Overview of ZIP password protection: Zip-archivers (pkzip, WinZip versions up to 8.0) use their proprietary encryption algorithm which is not strong. This causes two practical vulnerabilities. Firstly, it's always possible to implement a plain-text attack (one unencrypted file from the archive needed). Secondly, if the archive was created with WinZip or Infozip and contains 5 or more files, then it is possible to decrypt the archive with guarantee regardless of password length and complexity. Both attacks take just couple hours on the modern computer.

In the latest WinZip versions there is an option that allows using strong AES algorithm. In this case the said attacks are unapplicable and only brute-force can be used for Zip password recovery.

File extensions: zip
ZIP crypto algorithms: Propietary (up to WinZip 8.0), AES
ZIP encryption weakness: Human factor, weak algorithm
Possible attacks against ZIP: brute-force (exhaustive key search if WinZip)/ known-plaintext
Attacks complexity: 2⁸⁸(2³⁶ if WinZip)/ 2³⁸

Arcticles about ZIP encryption: ZIP Attacks with Reduced Known-Plaintext, A Known Plaintext Attack on the PKZIP Stream Cipher
How can I recover ZIP password? use known-plaintext attack if you've got unencrypted file from archive, use guaranteed recovery if you've got WinZip archive with at least 5 files

Advanced Archive Password Recovery (ARCHPR) 4.0

(38596 downloads)

by ElcomSoft Co.Ltd.

	: 6.000.000 (Zip) / 20.000.000 (WinZip) / 340 (AES)
	: 14.000.000 (Zip) / 34.000.000 (WinZip) / 700 (AES)
	: 10.000.000 (Zip)/23.000.000 (WinZip)
	: N/A
	: Pentium II/III; Pentium 4; Core 2; AMD

Shareware
Price: $99.00

Description: Advanced Archive Password Recovery recovers passwords and removes protection from ZIP and RAR archives created with all versions of PKZip, WinZip, RAR and WinRAR in their GUI and command-line incarnations. Being a flexible, customizable and highly-optimized password recovery tool, it offers best-in-class performance for recovering the most complex passwords. Guaranteed recovery is often possible for many ZIP archives in less than one hour.

Zip Password Recovery Master 1.0

(2457 downloads)

by Rixler Password Recovery

	: 4.300.000 (Zip/Winzip) / 180 (AES)
	: 10.000.000 (Zip/Winzip) / 300 (AES)
	: 8.800.000 (Zip/Winzip) / 200 (AES)
	: N/A
	:

Shareware
Price: $29.95

Description: Zip Password Recovery Master helps to recover lost passwords for ZIP archives. It supports a number of exclusive attacks to beat zip passwords. The use of undocumented features of ZIP files provide you with a great time reduction while searching the password.

Ultimate ZIP Cracker (UZC) 7.3.1.5

(13684 downloads)

by VDGSoftware

	: 3.000.000 (Zip/WinZip)
	: 11.000.000 (Zip/WinZip)
	: not tested
	: N/A
	: P2,P3; P4

Shareware
Price: $45.00

Description: Utility for recovering the lost passwords for several file types: MS-Word and MS-Excel documents; ZIP archives and ARJ archives. The program is highly optimized for speed.

fcrackzip v.0.3.0

(14006 downloads)

by M. Lehmann

	: 2.000.000
	: not tested
	: not tested
	: N/A
	:

Free+sources
Price: $0.00

Description: A command-line utility. Do not use for archives with only one file.

PkCrack v.1.2.2

(14520 downloads)

by P. Conrad

	: few hours
	: not tested
	: few hours
	: N/A
	:

Free+sources
Price: $0.00

Description: A command-line utility, supports known-plaintext attack (you need at least one unencrypted file from archive).

Accent ZIP Password Recovery (AccentZPR) 1.0

(34 downloads)

by AccentSoft Team

	: not tested
	: not tested
	: not tested
	: N/A
	: Pentium II/III; Pentium 4; Core 2; AMD; Dual; NVIDIA GPU; ATI GPU

Shareware
Price: $30.00

Description: Recovers lost passwords for WinZip 9 or later (archives encrypted with WinZip AES). Boosted by ATI video cards supporting ATI Stream and NVIDIA video cards supporting NVIDIA CUDA. Video cards make zip password recovery up to 10 times faster. The program has enhanced features for mask and dictionary-based attacks. The New Task wizard makes it easier to use them. PasswordRecoverytools.com/winzip-aes.asp is the best recovery for WinZip/AES passwords