Is there non-linear difference between strong (i.e. AES) and non-strong (i.e. classic zip) encryption

Question

AES and other modern encryption algorithm are considered strong and sometimes one can see quotes like "it's not recommended to use classic zip encryption since it is no longer considered strong". But is there a really non-linear difference between them? For example, if both produce sequences with high entropy, does it mean that with a very long password (512 bit and more) they both become indistinguishably strong since lets say theoretically we can break AES for example with billion year computer time and zip with 1/10 of that time?

Answer 1

Yes. When people talk about "strong" encryption, they refer to an encryption scheme where there are no known techniques to recover plaintext that are significantly better than a brute-force key search. "Significant" is an important word here: there is an attack on 256-bit AES with a complexity of 2^119. That's an enormous reduction in the search space, but 256-bit AES is still considered strong because it's simply computationally unfeasible to pull off.

In comparison, the attacks on classic pkzip encryption are as low as 2^27. That's so much simpler than the attack on AES that it's actually quite difficult to visualise; calling it non-linear simply doesn't do it justice. One is trivial, the other impossible.