Solved

use password in win rar to protect file is secure or not

Posted on 2011-03-03
6
626 Views
Last Modified: 2012-05-11
I use winrar to protect file from some one to read i use password in winrar about 5 digit it secure or not
and  when i want to read I unrar it and read it then i delete it normally it is a text file how can i make sure that txt file that I unrar can not use some pro gram to make it readable a gain
0
Comment
Question by:teera
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 3

Assisted Solution

by:lloydclinton
lloydclinton earned 50 total points
ID: 35033491
Use a complex password larger than 5 characters
0
 
LVL 5

Assisted Solution

by:ChopOMatic
ChopOMatic earned 100 total points
ID: 35033642
For starters, as Lloyd says, you need a more complex password. Also FYI:

http://www.elcomsoft.com/archpr.html
0
 
LVL 39

Assisted Solution

by:Aaron Tomosky
Aaron Tomosky earned 50 total points
ID: 35033688
Rar does not have any exploits like office docs so as long as your password is sufficiently long and complex it will stand up to a brute force attack as suggest above.

However a workflow suggestion if may: check out truecrypt.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 63

Accepted Solution

by:
btan earned 200 total points
ID: 35033812
if you unrar in an infected machine, and supposing there is keylogger, no matter how complex the password is, it can be logged. But I am not saying that having complex password is no good, it does help in deterring the brute force password cracking (e.g. RAR password cracker, dictionary attack, rainbow tbl). There is a site (http://www.passwordmeter.com/) for testing password complexity too. Nonetheless, minimally do have at least 8 characters in length, and choose a random combination of characters and digits

also we also need to be aware of temp remanence from the application to unrar to temp location, they need to be securely erase too. user had to be aware of it then. I understand that features list for WinRAR 3.8 says "New 'Wipe Temporary Files' option in 'Settings/Security' dialog provides more secure, though slower, way to delete temporary WinRAR files." this may help

having said that, WinRAR encryption algorithm was changed to AES (Advanced Encryption Standard) with a 128 bit key length starting with WinRAR 3.0. This is definitely stronger and a NIST standard, but of course 256bits can be considered too. but still we need to be aware of the weakest link, which is your password

probably you may want to consider two layer encryption which is add document security (encryption) into it. office and PDF support that straight from the application. dont think there is for image and video for direct used. of course the volume encryption using Truecrypt is another good candidate. they can bundle it with smartcard token which is a 2Factor authentication (even if they sniff pin, they cannot get your smartcard token)

for your info, in the past, WinRAR is assessed to be more secure than WinZIP (which uses proprietary scheme). of course thing evolved to be better for both  @ http://www.springerlink.com/content/adem7g0n9a9rqtw9/
0
 

Assisted Solution

by:gdi67
gdi67 earned 50 total points
ID: 35034456
it depends on how stong your password is. AFAIK winrar doesn't face cryptanalysis attack for now.
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 50 total points
ID: 35034500
Seconded - there is no easy break for winrar, you have to try to brute force the password by trying every possible combination until you find it.
If you use a short, letters only password, that can be done.
If you use a 12 or more character password, with upper case, lower case, number and symbols, its a monumental task and isn't going to happen.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Virus .zepto files 10 110
How do I Uninstall Sophos endpoint Security 8 102
Header of docx file 17 130
Evaluating Enterprise Antivirus solutions 2 36
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question