Andy M
asked on
7zip password
Hello,
how secure is 7zip password protection?
Thank you
how secure is 7zip password protection?
Thank you
The question is better considered as how secure you require your password to be.
For best security, you'll run zip or zstd or any other compressor, then encrypt your file with a tool like noci mentions or use openssl.
Using openssl (gold standard) provides pretty much uncrackable encryption.
If you must have 100% uncrackable encryption, then you'll use openssl to encrypt your files, then periodically rotate your passwords... meaning you decrypt + re-encrypt your file with a new password.
Normally password rotation is overkill.
To use openssl, you'll do something like this...
Where the $algo you select sets your encryption level.
If you have many large files, setting a harsh/high encryption level can produce a very long processing time.
This means you'll chose your $algo based on number of files, size of files, required encryption strength.
If you require automating this for many files, https://linuxconfig.org/using-openssl-to-encrypt-messages-and-files-on-linux provides good examples of how to pass very long passwords to openssl.
Big Note: Whether you input a password by hand or pass to openssl using STDIN, real security of your process relates to how you store your passwords.
For best security, you'll run zip or zstd or any other compressor, then encrypt your file with a tool like noci mentions or use openssl.
Using openssl (gold standard) provides pretty much uncrackable encryption.
If you must have 100% uncrackable encryption, then you'll use openssl to encrypt your files, then periodically rotate your passwords... meaning you decrypt + re-encrypt your file with a new password.
Normally password rotation is overkill.
To use openssl, you'll do something like this...
# encrypt
openssl $algo -in $file -out $file.encrypted
# decrypt
openssl $algo -d -in $file.encrypted -out $file
Where the $algo you select sets your encryption level.
If you have many large files, setting a harsh/high encryption level can produce a very long processing time.
This means you'll chose your $algo based on number of files, size of files, required encryption strength.
If you require automating this for many files, https://linuxconfig.org/using-openssl-to-encrypt-messages-and-files-on-linux provides good examples of how to pass very long passwords to openssl.
Big Note: Whether you input a password by hand or pass to openssl using STDIN, real security of your process relates to how you store your passwords.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
As mentioned above, the best password encryption scheme is no better than the password used. I looked at "instant crack" software last year and it's "instant" only if the password is contained in the cracking dictionary. If the password is not in the dictionary then the programs fall back to brute-force and that takes a good long time.
If you're worried about this then encrypt twice, once in the compressor and once using a good commercial encryptor program, using long passwords that are randomly generated.
If you're worried about this then encrypt twice, once in the compressor and once using a good commercial encryptor program, using long passwords that are randomly generated.
ASKER
andy's tables are the worst case guess timings possible. If the first attempt succeeds then it is less then 1 s.
Assume you need any of the 256 byte values to reach that times. not just characters & digits and a few from +-&*^%$...
Assume you need any of the 256 byte values to reach that times. not just characters & digits and a few from +-&*^%$...
7z is quite decent
Zip is easily crackable
Rar has used different algorithms. It used to be quite safe but i am unsure nowadays
An alternative that has not be mentionned is pgp. Which i belive tobe quite safe.
but obviously, when it comes to symmetric encryption, whatever algo used is only as safe as the password itself : if your password is sunshine, even military grade encryption will be brute forced in an instant.
Real military grade safety is usually achievable by transferring parts of the encrypted file over different vectors.
it is virtually impossible to decrypt or brute force a decent algorythm if you only have access to even of odd bits
Zip is easily crackable
Rar has used different algorithms. It used to be quite safe but i am unsure nowadays
An alternative that has not be mentionned is pgp. Which i belive tobe quite safe.
but obviously, when it comes to symmetric encryption, whatever algo used is only as safe as the password itself : if your password is sunshine, even military grade encryption will be brute forced in an instant.
Real military grade safety is usually achievable by transferring parts of the encrypted file over different vectors.
it is virtually impossible to decrypt or brute force a decent algorythm if you only have access to even of odd bits
i forgot to mention that 10 passwords per second as mentioned above is a joke. my laptop probably can do 10 thousand per second without any specific optimisation. not speaking of tweaked arm chips, GPUs, a regular supercomputer, a botnet... brute forcing IS an actual issue nowadays. prefer passphrases over passwords with whatever useless complexity level.
There are lot of "instant" recoover your passwords tools floating around. (for zip, rar, 7z etc.)
If you need serious encryption for any file user aespipe ( http://loop-aes.sourceforge.net )