Solved

use password in win rar to protect file is secure or not

Posted on 2011-03-03
6
632 Views
Last Modified: 2012-05-11
I use winrar to protect file from some one to read i use password in winrar about 5 digit it secure or not
and  when i want to read I unrar it and read it then i delete it normally it is a text file how can i make sure that txt file that I unrar can not use some pro gram to make it readable a gain
0
Comment
Question by:teera
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 3

Assisted Solution

by:lloydclinton
lloydclinton earned 50 total points
ID: 35033491
Use a complex password larger than 5 characters
0
 
LVL 5

Assisted Solution

by:ChopOMatic
ChopOMatic earned 100 total points
ID: 35033642
For starters, as Lloyd says, you need a more complex password. Also FYI:

http://www.elcomsoft.com/archpr.html
0
 
LVL 39

Assisted Solution

by:Aaron Tomosky
Aaron Tomosky earned 50 total points
ID: 35033688
Rar does not have any exploits like office docs so as long as your password is sufficiently long and complex it will stand up to a brute force attack as suggest above.

However a workflow suggestion if may: check out truecrypt.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 63

Accepted Solution

by:
btan earned 200 total points
ID: 35033812
if you unrar in an infected machine, and supposing there is keylogger, no matter how complex the password is, it can be logged. But I am not saying that having complex password is no good, it does help in deterring the brute force password cracking (e.g. RAR password cracker, dictionary attack, rainbow tbl). There is a site (http://www.passwordmeter.com/) for testing password complexity too. Nonetheless, minimally do have at least 8 characters in length, and choose a random combination of characters and digits

also we also need to be aware of temp remanence from the application to unrar to temp location, they need to be securely erase too. user had to be aware of it then. I understand that features list for WinRAR 3.8 says "New 'Wipe Temporary Files' option in 'Settings/Security' dialog provides more secure, though slower, way to delete temporary WinRAR files." this may help

having said that, WinRAR encryption algorithm was changed to AES (Advanced Encryption Standard) with a 128 bit key length starting with WinRAR 3.0. This is definitely stronger and a NIST standard, but of course 256bits can be considered too. but still we need to be aware of the weakest link, which is your password

probably you may want to consider two layer encryption which is add document security (encryption) into it. office and PDF support that straight from the application. dont think there is for image and video for direct used. of course the volume encryption using Truecrypt is another good candidate. they can bundle it with smartcard token which is a 2Factor authentication (even if they sniff pin, they cannot get your smartcard token)

for your info, in the past, WinRAR is assessed to be more secure than WinZIP (which uses proprietary scheme). of course thing evolved to be better for both  @ http://www.springerlink.com/content/adem7g0n9a9rqtw9/
0
 

Assisted Solution

by:gdi67
gdi67 earned 50 total points
ID: 35034456
it depends on how stong your password is. AFAIK winrar doesn't face cryptanalysis attack for now.
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 50 total points
ID: 35034500
Seconded - there is no easy break for winrar, you have to try to brute force the password by trying every possible combination until you find it.
If you use a short, letters only password, that can be done.
If you use a 12 or more character password, with upper case, lower case, number and symbols, its a monumental task and isn't going to happen.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question