![]() VeraCrypt is based on TrueCrypt and is compatible with the old TrueCrypt containers. Sadly TrueCrypt is no longer in active development but it's successor VeraCrypt is. Not only is this more secure than WinRAR (I trust TrueCrypt, which is written with security in mind from day 1, far more than any product whose encryption is an ancillary feature), it is also more convenient: you mount the encrypted disk by providing your password, then you can open files on the disk transparently, and when you've finished you unmount the encrypted disk. TrueCrypt provides a virtual disk which is stored as an encrypted file. The de facto standard since you're using Windows was TrueCrypt. Therefore I recommend using a software that is dedicated to encryption. The advantage of using the encryption built into the RAR format is that you can distribute an encrypted RAR archive to anyone with WinRAR, 7zip or other common software that supports the RAR format. Our results, compared to recent attacks on WinZip by Kohno, show that WinRAR appears to offer slightly better security features. Instead, time and again such a practice has shown to result in flawed systems. In other words, no matter how securely designed each primitive is, using them especially in association with other primitives does not always guarantee secure systems. These attacks are possible due to the subtlety in developing security software based on the integration of multiple cryptographic primitives. In this paper, we present several attacks on the encryption feature provided by the WinRAR compression software. Quoting from the abstract (I haven't read the full text, it doesn't seem to be accessible without paying): WinRAR uses 262144 rounds of SHA-1 with a 64-bit salt, that's good key strengthening.Īn academic paper has been written on the security of WinRAR: On the security of the WinRAR encryption feature by Gary S.-W. ![]() A weak password is toast anyway, but good key strengthening can make the difference for a reasonably complex but still memorable password. Another important element is how the key is derived from the password: what kind of key strengthening is performed? The slower the derivation of the key from the password, the more costly it is for an attacker to find the password (and hence the key) by brute force. This is only one of the elements of security, however. WinRAR offers you the benefit of industry strength archive encryption using AES (Advanced Encryption Standard) with a key of 128 bits.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |