Bitcoin Forum
December 09, 2016, 02:21:24 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: Is a passworded WINRAR file an effective encryption method?  (Read 12023 times)
compro01
Hero Member
*****
Offline Offline

Activity: 485


View Profile
June 29, 2011, 04:09:57 PM
 #21

Go with TrueCrypt.

I know this shouldn't matter, but I think it would be weird to protect something so valuable with a program everyone has on their desktop.   I am not sure why I feel like it matters to me, but it does, I can't find the logic in it yet.

Only annoying part is that you have to create a volume that is big enough, because re-sizing isn't really possible (I've saw somewhere about someone having a 150MB+ wallet.dat file)

Just create a 1gb volume and have the entire bitcoin datadir in that.

or if you use a file system that supports it (ext2,3,and 4, btrfs, NTFS, UFS/BFFS, reiser, XFS, and ZFS all support sparse files, and those are basically all the file systems that matter for general purposes), create the truecrypt volume as a sparse file of some suitable large size.
1481250084
Hero Member
*
Offline Offline

Posts: 1481250084

View Profile Personal Message (Offline)

Ignore
1481250084
Reply with quote  #2

1481250084
Report to moderator
1481250084
Hero Member
*
Offline Offline

Posts: 1481250084

View Profile Personal Message (Offline)

Ignore
1481250084
Reply with quote  #2

1481250084
Report to moderator
1481250084
Hero Member
*
Offline Offline

Posts: 1481250084

View Profile Personal Message (Offline)

Ignore
1481250084
Reply with quote  #2

1481250084
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481250084
Hero Member
*
Offline Offline

Posts: 1481250084

View Profile Personal Message (Offline)

Ignore
1481250084
Reply with quote  #2

1481250084
Report to moderator
1481250084
Hero Member
*
Offline Offline

Posts: 1481250084

View Profile Personal Message (Offline)

Ignore
1481250084
Reply with quote  #2

1481250084
Report to moderator
XIU
Member
**
Offline Offline

Activity: 84


View Profile
June 29, 2011, 04:12:08 PM
 #22

or if you use a file system that supports it (ext2,3,and 4, btrfs, NTFS, UFS/BFFS, reiser, XFS, and ZFS all support sparse files, and those are basically all the file systems that matter for general purposes), create the truecrypt volume as a sparse file of some suitable large size.

That won't work, since the volume is an encrypted volume it will be completely random (as in the selected size) data. So if you create a 10GB volume it will really use 10GB even if it contains no data.

1xiuHwHk81j4TRnLuLBMvH2ctqtTsubT6
RomertL
Full Member
***
Offline Offline

Activity: 192


View Profile WWW
June 29, 2011, 04:30:09 PM
 #23

Is there anyway the files could get corrupted when encrypting? If so you will loose everything right? It has happened more than one time that I try to open a .zip or .rar-file that turn out to be corrupt. I guess you need to get a offline-copy on a USB for example as well to avoid that?

Looking for an easy way to charge bitcoins at: houseofreplicas.net, high quality replica watches. Using WP with the E-shop plug-in at the moment for charging credit-cards.
---------------------------------------------------------------------------
bitcoin address: 1e8SHzCbxTJNo8LkNomeRppTSKX7rDwuB
compro01
Hero Member
*****
Offline Offline

Activity: 485


View Profile
June 29, 2011, 04:39:16 PM
 #24

or if you use a file system that supports it (ext2,3,and 4, btrfs, NTFS, UFS/BFFS, reiser, XFS, and ZFS all support sparse files, and those are basically all the file systems that matter for general purposes), create the truecrypt volume as a sparse file of some suitable large size.

That won't work, since the volume is an encrypted volume it will be completely random (as in the selected size) data. So if you create a 10GB volume it will really use 10GB even if it contains no data.

no, that is not the case.  Truecrypt supports creating sparse ("dynamic") volumes, which function exactly as i specified.  see page 37 of the truecrypt user guide.

though on further research, it appears to only be available in the windows version of truecrypt for some reason.
foggyb
Legendary
*
Offline Offline

Activity: 1302


View Profile
June 29, 2011, 04:47:24 PM
 #25

GPU password cracking for winrar: http://www.golubev.com/rargpu.htm

19,000 passwords per second on a Radeon 5970.

That is very slow rate. Even with a small mining cluster, you will not solve 10+ char non-dictionary passwords (with upper/lower case letters, numbers and symbols) in a month.
XIU
Member
**
Offline Offline

Activity: 84


View Profile
June 29, 2011, 05:35:52 PM
 #26

That won't work, since the volume is an encrypted volume it will be completely random (as in the selected size) data. So if you create a 10GB volume it will really use 10GB even if it contains no data.

no, that is not the case.  Truecrypt supports creating sparse ("dynamic") volumes, which function exactly as i specified.  see page 37 of the truecrypt user guide.

though on further research, it appears to only be available in the windows version of truecrypt for some reason.

Yup, seems you are right, you can use sparse files on NTFS partitions. Although they say that the performance will be worse (not really a problem), and that it's less secure because only the used part will be encrypted (not really a problem since an encrypted .rar will also only be the encrypted data).

1xiuHwHk81j4TRnLuLBMvH2ctqtTsubT6
lyndaeldo
Newbie
*
Offline Offline

Activity: 1


View Profile
August 22, 2016, 04:45:16 AM
 #27

The advantage of using the encryption built into the RAR format is that you can distribute an encrypted RAR archive to anyone with WinRAR, 7zip or other common software that supports the RAR format. For your use case, this is irrelevant. Therefore I recommend using a software that is dedicated to encryption.

