![]() *Originally posted by:* I agree with your observations, but it is the ZIP standard itself that defines password protection to be at file level, not at archive level. In this way the user need to enter the password to do anything on the archive (list, test, extract.), and adding files in the archive while browsing it in PeaZip will every time result by default in applying the initally provided password to all added files. To handle password protected archives as you intend to, it is instead recommendable to use 7Z archives with "encrypt filenames" option (you can set it in password dialog). It would not be recommendable to alter this behavior as it may result in creating out of standard archives that some or most of other zip-supporting utility cannot read, which is not desiderable. The standard allows to add in the same archive files with different passwords, or no passwords at all (so it is up to the user to decide if to apply a password), and does not define a standard way to really encrypt filenames (so you can list a ZIP encrypted archive without providing a password first). Originally posted by: I agree with your observations, but it is the ZIP standard itself that defines password protection to be at file level, not at archive level. ![]() Please update the app to have default archive-level passwords, aside from this it is a great application - Thanks! The option to Encrypt the filenames within the archive file isn't supported by some major formats like ZIP so that isn't a suitable reason to overlook these issues. The app could prompt for passwords during extraction rather than erroring out and creating zero-byte files. File-level passwords within the archive should be considered an advanced option that could still be supported by the app through an advanced options tab/feature, but should not be the default behavior of a zip program.Įven if individual-file level password is desired/intended by the app developers (then please add archive-level passwords as an 'advanced' option!), there are still some holes to plug like not extracting zero-byte filenames that reveal naming conventions and insights into the archive contents or opening the archive in the PeaZip browser, displaying the filenames. The app would be more usable for more people and therefore adopted/used long-term by more users if the default support was archive-level passwords. I believe the vast majority of users would expect the password behavior to be at the archive-file level and not individual-file level within the archive. For example, files with different passwords can be in one archive, when you extract that archive through a method that prompts for a password, PeaZip unzips the files with the password supplied but the other files with different password are unzipped as zero-byte files because the password doesn't match - if you prompt for the first password, why not prompt for subsequent passwords? Archive-level passwords clean up these loose strings in the app logic. There are other less-critical glitches in the GUI due to the individual-file-level password approach that would be cleaned up with the archive-level password approach. * a protected archive shouldn't be modified without supplying the passwordģ. New files added are added without password. Add some files to an existing password protected file, allows addition of files without prompting for password. Filenames still provide insight into contents/purpose of a 'protected' archive file and may help provide enough insights that could be used to crack the archive password.Ģ. *** Allowing a user without passwords to see filenames is still a security breach, even though they can't open zero-byte files. If set directory location and click OK, does not prompt for password and will place zero-byte files in directory and then produce error report that decryption failed. Now try same zip file and use context menu "Extract." - opens interface without prompting for password - should prompt for password.ī. It prompts for archive password and extracts files as expected.Ī. Now unzip the file with Extract Here (in new Folder) and similar context menus. Create a zip file with some files and specify a password My issue is that the password protection is not implemented at the archive-level, but is implemented at the individual-file-level within the archive-file.ġ. ![]() Originally created by: I'm using PeaZip 3.6 on Windows 7 32-bit
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |