>>4
What kind of idiot designs "secure" archive formats like that?
The standard and correct way to do it is to:
1) Use the user-entered password to generate keys for your crypto algo of choice, usually using a cryptographically secure hash algorithm, possibly with some salt and padding involved.
2) Encrypt the data after packing, or the entire archive after packing using a strong crypto algorithm using the keys previously generated from the passphrase.
Thus there are 2 ways to break this assuming the hash and symmetric block crypto algorithms are secure enough and the key is long enough. One is to bruteforce the key, which in the case of AES128,AES256+ and more is not very feasible, unless there are weaknesses in the key generation algorithm, however if the hash algorithm was good enough, it should not be a problem. The other way to to guess the passphrase, in which case one would use dictionary or bruteforce attacks, but that would only work on weak passwords.
Some popular formats actually had dumb designs, like earlier .doc password protection and some others, but it'd be pretty stupid to do something so broken for modern archives, and they don't (see specifications and source code to confirm for yourself).