Password-protecting an archive sounds simple: set a password, files are encrypted. But the implementation details determine whether your files are genuinely protected or just obscured behind a lock that any motivated attacker can pick in minutes.
The biggest trap is ZIP's default encryption. When you right-click a folder in Windows and create a password-protected ZIP, it uses ZipCrypto — an algorithm designed in 1989 that's been publicly broken since the mid-1990s. Most people don't know they're using a broken cipher because it still "feels" secure: the password prompt appears, files extract correctly with the right password. But the security is theatrical.
This guide covers what actually works, what doesn't, and the metadata leakage problems that survive even strong encryption.
ZIP ZipCrypto: Broken Since the 1990s
ZipCrypto (Traditional PKZIP Encryption) was the only encryption available in the original ZIP specification. It uses a three-key stream cipher initialized from the password. The algorithm was designed when computing power was limited, and it shows.
Known-plaintext attack: Eli Biham and Paul Kocher published an attack in 1994 that recovers the encryption keys if the attacker knows any portion of the plaintext. Many archives contain predictable files — XML headers ("
Tools like bkcrack (open-source, 2020) implement this attack and can crack ZipCrypto-encrypted archives in seconds to minutes given known plaintext. No brute-force required — the attack exploits mathematical weaknesses in the cipher itself.
Who still uses ZipCrypto: Windows' built-in ZIP handler. When you right-click and create a password-protected ZIP in Windows Explorer, it uses ZipCrypto. Many users don't realize this because the password prompt creates an illusion of security. If you've been using Windows' built-in ZIP encryption for sensitive files, those files are not secure.
ZIP AES-256: Genuinely Secure
WinZip introduced AES-256 encryption for ZIP in 2003, adding it as an extension to the ZIP specification (AE-1 and AE-2 encryption methods). AES-256 is the same encryption standard used by governments, banks, and the military. With a strong password, it's uncrackable with current or foreseeable technology.
AES-256 ZIP encryption is supported by: 7-Zip, WinRAR, WinZip, Keka (macOS), Info-ZIP (with patches), and Windows 11 23H2+ (extraction only). Creating AES-256 encrypted ZIPs requires a third-party tool on most systems — Windows' built-in handler can't do it.
To create an AES-256 encrypted ZIP with 7-Zip:
# GUI: Right-click > 7-Zip > Add to archive > ZIP format > AES-256 encryption
# CLI:
7z a -tzip -mem=AES256 -p"YourStrongPassword" encrypted.zip files/Critical limitation: ZIP AES-256 encrypts file contents but not file names. Without the password, an attacker can still see every filename, file size, modification timestamp, and directory structure in the archive. Only the actual file data is encrypted.
7z Encryption: AES-256 with Filename Protection
7z uses AES-256 in CBC mode with a key derived from the password via iterated SHA-256 (default: 2^19 = 524,288 rounds). The iteration count makes brute-force attacks slower — each password guess requires 524,288 SHA-256 computations, which is ~1000x slower than testing a single hash.
The standout feature: 7z can encrypt filenames. With the "Encrypt file names" option enabled, the entire directory structure — names, sizes, timestamps, and metadata — is encrypted. Without the password, you can't even tell how many files are in the archive, let alone what they're named.
Why this matters: filenames often reveal as much as file contents. "2026_Q1_financials.xlsx", "merger_agreement_draft_v3.docx", "employee_termination_list.pdf" — these names are sensitive regardless of what's inside. ZIP AES-256 leaves these names visible to anyone who obtains the archive file.
# 7z with filename encryption
7z a -p"YourStrongPassword" -mhe=on encrypted.7z files/For maximum security, 7z with filename encryption is the best option among mainstream archive formats.
RAR Encryption: AES-256 (RAR5)
RAR5 (WinRAR 5.0+, 2013) uses AES-256 with a PBKDF2-SHA256 key derivation function. Like 7z, RAR supports optional filename encryption — enabling "Encrypt file names" in WinRAR's archive creation dialog hides the directory listing.
RAR4 used AES-128, which is still considered secure but weaker than AES-256 by a factor of 2^128 possible keys. If you're using RAR for encryption, ensure you're creating RAR5 archives, not RAR4.
RAR's encryption is implemented in proprietary code that can't be independently audited. While there are no known attacks against RAR5's encryption, the inability to verify the implementation is a concern for high-security applications. 7z's encryption implementation is open-source and has been reviewed by the security community.
