PKZip utilizes a proprietary stream cipher that is vulnerable to a known plaintext attack, as Eli Biham and Paul C. Kocher describes in A Known Plaintext Attack on the PKZIP Stream Cipher.
In ZIP Attacks with Reduced Known-Plaintext, Michael Stay describes an improved known plaintext attack that works against files that non-PKZip zip programs such as InfoZip, WinZip, and NetZip create. The Stay attack requires the Zip archive to contain a minimum of five files.
Software to Recover a Zip Password
Several programs with varying capabilities are available to help recover a lost Zip password.
Zip Key by Passware is a commercial program that implements the Biham-Kocher and Stay attacks, as well as dictionary and brute force attacks.
Ultimate Zip Cracker by VDG Software is a commercial program that implements the Biham-Kocher attack, a dictionary attack, and a brute force attack.
The Password Recovery Toolkit by AccessData is a commercial program that implements the Stay attack or a dictionary attack.
Advanced Zip Password Recovery by Elcomsoft is a commercial program that implements the Biham-Kocher attack, a dictionary attack, and a brute force attack.
Advanced Archive Password Recovery by Elcomsoft is a commercial program that implements the Stay attack in addition to the capabilities of their Advanced Zip Password Recovery program.
PkCrack is a free program that implements the Biham-Kocher attack. To use PkCrack, the user needs another ZIP-archive containing at least one of the files from the encrypted archive in unencrypted form. This one has to be compressed with the same compression method used for the encrypted file.
Security Enhancements in WinZip 9
WinZip 9 introduced the use of 128 and 256-bit key AES encryption. Unless there is a flaw in the WinZip AES implementation, this should make WinZip 9 passwords significantly more difficult to recover.