Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

I've lost the password to a "zip" file. How do I open the file?

Question:

I used a password while zipping a file, but unfortunately I’ve since
forgotten the password I used. How can I unzip the archive and retrieve the
file?

In a perfect world, the answer should be “you can’t”. I mean, you should be
able to open a password protected files ONLY if you have the password right?
Otherwise what’s the point?

The fact that the answer isn’t “you can’t” should concern you.

Become a Patron of Ask Leo! and go ad-free!

First, the answer: if you search Google for “zip file lost password” you’ll
get a page full of results for various providers of zip file password
crackersrecovery tools. Some are free, some are not. While I
haven’t tried them, the tools are out there.

In looking at the tools, the techniques to crack a zip file password boil
down to three different approaches:

  • Brute Force Attack – make up and try every possible
    password. This sounds time consuming and it can be. However if you can provide
    hints, such as the approximate length of the password you used or perhaps the
    first character of your forgotten password, you can cut down the time
    dramatically.

  • Dictionary Attack – by quite literally using a dictionary
    of words, the tool can try various combinations until something works. If you
    recall that your password was in fact a word or combination of words, a
    dictionary attack can once again reduce the amount of time it might take to
    discover the forgotten password.

  • Known-plaintext Attack – If you have an original
    unencrypted copy of any file in the zip file (the “known plaintext”, in
    cryptography-speak), that file, plus the encrypted zip file, can be used to
    reverse-calculate the password and thus extract all the other files.

“Password protecting a ZIP file is fairly poor security.
It can be cracked …”

Now, many of these techniques rely on time. Depending on your computer and
the password to be discovered, you may end up turning a password
crackerrecovery tool loose and have it take a few hours – or
perhaps days – to recover the password. Perhaps that’s too long, but perhaps
not. That depends on your needs.

There are a couple of very important lessons to be learned here,
however:

Password protecting a ZIP file is fairly poor security. It
can be cracked, simple as that. With enough resources, and a poor or even
moderately secure password, it can be cracked reasonably quickly.

“Strong” passwords are a must. If you’re going to use words
from the dictionary as a password, it’s almost like having no password at all,
cracking it is that easy. If you use a good, long and strong password then you
can increase dramatically the amount of time it will take to crack or recover
the zip file.

It’s possible that the protection provided by a zip file is enough for you,
and that’s fine. Zip files are a compression format first, and an encrypting
archive second. As long as you understand the previous two points, then you can at
least make a reasonably informed decision as to which tool to use.

As an alternative, I would recommend something like TrueCrypt which uses much more robust algorithms to produce
a virtually uncrackable encryption. If you forget the password to a TrueCrypt
volume, you’ve lost your data. Period.

Like zip files, TrueCrypt volumes can contain many files in a single
encrypted package. Unlike zip files, TrueCrypt volumes do not compress
the data and you must select the size of your volume when you create it. But
both of these differences are easily managed: if you want, you can compress
files prior to putting them in a TrueCrypt volume, and it’s easy to “grow” your
volume, if needed by creating a new one and copying the contents of the
old.

As with most things, choosing the right tool for the job is, perhaps, the
most important decision even before you start.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

12 comments on “I've lost the password to a "zip" file. How do I open the file?”

  1. so how to open the file or extract the file if the password is lost… and cracking or recovery doesnt work at all or failed many time.. Sugestion [ delete the file ] problem solved!

    Reply
  2. —–BEGIN PGP SIGNED MESSAGE—–
    Hash: SHA1

    It depends on what technology you used to encrypt it. But in general, if you
    lose the password to an encrypted drive, you’re probably screwed. Any decent
    encryption technology will not have a password recovery backdoor.

    Leo
    —–BEGIN PGP SIGNATURE—–
    Version: GnuPG v1.4.6 (MingW32)

    iD8DBQFGNkLWCMEe9B/8oqERAoSlAJ9KetTn4+C4+nAxElcPFRDqwzHfBACcCOyP
    dwBBoSYKxrgLL7T60NzWkNI=
    =EsFN
    —–END PGP SIGNATURE—–

    Reply
  3. —–BEGIN PGP SIGNED MESSAGE—–
    Hash: SHA1

    Using the disk manager you’ll probably have to create a new empty partition,
    and then format it.

    Leo

    —–BEGIN PGP SIGNATURE—–
    Version: GnuPG v1.4.6 (MingW32)

    iD8DBQFGR+INCMEe9B/8oqERAhUUAJ9LLvbUNiN01B+5v+wYEFH49seQdgCfQQxq
    NPAUU8l9dgh+baOXjkt4k44=
    =pJOh
    —–END PGP SIGNATURE—–

    Reply
  4. Stellar Phoenix Zip Recovery CAN NOT recovery any passwords. It can repair corrupted passworded files to a specific ZIP version as long as you know what the password is. It’s not a password cracking tool at all.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.