当前位置: 文江博客话题详情

CentOS zip 命令 - 添加密码 - 提供什么类型的加密(如果有)?

发布于 2024-12-14 08:18:36 字数 147 浏览 0 评论 0原文

使用 CentOS5 中包含的 zip 实用程序(zip 命令):即 /usr/bin/zip -P $ZIP_PASS ...

我无法找到任何相关文档。我想知道密码的安全性如何。这是加密的吗?如果不加密,如何保护?

谢谢

原文

With the included zip utility in CentOS5 (zip command): i.e. /usr/bin/zip -P $ZIP_PASS ...

I haven't been able to find any documentation on this. I am trying to find out how secure the password is. Is this encrypted? How is it protected if not with encryption?

Thanks

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

记忆里有你的影子 2024-12-21 08:18:36

好吧,我找到了我正在寻找的答案......来自 http://en.wikipedia .org/wiki/ZIP_%28file_format%29http://en.wikipedia.org/wiki/Known-plaintext_attack

加密文件存档(例如 ZIP)很容易受到这种攻击。[引用
需要] 例如,拥有加密 ZIP 文件的攻击者只需要
存档中的一个未加密文件(的一部分)构成
“已知明文”。[4][5]然后使用一些公开的软件
他们可以快速计算出解密整个数据所需的密钥
档案。为了获取这个未加密的文件,攻击者可以搜索
网站寻找合适的文件,从另一个档案中找到它
打开,或手动尝试重建带有以下命令的纯文本文件
从加密档案中获知文件名。

所以... zip 并不完全安全 - 但 zip 内的文件具有随机文件名(如果实施得当),并且立即删除未加密的文件(也是不可通过网络访问的) - 这似乎是一个可能的解决方案...

更多资源:
http://linux.101hacks.com/archive-compression/ password-protection-for-zip-files/

然而,我读得越多,7zip 的 AES 256 位加密 zip(一旦安装在服务器上)就非常非常多了更安全。它也不容易受到已知的明文攻击。

Ok I found the answer I was looking for.... From http://en.wikipedia.org/wiki/ZIP_%28file_format%29 and http://en.wikipedia.org/wiki/Known-plaintext_attack

Encrypted file archives such as ZIP are prone to this attack.[citation
needed] For example, an attacker with an encrypted ZIP file needs only
(part of) one unencrypted file from the archive which forms the
"known-plaintext".[4][5] Then using some publicly available software
they can quickly calculate the key required to decrypt the entire
archive. To obtain this unencrypted file the attacker could search the
website for a suitable file, find it from another archive they can
open, or manually try to reconstruct a plaintext file armed with the
knowledge of the filename from the encrypted archive.

So... the zip is not completely secure - but with random file names (when implemented well) for the file(s) inside the zip, and immediate deletion of the unencrypted file (which is also non-web-accessible) - this appears to be a POSSIBLE solution...

More resources:
http://linux.101hacks.com/archive-compression/password-protection-for-zip-files/

However, the more I read, AES 256bit encrypted zips by 7zip (once installed on the server) is much, much more secure. It is NOT susceptible to the known plaintext attack, either.

回复 原文
我也只是我 2024-12-21 08:18:36

是的,它是加密的。根据手册:

-P password
          use password to encrypt zipfile entries (if any).  THIS IS INSECURE!  Many multi-user operating
          systems provide ways for any user to see the current command line of any other  user;  even  on
          stand-alone  systems  there  is  always  the  threat of over-the-shoulder peeking.  Storing the
          plaintext password as part of a command line in an automated script is  even  worse.   Whenever
          possible,  use  the non-echoing, interactive prompt to enter passwords.  (And where security is
          truly important, use strong encryption such as Pretty Good Privacy instead  of  the  relatively
          weak encryption provided by standard zipfile utilities.)

这是通过在 centOS 计算机上运行“man zip”找到的。

正如手动输入所指出的,为了提高安全性,最好在命令中使用密码来压缩文件,因为其他人可以检查进程列表并看到正在压缩的密码。

我不知道它使用什么类型的加密,但我环顾四周,它似乎不太好。 stackoverflow 上也有一些类似的问题。如果加密确实很重要,请考虑使用不同的 zip 库,请使用允许 AES 的库,例如 GPG。

Yes, it is encrypted. Per the manual:

-P password
          use password to encrypt zipfile entries (if any).  THIS IS INSECURE!  Many multi-user operating
          systems provide ways for any user to see the current command line of any other  user;  even  on
          stand-alone  systems  there  is  always  the  threat of over-the-shoulder peeking.  Storing the
          plaintext password as part of a command line in an automated script is  even  worse.   Whenever
          possible,  use  the non-echoing, interactive prompt to enter passwords.  (And where security is
          truly important, use strong encryption such as Pretty Good Privacy instead  of  the  relatively
          weak encryption provided by standard zipfile utilities.)

This is just found from running "man zip" on a centOS machine.

As the manual entry notes, for high security it is not good to use the password in the command to zip the file, as others could check the process list and see the password as zipping.

I don't know what kind of encryption this uses, but I looked around some and it doesn't appear to be great. There are some similiar questions on stackoverflow to this. Look into using a different zip library if encryption is truly important, use something that allows AES, such as GPG.

回复 原文
~没有更多了~

关于作者

初见

暂无简介

0 文章
0 评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

Gabu-gabumon

文章 0 评论 0

qq_CgiN62

文章 0 评论 0

荔枝明

文章 0 评论 0

赏烟花じ飞满天

文章 0 评论 0

独守阴晴ぅ圆缺

文章 0 评论 0

¤→小豸慧

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文