Frontpage
Forums
Tutorials
Members
Calendar
Subscription
Donate
Links
Contact 
Help
Hello.
I have a file which contains private info I would like to encrypt.
I want it to be locked by a password.
I intend to put it online and would like the security level to be it won't be possible to read it without being "NSA" :-).
Is there any free solution?
It's an Office document (I would like to compress and encrypt).
Thanks.
Page 1 of 1
Encrypting One File
Looking for a free solution
Rate Topic:
Back to top
#3
Posted 14 November 2007 - 09:04 PM
Suggest you use "FileEncryptor ",it's a freeware,it's so convenient.
http://www.brothersoft.com/security/encryp...ptor_24913.html
And "Folder Lock " is fast file-security program that can password-protect,lock, hide and encrypt any number of files, folders, drives, pictures and documents in seconds.
http://www.brothersoft.com/security/encryp...lock_20760.html
Forrest
Brothersoft Support
http://www.brothersoft.com/security/encryp...ptor_24913.html
And "Folder Lock " is fast file-security program that can password-protect,lock, hide and encrypt any number of files, folders, drives, pictures and documents in seconds.
http://www.brothersoft.com/security/encryp...lock_20760.html
Forrest
Brothersoft Support
This post has been edited by Brothersoft: 14 November 2007 - 09:26 PM
#4
- Member
-
- Group: Members
- Posts: 113
- Joined: 14-November 04
Posted 15 November 2007 - 03:48 AM
Thank you all...
At first I thought file compression utilities such as Win RAR use a "Low Tech" encryption which is easy to break.
Yet I was surprised to read the following email in response to my question how good is WinRar encryption:
I guess that will satisfy me.
Thank you.
At first I thought file compression utilities such as Win RAR use a "Low Tech" encryption which is easy to break.
Yet I was surprised to read the following email in response to my question how good is WinRar encryption:
Quote
Hello Royi,
WinRAR uses 128 AES encryption:
===============================
Further information:
http://en.wikipedia....yption_Standard
Advanced Encryption Standard:
The US Government created an encryption standard several years ago, called the
Data Encryption Standard (DES).
It has been widely used both in government circles and by banks.
The government has recently replaced DES with the Advanced Encryption Standard
(AES).
One cryptologist has said that assuming that you could recover a DES key in a
second
(trying 2^55 keys per second), it would take the same machine approximately 149
trillion
years to recover a 128-bit AES key.
AES (Rijndael) was developed in Belgium, but it was accepted by
US Government as US encryption standard. In fact, it was developed
by Belgium researchers specially for AES Contest announced by US NIST
organization.
How WinRAR checks passwords:
============================
WinRAR does not check a password at all. It passes a password through
the hash function to set 128 bit AES encryption key and then it uses
this key to encrypt the file data. If entered password is incorrect,
decrypted file will contain 100% garbage, decrypted data CRC will not
match the original data CRC and WinRAR will report CRC error.
If an intruder does not know a valid password, he will get nothing
but garbage. You may check it yourself - set "Keep broken files"
option in the extraction dialog when decompressing a file with
the wrong password and WinRAR will not delete the unpacked file.
Then examine its contents and you will see that it is useless.
RAR cannot distinguish a corrupt file and wrong password
(if it were possible, it would make encryption weaker),
so such message may indicate both a wrong password
and corrupt file. So you will get following error message:
"CRC failed in the encrypted file <name> (wrong password ?)"
Why a 128 bit key
=================
Note, 128 bit key provides 3.4*10^38 combinations. If you find
a supercomputer which is able to check 1 000 000 000 AES keys
per second, it will take 10.7*10^21 years to check all combinations.
It is by many billions times larger than age of our universe.
So brute force attack to 128 bit key is unfeasible even if
computers will become a billion times faster. Potential attackers
will try either brute force attack to password string, not key,
or attempt to find a weakness in the hashing function generating
keys from the password. In both cases the key length is irrelevant
and only a strength of hashing function is important.
Concerning AES256 in RAR format would mean slower encryption and
incompatibility with previous versions without real gain in security.
If someone really wish to utilize the power of 256 bit key, the password
length must be at least 32 characters (in fact, 50 - 60 characters,
because some characters are never used in passwords) and it is very
doubtful that they are really using so long passwords. And even if they are,
RAR already uses techniques making the brute force attack both to AES key and
long enough passwords useless.