Password Strength Matters More Than Algorithm
AES-256 with a weak password is weak. A 4-character password has roughly 2.5 million possibilities (using alphanumeric + common symbols). Even with 7z's iterated key derivation, a GPU-equipped attacker can test all 2.5 million in under a second.
Password strength guidelines for encrypted archives:
| Password Type | Example | Entropy | Crack Time (GPU) |
|---|---|---|---|
| 4 chars, lowercase | abcd | ~19 bits | Instant |
| 8 chars, mixed case + digits | Pa55w0rd | ~48 bits | Hours |
| 12 chars, mixed + symbols | Tr0ub4dour&3 | ~72 bits | Centuries |
| 4 random words (diceware) | correct horse battery staple | ~51 bits per word = ~77 bits | Centuries |
| 20 chars, random | kR9$mW2pL7@xQ5nH8vB4 | ~130 bits | Heat death of universe |
Minimum recommendation: 12+ characters with mixed case, digits, and symbols. Or 5+ random words (diceware method). The archive's encryption algorithm is only as strong as the password protecting it.
Avoid: dictionary words, names, dates, common substitutions (p@ssw0rd), and passwords reused from other services. Use a password manager to generate and store the archive password.
Metadata Leakage: What Encryption Doesn't Hide
Even with strong encryption, archive files leak information:
- ZIP without filename encryption (default): File names, sizes, modification timestamps, directory structure, CRC32 checksums of original files, compression method, and the number of files are all visible without the password.
- 7z/RAR without filename encryption: Similar to ZIP — directory listing is visible.
- 7z/RAR with filename encryption: Only the archive size and the fact that it's encrypted are visible. This is the best you can achieve with standard archive encryption.
- File size patterns: Even with filename encryption, the total archive size can hint at contents. A 4.7GB encrypted archive probably contains a movie or disk image.
- CRC32 checksums (ZIP): ZIP stores CRC32 checksums for each file, even when encrypted. If an attacker suspects a specific file is in the archive, they can compute its CRC32 and compare — confirming or denying its presence without knowing the password.
Encrypted Archives vs Full-Disk Encryption
Encrypted archives and full-disk encryption (BitLocker, FileVault, LUKS) serve different purposes:
| Feature | Encrypted Archive | Full-Disk Encryption |
|---|---|---|
| Protects files at rest | Yes (specific files) | Yes (everything) |
| Protects files in transit | Yes (archive can be sent) | No (disk isn't portable) |
| Decrypt individual files | Yes (password per archive) | N/A (whole disk unlocked at boot) |
| Metadata protection | Partial (filenames may leak) | Complete (entire disk encrypted) |
| Performance impact | None (only decrypts when extracting) | Minimal (hardware AES acceleration) |
| Protection against running system theft | Yes (archive stays encrypted) | No (disk is unlocked while running) |
Use encrypted archives for sending sensitive files (they're portable and self-contained). Use full-disk encryption for protecting everything on a device (laptop theft, decommissioning). They complement each other — put encrypted archives on an encrypted disk for defense in depth.
Forensic Considerations
If you're encrypting archives for genuine security (not just casual password protection), consider these forensic realities:
- The unencrypted originals may still exist. Encrypting files into an archive doesn't delete the originals. The original files may be recoverable from disk (deleted files persist until overwritten), from backup snapshots, from cloud sync services, or from OS thumbnail caches.
- Memory forensics: If the archive was opened on the same machine, the password and decrypted contents may persist in RAM, swap space, or hibernation files. Powering off the machine clears RAM, but swap and hibernation files on disk may retain data.
- Temp files: Some archive tools extract to a temporary directory before presenting files to the user. These temporary copies may not be securely deleted.
- File system metadata: Even if you encrypt the archive and securely delete the originals, the file system journal, directory entries, and file allocation tables may retain original filenames and sizes.
For high-security scenarios: use 7z with filename encryption, securely shred originals (shred -u on Linux), clear swap space, and consider operating from an encrypted RAM disk. For most people, a 7z archive with a strong password provides more than adequate security.
For secure archives: use 7z with AES-256 and filename encryption, pick a strong password (12+ random characters), and shred the unencrypted originals. For casual password protection (preventing accidental access, not defending against determined attackers), ZIP AES-256 is fine. Never use ZipCrypto for anything.
Need to change an archive's encryption? Convert ZIP to 7Z to upgrade from ZipCrypto to AES-256 with filename encryption. Convert RAR to 7Z to move from proprietary encryption to an open, auditable implementation. The conversion extracts and re-archives — set a strong password on the new archive.