There are modern versions that are not completely insecure.

That’s true, but they’re not widely supported, so you can’t count on them to communicate. It’s also really hard to know for laypeople if the result is safe or not, so it’s dangerous to train them to accept encrypted ZIPs. Plus, as long as you don’t care about compatibility, you’re probably better off with encrypted disk images (DMGs or LUKS), because they don’t have completely dominant unsafe implementations.

The filesystem drivers in most linux distro's (and I'd argue Mac and Windows too) have never been under scrutiny for security bugs. I wouldn't trust an ext4 image I got from the internet unless it was signed and from a trusted source, that's worse than ZIP files.

What about a bare tar ball though?

Acceptable but tar's have their own set of issues (mostly efficiency and being tape oriented)

You're not guaranteed compatibility. If you use AES to encrypt (using 7zip or whatever), the recipient won't be able to open it with Windows Explorer: https://superuser.com/questions/1255917/do-windows-8-1-or-10...

Could you elaborate or provide some link to your first claim? I'm really interested to know more.

Thanks!

Specifically ZipCrypto is bad, which is the only supported crypto if you're password-protecting in Windows Explorer and the like. If you use 7zip or similar software you can use AES instead, which is fine.

http://math.ucr.edu/~mike/zipattacks.pdf

https://en.wikipedia.org/wiki/Zip_(file_format)#Encryption

There are multiple ways to password protect zip files. A user usually won't be able to tell whether the way used by their software is secure or not. The old way is insecure.

http://math.ucr.edu/~mike/zipattacks.pdf

https://github.com/hyc/fcrackzip

The modern format uses PBKDF2 like many password hashing formats and needs to be attacked with john the ripper or hashcat.