"Encrypt file names" option
===========================
If you set "Encrypt file names" option, WinRAR will encrypt not only file data,
but all other sensitive archive areas like file names, sizes, attributes,
comments
and other blocks, so it provides a higher security level. Without a password it
is
impossible to view even the list of files in archive encrypted with this
option.
Password lost?
===============
RAR encryption does not contain backdoors, so the only possible way to
find a password is to test all possible character combinations.
You may try CRACK utility, which does it:
http://www.password-....com/crack.html
but this process is very slow and can help to restore only short
RAR 2.x passwords (up to 4 - 5 characters). We do not know any way
to restore longer or RAR 3.x passwords.
We had talked with one of the developer of such a RAR password crack tool
last shareware conference. His opinion: Since WinRAR 3.00 it is impossible to
crack a good RAR password.
Best regards,
Klaro at WinRAR-Support
win.rar GmbH
Unser Lieben Frauen Kirchhof 10
28195 Bremen
Germany
www.win-rar.com (website)
WinRAR uses 128 AES encryption:
===============================
Further information:
http://en.wikipedia....yption_Standard
Advanced Encryption Standard:
The US Government created an encryption standard several years ago, called the
Data Encryption Standard (DES).
It has been widely used both in government circles and by banks.
The government has recently replaced DES with the Advanced Encryption Standard
(AES).
One cryptologist has said that assuming that you could recover a DES key in a
second
(trying 2^55 keys per second), it would take the same machine approximately 149
trillion
years to recover a 128-bit AES key.
AES (Rijndael) was developed in Belgium, but it was accepted by
US Government as US encryption standard. In fact, it was developed
by Belgium researchers specially for AES Contest announced by US NIST
organization.
How WinRAR checks passwords:
============================
WinRAR does not check a password at all. It passes a password through
the hash function to set 128 bit AES encryption key and then it uses
this key to encrypt the file data. If entered password is incorrect,
decrypted file will contain 100% garbage, decrypted data CRC will not
match the original data CRC and WinRAR will report CRC error.
If an intruder does not know a valid password, he will get nothing
but garbage. You may check it yourself - set "Keep broken files"
option in the extraction dialog when decompressing a file with
the wrong password and WinRAR will not delete the unpacked file.
Then examine its contents and you will see that it is useless.
RAR cannot distinguish a corrupt file and wrong password
(if it were possible, it would make encryption weaker),
so such message may indicate both a wrong password
and corrupt file. So you will get following error message:
"CRC failed in the encrypted file <name> (wrong password ?)"
Why a 128 bit key
=================
Note, 128 bit key provides 3.4*10^38 combinations. If you find
a supercomputer which is able to check 1 000 000 000 AES keys
per second, it will take 10.7*10^21 years to check all combinations.
It is by many billions times larger than age of our universe.
So brute force attack to 128 bit key is unfeasible even if
computers will become a billion times faster. Potential attackers
will try either brute force attack to password string, not key,
or attempt to find a weakness in the hashing function generating
keys from the password. In both cases the key length is irrelevant
and only a strength of hashing function is important.
Concerning AES256 in RAR format would mean slower encryption and
incompatibility with previous versions without real gain in security.
If someone really wish to utilize the power of 256 bit key, the password
length must be at least 32 characters (in fact, 50 - 60 characters,
because some characters are never used in passwords) and it is very
doubtful that they are really using so long passwords. And even if they are,
RAR already uses techniques making the brute force attack both to AES key and
long enough passwords useless.
"Encrypt file names" option
===========================
If you set "Encrypt file names" option, WinRAR will encrypt not only file data,
but all other sensitive archive areas like file names, sizes, attributes,
comments
and other blocks, so it provides a higher security level. Without a password it
is
impossible to view even the list of files in archive encrypted with this
option.
Password lost?
===============
RAR encryption does not contain backdoors, so the only possible way to
find a password is to test all possible character combinations.
You may try CRACK utility, which does it:
http://www.password-....com/crack.html
but this process is very slow and can help to restore only short
RAR 2.x passwords (up to 4 - 5 characters). We do not know any way
to restore longer or RAR 3.x passwords.
We had talked with one of the developer of such a RAR password crack tool
last shareware conference. His opinion: Since WinRAR 3.00 it is impossible to
crack a good RAR password.
Best regards,
Klaro at WinRAR-Support
win.rar GmbH
Unser Lieben Frauen Kirchhof 10
28195 Bremen
Germany
www.win-rar.com (website)
I guess that will satisfy me.
Thank you.
Share this topic:
Page 1 of 1