How safe is the encrypted zip exported by the Android app?

What’s the encryption method used for the password-protected zip file exported by the app?

I’ve read that the older methods are pretty weak (links below), but they’re often the only encryption method available. This is considering the user has chosen a strong password.

The 7-zip format seems to have better encryption.

• Info-ZIP Frequently Asked Questions

• https://www.reddit.com/r/software/comments/pnvwmv/are_passwordprotected_zip_files_secure/

• https://security.stackexchange.com/questions/186128/what-encryption-method-is-used-by-the-zip-program-in-macos

• https://security.stackexchange.com/questions/210069/encryption-using-7z-or-zip-file

Just found the answer: AES 256-bit

It seems to be using a library named zip4j, and this is where Syncthing-Fork chooses AES instead of the legacy “zip standard” method.

Have you ever tried to encrypt/open a password protected zip file with any password software?

Good luck.

I tried once to open a 6 letter 2 numerical password protected zip file.

After running 24/7 for almost a week a gave up.

I’m using the same in Syncthing Tray on Android by the way (as “my” code is “inspired” by what Syncthing-Fork is doing).

I would assume it is secure (as AES 256-bit generally is) but I haven’t reviewed how zip4j is implementing the AES 256-bit encryption under the hood.

I was able to open these archives just fine with Ark.

Note that the number of characters should not have an impact on decryption speed. Your archiving software probably got stuck due to a bug in its implementation.

I think @SyncUser56 was talking about breaking a password-encrypted zip with hacking tools.

The weaker ZipCrypto algorithm is vulnerable to a plain-text attack. You can find instructions for reproducing it online.

I presume @SyncUser56 was simply attempting to brute-force it, which is why it failed.

Ah, that makes much more sense