Solved

use password in win rar to protect file is secure or not

Posted on 2011-03-03
6
612 Views
Last Modified: 2012-05-11
I use winrar to protect file from some one to read i use password in winrar about 5 digit it secure or not
and  when i want to read I unrar it and read it then i delete it normally it is a text file how can i make sure that txt file that I unrar can not use some pro gram to make it readable a gain
0
Comment
Question by:teera
6 Comments
 
LVL 3

Assisted Solution

by:lloydclinton
lloydclinton earned 50 total points
ID: 35033491
Use a complex password larger than 5 characters
0
 
LVL 5

Assisted Solution

by:ChopOMatic
ChopOMatic earned 100 total points
ID: 35033642
For starters, as Lloyd says, you need a more complex password. Also FYI:

http://www.elcomsoft.com/archpr.html
0
 
LVL 38

Assisted Solution

by:Aaron Tomosky
Aaron Tomosky earned 50 total points
ID: 35033688
Rar does not have any exploits like office docs so as long as your password is sufficiently long and complex it will stand up to a brute force attack as suggest above.

However a workflow suggestion if may: check out truecrypt.
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 
LVL 62

Accepted Solution

by:
btan earned 200 total points
ID: 35033812
if you unrar in an infected machine, and supposing there is keylogger, no matter how complex the password is, it can be logged. But I am not saying that having complex password is no good, it does help in deterring the brute force password cracking (e.g. RAR password cracker, dictionary attack, rainbow tbl). There is a site (http://www.passwordmeter.com/) for testing password complexity too. Nonetheless, minimally do have at least 8 characters in length, and choose a random combination of characters and digits

also we also need to be aware of temp remanence from the application to unrar to temp location, they need to be securely erase too. user had to be aware of it then. I understand that features list for WinRAR 3.8 says "New 'Wipe Temporary Files' option in 'Settings/Security' dialog provides more secure, though slower, way to delete temporary WinRAR files." this may help

having said that, WinRAR encryption algorithm was changed to AES (Advanced Encryption Standard) with a 128 bit key length starting with WinRAR 3.0. This is definitely stronger and a NIST standard, but of course 256bits can be considered too. but still we need to be aware of the weakest link, which is your password

probably you may want to consider two layer encryption which is add document security (encryption) into it. office and PDF support that straight from the application. dont think there is for image and video for direct used. of course the volume encryption using Truecrypt is another good candidate. they can bundle it with smartcard token which is a 2Factor authentication (even if they sniff pin, they cannot get your smartcard token)

for your info, in the past, WinRAR is assessed to be more secure than WinZIP (which uses proprietary scheme). of course thing evolved to be better for both  @ http://www.springerlink.com/content/adem7g0n9a9rqtw9/
0
 

Assisted Solution

by:gdi67
gdi67 earned 50 total points
ID: 35034456
it depends on how stong your password is. AFAIK winrar doesn't face cryptanalysis attack for now.
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 50 total points
ID: 35034500
Seconded - there is no easy break for winrar, you have to try to brute force the password by trying every possible combination until you find it.
If you use a short, letters only password, that can be done.
If you use a 12 or more character password, with upper case, lower case, number and symbols, its a monumental task and isn't going to happen.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Healthcare providers, insurance companies and other covered entities trust eFax Corporate to transmit their most sensitive documents. eFax Corporate can help your organization implement a HIPAA compliant cloud faxing solution.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question