Encrypting One File

[Drazick]

Hello.

I have a file which contains private info I would like to encrypt.

I want it to be locked by a password.

I intend to put it online and would like the security level to be it won't be possible to read it without being "NSA" :-).

Is there any free solution?

It's an Office document (I would like to compress and encrypt).

Thanks.

[Glenn9999]

AxCrypt is one that I know of.

http://www.axantum.com/AxCrypt/

[Brothersoft]

Suggest you use "FileEncryptor ",it's a freeware,it's so convenient.

http://www.brothersoft.com/security/encryp...ptor_24913.html

And "Folder Lock " is fast file-security program that can password-protect,lock, hide and encrypt any number of files, folders, drives, pictures and documents in seconds.

http://www.brothersoft.com/security/encryp...lock_20760.html

Forrest

Brothersoft Support

Edited November 15, 2007 by Brothersoft

[Drazick]

Thank you all...

At first I thought file compression utilities such as Win RAR use a "Low Tech" encryption which is easy to break.

Yet I was surprised to read the following email in response to my question how good is WinRar encryption:

Hello Royi,

WinRAR uses 128 AES encryption:

===============================

Further information:

http://en.wikipedia.org/wiki/Advanced_Encryption_Standard

Advanced Encryption Standard:

The US Government created an encryption standard several years ago, called the

Data Encryption Standard (DES).

It has been widely used both in government circles and by banks.

The government has recently replaced DES with the Advanced Encryption Standard

(AES).

One cryptologist has said that assuming that you could recover a DES key in a

second

(trying 2^55 keys per second), it would take the same machine approximately 149

trillion

years to recover a 128-bit AES key.

AES (Rijndael) was developed in Belgium, but it was accepted by

US Government as US encryption standard. In fact, it was developed

by Belgium researchers specially for AES Contest announced by US NIST

organization.

How WinRAR checks passwords:

============================

WinRAR does not check a password at all. It passes a password through

the hash function to set 128 bit AES encryption key and then it uses

this key to encrypt the file data. If entered password is incorrect,

decrypted file will contain 100% garbage, decrypted data CRC will not

match the original data CRC and WinRAR will report CRC error.

If an intruder does not know a valid password, he will get nothing

but garbage. You may check it yourself - set "Keep broken files"

option in the extraction dialog when decompressing a file with

the wrong password and WinRAR will not delete the unpacked file.

Then examine its contents and you will see that it is useless.

RAR cannot distinguish a corrupt file and wrong password

(if it were possible, it would make encryption weaker),

so such message may indicate both a wrong password

and corrupt file. So you will get following error message:

"CRC failed in the encrypted file <name> (wrong password ?)"

Why a 128 bit key

=================

Note, 128 bit key provides 3.4*10^38 combinations. If you find

a supercomputer which is able to check 1 000 000 000 AES keys

per second, it will take 10.7*10^21 years to check all combinations.

It is by many billions times larger than age of our universe.

So brute force attack to 128 bit key is unfeasible even if

computers will become a billion times faster. Potential attackers

will try either brute force attack to password string, not key,

or attempt to find a weakness in the hashing function generating

keys from the password. In both cases the key length is irrelevant

and only a strength of hashing function is important.

Concerning AES256 in RAR format would mean slower encryption and

incompatibility with previous versions without real gain in security.

If someone really wish to utilize the power of 256 bit key, the password

length must be at least 32 characters (in fact, 50 - 60 characters,

because some characters are never used in passwords) and it is very

doubtful that they are really using so long passwords. And even if they are,

RAR already uses techniques making the brute force attack both to AES key and

long enough passwords useless.

"Encrypt file names" option

===========================

If you set "Encrypt file names" option, WinRAR will encrypt not only file data,

but all other sensitive archive areas like file names, sizes, attributes,

comments

and other blocks, so it provides a higher security level. Without a password it

is

impossible to view even the list of files in archive encrypted with this

option.

Password lost?

===============

RAR encryption does not contain backdoors, so the only possible way to

find a password is to test all possible character combinations.

You may try CRACK utility, which does it:

http://www.password-crackers.com/crack.html

but this process is very slow and can help to restore only short

RAR 2.x passwords (up to 4 - 5 characters). We do not know any way

to restore longer or RAR 3.x passwords.

We had talked with one of the developer of such a RAR password crack tool

last shareware conference. His opinion: Since WinRAR 3.00 it is impossible to

crack a good RAR password.

Best regards,

Klaro at WinRAR-Support

win.rar GmbH

Unser Lieben Frauen Kirchhof 10

28195 Bremen

Germany

www.win-rar.com (website)

I guess that will satisfy me.

Thank you.