use password in win rar to protect file is secure or not

Posted on 2011-03-03
Medium Priority
Last Modified: 2012-05-11
I use winrar to protect file from some one to read i use password in winrar about 5 digit it secure or not
and  when i want to read I unrar it and read it then i delete it normally it is a text file how can i make sure that txt file that I unrar can not use some pro gram to make it readable a gain
Question by:teera

Assisted Solution

lloydclinton earned 200 total points
ID: 35033491
Use a complex password larger than 5 characters

Assisted Solution

ChopOMatic earned 400 total points
ID: 35033642
For starters, as Lloyd says, you need a more complex password. Also FYI:

LVL 39

Assisted Solution

by:Aaron Tomosky
Aaron Tomosky earned 200 total points
ID: 35033688
Rar does not have any exploits like office docs so as long as your password is sufficiently long and complex it will stand up to a brute force attack as suggest above.

However a workflow suggestion if may: check out truecrypt.
We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

LVL 66

Accepted Solution

btan earned 800 total points
ID: 35033812
if you unrar in an infected machine, and supposing there is keylogger, no matter how complex the password is, it can be logged. But I am not saying that having complex password is no good, it does help in deterring the brute force password cracking (e.g. RAR password cracker, dictionary attack, rainbow tbl). There is a site (http://www.passwordmeter.com/) for testing password complexity too. Nonetheless, minimally do have at least 8 characters in length, and choose a random combination of characters and digits

also we also need to be aware of temp remanence from the application to unrar to temp location, they need to be securely erase too. user had to be aware of it then. I understand that features list for WinRAR 3.8 says "New 'Wipe Temporary Files' option in 'Settings/Security' dialog provides more secure, though slower, way to delete temporary WinRAR files." this may help

having said that, WinRAR encryption algorithm was changed to AES (Advanced Encryption Standard) with a 128 bit key length starting with WinRAR 3.0. This is definitely stronger and a NIST standard, but of course 256bits can be considered too. but still we need to be aware of the weakest link, which is your password

probably you may want to consider two layer encryption which is add document security (encryption) into it. office and PDF support that straight from the application. dont think there is for image and video for direct used. of course the volume encryption using Truecrypt is another good candidate. they can bundle it with smartcard token which is a 2Factor authentication (even if they sniff pin, they cannot get your smartcard token)

for your info, in the past, WinRAR is assessed to be more secure than WinZIP (which uses proprietary scheme). of course thing evolved to be better for both  @ http://www.springerlink.com/content/adem7g0n9a9rqtw9/

Assisted Solution

gdi67 earned 200 total points
ID: 35034456
it depends on how stong your password is. AFAIK winrar doesn't face cryptanalysis attack for now.
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 200 total points
ID: 35034500
Seconded - there is no easy break for winrar, you have to try to brute force the password by trying every possible combination until you find it.
If you use a short, letters only password, that can be done.
If you use a 12 or more character password, with upper case, lower case, number and symbols, its a monumental task and isn't going to happen.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

619 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question