Drazick Posted November 14, 2007 Share Posted November 14, 2007 Hello.I have a file which contains private info I would like to encrypt.I want it to be locked by a password.I intend to put it online and would like the security level to be it won't be possible to read it without being "NSA" :-).Is there any free solution?It's an Office document (I would like to compress and encrypt).Thanks. Link to comment Share on other sites More sharing options...
Glenn9999 Posted November 14, 2007 Share Posted November 14, 2007 AxCrypt is one that I know of.http://www.axantum.com/AxCrypt/ Link to comment Share on other sites More sharing options...
Brothersoft Posted November 15, 2007 Share Posted November 15, 2007 (edited) Suggest you use "FileEncryptor ",it's a freeware,it's so convenient.http://www.brothersoft.com/security/encryp...ptor_24913.htmlAnd "Folder Lock " is fast file-security program that can password-protect,lock, hide and encrypt any number of files, folders, drives, pictures and documents in seconds.http://www.brothersoft.com/security/encryp...lock_20760.htmlForrestBrothersoft Support Edited November 15, 2007 by Brothersoft Link to comment Share on other sites More sharing options...
Drazick Posted November 15, 2007 Author Share Posted November 15, 2007 Thank you all...At first I thought file compression utilities such as Win RAR use a "Low Tech" encryption which is easy to break.Yet I was surprised to read the following email in response to my question how good is WinRar encryption:Hello Royi,WinRAR uses 128 AES encryption:===============================Further information:http://en.wikipedia.org/wiki/Advanced_Encryption_StandardAdvanced Encryption Standard:The US Government created an encryption standard several years ago, called theData Encryption Standard (DES).It has been widely used both in government circles and by banks.The government has recently replaced DES with the Advanced Encryption Standard (AES).One cryptologist has said that assuming that you could recover a DES key in a second(trying 2^55 keys per second), it would take the same machine approximately 149 trillionyears to recover a 128-bit AES key.AES (Rijndael) was developed in Belgium, but it was accepted byUS Government as US encryption standard. In fact, it was developedby Belgium researchers specially for AES Contest announced by US NISTorganization.How WinRAR checks passwords:============================WinRAR does not check a password at all. It passes a password throughthe hash function to set 128 bit AES encryption key and then it usesthis key to encrypt the file data. If entered password is incorrect,decrypted file will contain 100% garbage, decrypted data CRC will notmatch the original data CRC and WinRAR will report CRC error.If an intruder does not know a valid password, he will get nothingbut garbage. You may check it yourself - set "Keep broken files"option in the extraction dialog when decompressing a file withthe wrong password and WinRAR will not delete the unpacked file.Then examine its contents and you will see that it is useless.RAR cannot distinguish a corrupt file and wrong password(if it were possible, it would make encryption weaker),so such message may indicate both a wrong passwordand corrupt file. So you will get following error message:"CRC failed in the encrypted file <name> (wrong password ?)"Why a 128 bit key=================Note, 128 bit key provides 3.4*10^38 combinations. If you finda supercomputer which is able to check 1 000 000 000 AES keysper second, it will take 10.7*10^21 years to check all combinations.It is by many billions times larger than age of our universe.So brute force attack to 128 bit key is unfeasible even ifcomputers will become a billion times faster. Potential attackerswill try either brute force attack to password string, not key,or attempt to find a weakness in the hashing function generatingkeys from the password. In both cases the key length is irrelevantand only a strength of hashing function is important.Concerning AES256 in RAR format would mean slower encryption andincompatibility with previous versions without real gain in security.If someone really wish to utilize the power of 256 bit key, the passwordlength must be at least 32 characters (in fact, 50 - 60 characters,because some characters are never used in passwords) and it is verydoubtful that they are really using so long passwords. And even if they are,RAR already uses techniques making the brute force attack both to AES key andlong enough passwords useless."Encrypt file names" option===========================If you set "Encrypt file names" option, WinRAR will encrypt not only file data,but all other sensitive archive areas like file names, sizes, attributes, commentsand other blocks, so it provides a higher security level. Without a password it isimpossible to view even the list of files in archive encrypted with this option.Password lost?===============RAR encryption does not contain backdoors, so the only possible way tofind a password is to test all possible character combinations.You may try CRACK utility, which does it:http://www.password-crackers.com/crack.htmlbut this process is very slow and can help to restore only shortRAR 2.x passwords (up to 4 - 5 characters). We do not know any wayto restore longer or RAR 3.x passwords.We had talked with one of the developer of such a RAR password crack toollast shareware conference. His opinion: Since WinRAR 3.00 it is impossible tocrack a good RAR password.Best regards,Klaro at WinRAR-Supportwin.rar GmbHUnser Lieben Frauen Kirchhof 1028195 BremenGermanywww.win-rar.com (website)I guess that will satisfy me.Thank you. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now