Originally posted here by nihil
Hi swoosh,

Remember that there are three factors to encryption security:

1. Password length
2. Password complexity
3. Strength of encryption algorithm

Now, as far as I know the encryption algorithm for standard file compression software is not very strong.

I have certainly seen a tool that will crack Zip files, and there may well be the same for Rar ones.

I would feel happier using a strong encryption application THEN compressing it.

Also remember that given time, nothing is secure.

cheers
Hi nihil. Neat post, I feel I got most of it covered with a pretty decent long random password, but I honestly haven't got a clue of how strong the encryption algorithm is. There are most definitly rar-crackers out there, but as said it takes ages to brute force something like that, atleast when a dictionary is out of the question. If I was talking seriously important files I'd also say go for a specialized encryption app instead of using something like rar. But as it's just a few small applications which aren't really that important to anyone, I think something like rar is an easy and fair enough way to go. One rar-cracker gave me an idea of how long time cracking it would take though. With a password with 100 chars/numbers it would take approx 115 years. Secure enough

The pass would look something like this (only 'slightly' longer):
asd564AIHD4a189s4afTYASFDFsaf984ad4A98as4fADDA654dfOIH54564FAas46asf84gjf894jd46I54ytUGofhugFI489swt16g4sdj5OIDUs66d5d546g4fASF6hfr46sh


Originally posted here by Black Cluster Of course, if you put something like m@n!M10 would be mroe difficult to brute forece than standard dictionary words.... This is obvious.

I think security is something a relative issue, you never know,, tomorrow might witness the born of new and fast password crackers... So to say, I think if your password is longe enought and has some multi cases like uper and lower pluse some non-standard characters.. this would hang, if not stop, the process of cracking it.....


That's all

S.P: I think zencoder have written a tutorial about Creating Safe Password, I could not find here... Here is a link for this tutorial at his official website.. Have a look... a very nice tutorial

http://www.zencoder.net/white-papers/

Cheers
Thanks, nice tutorial.


Originally posted here by wyred
Swoosh -

Elcomsoft(http://www.elcomsoft.com/arpr.html ) has a tool for recovering lost RAR passwords. It supports a brute-force and a dictionary attack. Their product info says that RAR files are protected by 128 bit AES, so the only option is brute-foce or dictionary. I know zip files were vulnerable to a known-plaintext attack, but I'm not sure if RAR's are But based on the information at Elcomsoft, a 1024 character password is good enought to protect a few .exe's
Sounds fair enough. If what they say is correct then it should be out of the question to try to crack a file with such a long password.

Alright, case closed. Thanks for the input