User profile for user: dbates1
dbates1 Author
User level: Level 1
0 points

how safe is the zip command in OS X?

I want to send an encrypted .zip file to someoe using Windows, and I've discovered the terminal command for zipping and encrypting files. This should work well for cross-platform use.


What I can't find is the algorithm used for the zip command. Is it a strong, modern algorithm like AES? Is is really safe to use, provided that I provide a long and decent password?


Or is is an older algorithm that's weak, and can be cracked regardless of the strength of my password?


Anyone have any ideas?

Posted on Jul 22, 2012 11:47 AM

Reply
7 replies
User profile for user: dbates1
dbates1 Author
User level: Level 1
0 points

Jul 22, 2012 12:34 PM in response to g_wolfman

thanks g_wolfman; that's what I thought.


The problem is getting the casual Windows user to install PGP so that they can decrypt your file.


Won't happen.


At least zip is built into to almost every Windows user's machine.


It's the classic conflict between security and convenience. Microsoft and Apple aren't helping us much. This ought to be much easier, and much more cross platform.


Thanks for your help.

Reply
User profile for user: g_wolfman
g_wolfman
User level: Level 4
3,502 points

Jul 23, 2012 7:38 AM in response to dbates1

Well, I guess all I can suggest is that it's not necessarily a hypothetical "casual Windows user" who needs to install encryption, just the one user you need to correspond with...so the question is, do they care enough about the security of this file to enabe e-mail encryption (whether using PGP or S/MIME) or are they willing to forgoe the security for convenience?


If they have some kind of commercial interest in the contents, then one would hope they care enough...


As for Aple and Microsoft helping things, I'm not sure what they could do...PGP and S/MIME are both totally cross-platform and vendor neutral. The hard part is "easier", and good security is very hard to make easy to use when you have to include both identity verification and non-repudiation, as well as the classic confidentaility-integrity-availability triad.

Reply
User profile for user: thomas_r.
thomas_r.
User level: Level 7
32,041 points

Jul 23, 2012 7:52 AM in response to g_wolfman

do they care enough about the security of this file to enabe e-mail encryption (whether using PGP or S/MIME) or are they willing to forgoe the security for convenience?


I would also point out that, if the recipient is willing to forgo security for convenience, they're not someone you should be trusting confidential data to. If it's your data, don't give it to someone who is going to be less careful with it than you are comfortable with. After all, you wouldn't give your life savings to a bank that stuffs it into a cardboard box and stacks it in a corner of the lobby, right? 🙂

Reply
User profile for user: dbates1
dbates1 Author
User level: Level 1
0 points

Jul 23, 2012 9:32 AM in response to g_wolfman

hi g_wolfman


thanks for the reply. As far a Microsoft and Apple helping things, I have a suggestion. They both have to take the lead in supporting easy encryption built standard into the operating system.


Apple has a good system by using the encrypred disk image, but it's not supported in Windows. Earier versions of the zip command in the Mac OS gave an error when double-clicking a zip file, and had to be decrypted with the command line.


Truecrypt and PGP are both cross-platform, but someone has to go out and get them and install them. Many people working in an office environment simply aren't going to do that. And, as for S/MIME, it's very difficult to try to explain to someone about using digital certificates.


I deal with casual computer users all of the time, both Windows and Mac, and I already have to be a pain in the *** as it is. My accountant sends me my tax return unencrypted in email. Loan brokers want all sorts of confidential data and faxing seems to be the only way to have a modicum of security. I wish I didn't have to give confidential information to people who aren't versed in computer security, but I simply do.


I'm just saying that if there were a standard with good quality encryption that was easy to use, and installed as *standard* on both Windows and Mac, so that I wouldn't have to talk someone into installing a third party solution. A package, like a zip file but with a more modern algorithm, that could be double clicked on either operating system and a password entered that I sent through text message, would go a long way for me.


That's where Apple and Microsoft could help.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

how safe is the zip command in OS X?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up