Is 7-Zip Encryption really secure?

How about to Google for "What encryption does 7-Zip use?" or similar? I see no effort to find the answer before asking this question. I voted the question down.

[***THIS COMMENT IS VERY WRONG***] Indeed! Addition: the constant is `kNumKeyGenIterations` defined at line 24 of 7z2201-src/CPP/7zip/Crypto/WzAes.cpp in the [source](https://7-zip.org/a/7z2201-src.tar.xz). It's used at line 48. That can't be changed without breaking compatibility with earlier programs, because this is not encoded in the file. The use of the GPU/FPGA/ASIC-friendly PBKDF2-SHA-1, with that low number of rounds, is a dream for password crackers such as hashcat. We need a very strong passphrase to compensate for this, like 6 random words (obligatory [XKCD](https://xkcd.com/936/)).

[*THIS COMMENT IS STILL WRONG*] On second look, no! The 1000 rounds of PBKDF2-SHA-1 are implemented in some crypto supported by 7-zip but ***NOT*** for 7-zip's native crypto. I think the correct description is [there](https://crypto.stackexchange.com/a/77548/555). $2^{19}$ rounds of SHA-256 is still very far from the state fo the art, but it's 512 times better.

On third look, the password-to-key derivation is in `CKeyInfo::CalcKey()` of 7z2201-src/CPP/7zip/Crypto/7zAes.cpp [there](https://7-zip.org/a/7z2201-src.tar.xz). It hashes with SHA-256 a message consisting of $2^{k}$ times (16 bytes of salt, password, and 8-byte counter), with $k=19$ by default (with parameter $k\le24$ indicated in the archive). So that's about $2^{18}$ rounds of SHA-256 by defaut. Not very good compared to a standard amount of Argon2 or Scrypt, but over a hundred times better than the <$2^{11}$ rounds of SHA-1 corresponding to 1,000 iterations of PBKDF2-SHA-1

I sit in a Tesla and translated this thread with Ai: