Is 7-Zip's AES encryption just as secure as TrueCrypt's version?

If implemented correctly, AES is AES; the output between two different implementations is identical, and therefore no distinction is possible in after-the-fact comparison -- if done correctly, the one is exactly the same as the other.

But there are a few points where differences can crop in:

Operation Mode
Truecrypt implements a modified counter mode called XTS. It's pretty well vetted and has withstood some serious abuse from some powerful attackers (such as the US Government).

From examining the p7zip source code, it appears that AES encoding for the 7-zip format operates in CBC mode. This is certainly not necessarily insecure; it's the mode most popularly used in protocols such as TLS, but it is potentially vulnerable to padding oracle attacks. See this discussion on operation modes for more information.

Key Derivation
Truecrypt uses PBKDF2 to turn your password into an encryption key. It's difficult to come up with a better alternative than that. p7zip uses a salted SHA256 hash repeated over a configurable number of iterations. PBKDF2 is a bit more configurable, but 7-zip's alternative is functionally similar and arguably reaches the same goals.

Vetted Implementation
Here's probably the biggest difference: TrueCrypt's code has been poured over by cryptographers and carefully examined for implementation mistakes. 7-zip's has not (at least not to the same degree). This means that there is a higher probability that 7-zip's code contains some sort of mistake that could allow for some sort of as-yet-unknown attack. That's not to say that such a mistake exists, and that's not to say that such a mistake couldn't be found in TrueCrypt instead. But the this is a matter of probability, not certainty.

All in all, the differences are minor, and for most use cases you shouldn't expect any difference at all from a security perspective. If it's a matter of life-and-death, I'd probably pick TrueCrypt. But for matters of mere secrecy, I'd recommend going with whichever solution fits your problem the best.


The security of a cipher depends on its specific implementation in a software utility. As far as I know, there are no known AES implementation issues in 7-Zip or TrueCrypt.

AES is a fast cipher, and hardware acceleration features such as AES-NI make it much faster. So protecting against brute-force requires strengthening the key through key extension mechanisms.

Brute-forcing tools exist for both 7-Zip and TrueCrypt and they support hardware acceleration.

7-Zip uses key extension to increase the time to brute-force. The user password is hashed 130,000 to 524,288 times (depending on the version) using SHA256.

TrueCrypt also uses PBKDF2 for key extension with 1000 iterations which is 2 orders of magnitude lower than 7-Zip. An issue is that TrueCrypt uses the minimum number of iterations recommended 10 years ago.

When the PBKDF2 standard was written in 2000, the recommended minimum number of iterations was 1000, but the parameter is intended to be increased over time as CPU speeds increase.

It also uses 512 bit salting that decreases vulnerabilities to dictionary and rainbow tables attacks.

So from a brute-force perspective, 7-Zip is a bit better than TrueCrypt, but both are considered fairly resilient to brute-force attacks.

There is a story where the FBI tried to crack a TrueCrypt volume for 12 months and failed.


Barring implementation bugs, 7-Zip's encryption is more robust than TrueCrypt's, because TrueCrypt has a much harder job.

Sector-level full-disk encryption is hard:

  • You have a fixed amount of space, any part of which may be changed at any time.
  • You have only a relatively small amount of space to save for metadata. If you keep more than a few bits of tracking data per sector, you're probably eating too much space, and the user will object.
  • You can't afford to change key material: there's too much to re-encrypt.
  • You have to ensure an attacker can't copy one sector over another.
  • You have to ensure that a snooper can't read the disk multiple times on different days and gain information from the changes.

In comparison, 7-Zip's job is easy. It writes the file once and is done. If it needs to change something, it can re-encrypt the entire file using a different IV (even if the key is the same), and the new encrypted file looks completely different from the old one.

What this means is that 7-Zip can afford to use the well-understood CTR or CBC block cipher modes. Meanwhile, TrueCrypt has to use XTS, which makes a number of compromises in order to satisfy the additional constraints of full-disk encryption.

For more detail, see this article on the limitations of full-disk encryption.