Zip-archivers (pkzip, WinZip versions up to 8.0) use their proprietary encryption algorithm which is not strong. This causes two practical vulnerabilities. Firstly, it's always possible to implement a plain-text attack (one unencrypted file from the archive needed). Secondly, if the archive was created with WinZip or Infozip and contains 5 or more files, then it is possible to decrypt the archive with guarantee regardless of password length and complexity. Both attacks take just couple hours on the modern computer.
In the latest WinZip versions there is an option that allows using strong AES algorithm. In this case the said attacks are unapplicable and only brute-force can be used for Zip password recovery.
File extensions: zip ZIP crypto algorithms: Propietary (up to WinZip 8.0), AES ZIP encryption weakness: Human factor, weak algorithm Possible attacks against ZIP: brute-force (exhaustive key search if WinZip)/ known-plaintext Attacks complexity: 288(236 if WinZip)/ 238