fcorbelli
commented
2 months ago You're right. zpaqfranz essentially uses the same base code as zpaq (it's a fork of it, after all). The encryption is essentially done using an AES algorithm. zpaq information is 100% accurate with zpaqfranz.
Sanesecurity
I was trying to look on the github/wiki to see what type of encryption was used in zpaqfranz... but couldn't see anything (unless I missed it).
However I did find this, which I'm assuming is still the same with zpaqfranz, so might be worth adding a quick update to the wiki:
"Encryption
Archives can be encrypted using AES-256 in CTR mode. A password must be given every time an encrypted archive is used. Keys are strengthened with Scrypt(N=16384, r=8, p=1) (requiring 208M operations and 16 MB memory) to slow down brute force search for weak keys. Encrypted archives are prefixed with a 32 byte random salt, which also provides an 8 byte IV for the first half of the 16 byte AES counter. If a remote archive has a local index, then both are encrypted with the same key but different salts to generate independent keystreams. Encryption provides privacy but not authentication against tampering.
All of the encryption code (AES, Scrypt, SHA-1, SHA-256) is public domain and tested against published test vectors. The AES code is derived from libtomcrypt 1.17. "
source: https://mattmahoney.net/dc/zpaq.html