The de facto standard since you're using Windows was TrueCrypt. TrueCrypt provides a virtual disk which is stored as an encrypted file. Not only is this more secure than WinRAR (I trust TrueCrypt, which is written with security in mind from day 1, far more than any product whose encryption is an ancillary feature), it is also more convenient: you mount the encrypted disk by providing your password, then you can open files on the disk transparently, and when you've finished you unmount the encrypted disk. Sadly TrueCrypt is no longer in active development but it's successor VeraCrypt is. VeraCrypt is based on TrueCrypt and is compatible with the old TrueCrypt containers.

Lynda

abayan
Full Member
***
Offline Offline

Activity: 126


View Profile
August 22, 2016, 05:03:28 AM
 #28

That won't work, since the volume is an encrypted volume it will be completely random (as in the selected size) data. So if you create a 10GB volume it will really use 10GB even if it contains no data.

no, that is not the case.  Truecrypt supports creating sparse ("dynamic") volumes, which function exactly as i specified.  see page 37 of the truecrypt user guide.

though on further research, it appears to only be available in the windows version of truecrypt for some reason.

Yup, seems you are right, you can use sparse files on NTFS partitions. Although they say that the performance will be worse (not really a problem), and that it's less secure because only the used part will be encrypted (not really a problem since an encrypted .rar will also only be the encrypted data).

But it can be decrypted but takes a long period of time using bruteforce!

DooMAD
Legendary
*
Offline Offline

Activity: 1092



View Profile WWW
August 22, 2016, 07:25:12 AM
 #29

Make sure you pick at least one character in each group:

Lowercase: abcdefghijklmnopqrstuvwxyz
Uppercase: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Number: 1234567890
Symbol: `~!@#$%^&*()-_=+\|[{]};:'",<.>/? (space)

09 char = insecure
10 char = low security
11 char = medium security
12 char = good security (good enough for your wallet)
13 char = v.good enough for anything.

It's also best to avoid words altogether, as "ch4r4ct3r su8st!tut!0n" alone doesn't cut it anymore.  No intelligent thief is attempting to brute force anything.  They're going to try to predict the mentality you're using when coming up with a password and use it against you.

https://www.theguardian.com/technology/2016/aug/19/password-strength-meters-security

Quote
The longer and more complex the password, the longer it will take to crack by simply iterating through a list of all possible passwords. According to Stockley, however, brute force is a password cracker’s last resort.

“Their first line of attack is likely to be based on dictionary words and rules that mimic the common tricks we use to di5gu!se th3m. Measuring entropy doesn’t tell us anything about that,” Stockley said.

Stockley tested five popular password strength meters jQuery Password Strength Meter for Twitter Bootstrap, Strength.js, Mato Ilic’s PWStrength, FormGet’s jQuery Password Strength Checker and Paulund’s jQuery password strength demo.

He used five of the worst passwords possible that appear on a list of the 10,000 most common passwords: abc123, trustno1, ncc1701 (registration number of Star Trek’s USS Enterprise), iloveyou! and primetime21. All five were broken by the open-source password cracking software John the Ripper in under a second.

requester
Full Member
***
Offline Offline

Activity: 196



View Profile
October 19, 2016, 08:29:52 AM
 #30

No winrar password could be easily decrypted by special software available online. any encrypted data is easily decryptable by third party software. only 1 way encryption or encryption with a heavy key is secure upto some extent like like bitcoin wallet usage private and public key.

bitconnect coin [ ico ] [ community ] [ facebook ]
▬▬▬▬▬▬▬▬▬▬
community driven decentralized cryptocurrency
Sukrim
Legendary
*
Offline Offline

Activity: 1848


View Profile
October 19, 2016, 09:25:12 AM
 #31

No winrar password could be easily decrypted by special software available online. any encrypted data is easily decryptable by third party software. only 1 way encryption or encryption with a heavy key is secure upto some extent like like bitcoin wallet usage private and public key.
WinRar uses pretty standard AES, do you have any sources that claim to decrypt a rar archive with any other method than bruteforce?

https://bitfinex.com <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with this refcode: x5K9YtL3Zb
Mail me at Bitmessage: BM-BbiHiVv5qh858ULsyRDtpRrG9WjXN3xf
Soros Shorts
Donator
Legendary
*
Offline Offline

Activity: 1458



View Profile
October 19, 2016, 09:40:26 AM
 #32

No winrar password could be easily decrypted by special software available online. any encrypted data is easily decryptable by third party software. only 1 way encryption or encryption with a heavy key is secure upto some extent like like bitcoin wallet usage private and public key.

"One way encryption" to secure a Bitcoin wallet? Then how are you supposed to use the wallet again?
Dabs
Staff
Legendary
*
Offline Offline

Activity: 1526


64blocks.com


View Profile WWW
October 19, 2016, 01:51:03 PM
 #33

Maybe he meant one time use encryption, like one time pads. Those are too inconvenient to use even if you plan to protect thousands of BTC.

WinRAR uses "pretty good" encryption, AES 256 bit, and the key-stretching or whatever makes it crack resistant. TrueCrypt was better. Someone made a benchmark and TC cracking speed was 700 per second, while RAR cracking speed on the same hardware and software was maybe 10,000 to 20,000 per second, using GPUs.

That's still too slow for anyone using good long passwords. Just use a randomly generated password. Anything that looks like a bitcoin address should work fine. (Yes, you'd probably have to write that down somewhere as it's pretty hard to memorize a private key.)

64blocks.com Social Multiplayer Dice (Gambling) - Escrow Service (Services) - GPG ID: 32AD7565, OTC ID: Dabs
All messages concerning escrow or with bitcoin addresses are GPG signed. Please verify.
CompTIA A+, Microsoft Certified Professional, MCSA: Windows 10; Windows Server 2012, MCSE: Cloud Platform and Infrastructure; Productivity; Messaging
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!