count on the receiver assuming the file is unmodified.

Am I missing something or is this really wrong? What can we say about the security terms of a solution, if password is not required to introduce any modification in a password-protected file?

Answer*

To answer this, there needs to be a better definition of "secure" and/or "safe".  It's always got to be defined in light of the purpose of the protection and the risk to the system.  There's no one size fits all here, what's "safe enough" for one system, may be abysmally weak on another.  And what's "safe enough" on another may be cost prohibitive or down right impractical in a different case.

So, taking the typical concerns one by one:

 - **Confidentiality** - marginal at best.  Confidentiality is usually rated in terms of how long it will take to gain access to the protected material.  I may be able to *change* the zip file, but as a hacker it'll take me some amount of time either crack the password or brute force it.  Not a lot of time, passwords are one of the weaker protections, and given the way zip files are often shared, social engineering one's way to the password is usually not hard.  

 - **Integrity** - nope - as the asker points out - it's easy to change the package and make it look legitimate. 

 - **Availability** - generally not applicable to this sort of security control - this usually refers to the risk of making a service unavailable - the data storing/packaging usually doesn't affect availability one way or the other.

 - **Non repudiation** - nope, no protection - anyone can modify the package, so anyone contributing to it has probable deniability.

The trick is - how much better do you want to get?  Encrypted email is an option - as a better protection.  Although it poses it's own connectivity concerns.  And there's many better ways to encrypt data - but the better options also involve key distribution challenges that can add time and cost concerns.  

As a quick way to package and share some data that you don't want to make completely public - it's better than nothing, and it's sometimes the only common denominator you can work out.  For anything high-risk, I'd find a better option.

Edit Summary*

Cancel

1

What is weak about a strong password (such as 14 random characters) combined with a strong encryption method (such as AES-256)?

marcovtwout
– marcovtwout

2015-06-15 15:03:43 +00:00
Commented Jun 15, 2015 at 15:03
I'm not clear what perspective your question is coming from? This person is specifically asking about the method of password protection as it relates to zip files and the problems were outlined pretty well in the question - in this instance, no matter how big or random your password, the zip file password lock doesn't lock much of anything. In general passwords are pretty weak - they are readily shared, and require that both sides know them (they are a shared secret) - so there's always the risk that someone else knows the password. So non-repudiation is a no-go with any password.

bethlakshmi
– bethlakshmi

2015-06-15 21:07:33 +00:00
Commented Jun 15, 2015 at 21:07
4

I am talking purely about Confidentiality, and not about Integrity or any of the other values you correctly pointed out in the light of this question. You note "passwords are one of the weaker protections", and I simply want to point out that this statement is very relative. It all depends on the strength of the password and the encryption method, but also the way this shared secret is shared.

marcovtwout
– marcovtwout

2015-06-16 08:16:30 +00:00
Commented Jun 16, 2015 at 8:16
3

@bethlakshmi "probable deniability" -- did you mean plausible deniability?

ScottJ
– ScottJ

2016-10-05 19:51:45 +00:00
Commented Oct 5, 2016 at 19:51
2

FYI for those not familiar with the confidentiality/integrity/availability/non-repudiation terms wikipedia has a laymans description here: en.wikipedia.org/wiki/Information_security#Confidentiality (personally i found the bullets in this answer to sound like a foreign language)

Trevor Boyd Smith
– Trevor Boyd Smith

2019-09-17 15:20:37 +00:00
Commented Sep 17, 2019 at 15:20

| Show 1 more comment

Correct minor typos or mistakes
Clarify meaning without changing it
Add related resources or links
Always respect the author’s intent
Don’t use edits to reply to the author

create code fences with backticks ` or tildes ~
```
like so
```
add language identifier to highlight code
```python
def function(foo):
print(foo)
```
put returns between paragraphs
for linebreak add 2 spaces at end
_italic_ or **bold**
quote by placing > at start of line
to make links (use https whenever possible)

<https://example.com>

[example](https://example.com)

<a href="/api/flow.js?q=https%3A%2F%2Fexample.com">example</a>

formatting help »
answering help »