Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

use password in win rar to protect file is secure or not

Posted on 2011-03-03
6
Medium Priority
?
679 Views
Last Modified: 2012-05-11
I use winrar to protect file from some one to read i use password in winrar about 5 digit it secure or not
and  when i want to read I unrar it and read it then i delete it normally it is a text file how can i make sure that txt file that I unrar can not use some pro gram to make it readable a gain
0
Comment
Question by:teera
6 Comments
 
LVL 3

Assisted Solution

by:lloydclinton
lloydclinton earned 200 total points
ID: 35033491
Use a complex password larger than 5 characters
0
 
LVL 5

Assisted Solution

by:ChopOMatic
ChopOMatic earned 400 total points
ID: 35033642
For starters, as Lloyd says, you need a more complex password. Also FYI:

http://www.elcomsoft.com/archpr.html
0
 
LVL 39

Assisted Solution

by:Aaron Tomosky
Aaron Tomosky earned 200 total points
ID: 35033688
Rar does not have any exploits like office docs so as long as your password is sufficiently long and complex it will stand up to a brute force attack as suggest above.

However a workflow suggestion if may: check out truecrypt.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 65

Accepted Solution

by:
btan earned 800 total points
ID: 35033812
if you unrar in an infected machine, and supposing there is keylogger, no matter how complex the password is, it can be logged. But I am not saying that having complex password is no good, it does help in deterring the brute force password cracking (e.g. RAR password cracker, dictionary attack, rainbow tbl). There is a site (http://www.passwordmeter.com/) for testing password complexity too. Nonetheless, minimally do have at least 8 characters in length, and choose a random combination of characters and digits

also we also need to be aware of temp remanence from the application to unrar to temp location, they need to be securely erase too. user had to be aware of it then. I understand that features list for WinRAR 3.8 says "New 'Wipe Temporary Files' option in 'Settings/Security' dialog provides more secure, though slower, way to delete temporary WinRAR files." this may help

having said that, WinRAR encryption algorithm was changed to AES (Advanced Encryption Standard) with a 128 bit key length starting with WinRAR 3.0. This is definitely stronger and a NIST standard, but of course 256bits can be considered too. but still we need to be aware of the weakest link, which is your password

probably you may want to consider two layer encryption which is add document security (encryption) into it. office and PDF support that straight from the application. dont think there is for image and video for direct used. of course the volume encryption using Truecrypt is another good candidate. they can bundle it with smartcard token which is a 2Factor authentication (even if they sniff pin, they cannot get your smartcard token)

for your info, in the past, WinRAR is assessed to be more secure than WinZIP (which uses proprietary scheme). of course thing evolved to be better for both  @ http://www.springerlink.com/content/adem7g0n9a9rqtw9/
0
 

Assisted Solution

by:gdi67
gdi67 earned 200 total points
ID: 35034456
it depends on how stong your password is. AFAIK winrar doesn't face cryptanalysis attack for now.
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 200 total points
ID: 35034500
Seconded - there is no easy break for winrar, you have to try to brute force the password by trying every possible combination until you find it.
If you use a short, letters only password, that can be done.
If you use a 12 or more character password, with upper case, lower case, number and symbols, its a monumental task and isn't going to happen.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
This article covers the basics of data encryption, what it is, how it works, and why it's important. If you've ever wondered what goes on when you "encrypt" data, you can look here to build a good foundation for your personal learning.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question