One of our network people is telling me that PKZIP has an encryption routine in it. He claims that zipping the file and using a password on it also encrypts it. When questioned about the key and how/what encryption it is, he could not answer for certain. Is this the case? My recollection of PKZIP is that it is a data compression tool and putting a password on it does NOT encrypt the data.
PKZIP does have an encryption feature, based on a proprietary algorithm, but they don't seem to talk about it much and readily admit that it's vulnerable to brute-force attack.
Security is based on a password of up to 255 characters which is used to encrypt the zipped files. But there are numerous tools available to crack the passwords, and few users seem to have any real faith in PKZIP security.
The company is believed to be working on a stronger version of the algorithm, but no word yet on details or a release date.
The product also has a digital signature feature for authentication.
For more information on this topic, visit these other resources on SearchSecurity.com:
Featured Topic: The encryption debate
Scheier's Security Product Roundup: PKI complexities, cost hold promising technology back
Strom's Security Tool Shed: File encryption made easy