|
Best Porn Sites | Live Sex | Register | FAQ | Members List | Calendar |
Help Section If you have technical problems or questions then post or look for answers here. |
|
Thread Tools | Display Modes |
June 10th, 2010, 04:08 AM | #1 |
Senior Member
Join Date: Feb 2009
Posts: 241
Thanks: 973
Thanked 2,813 Times in 233 Posts
|
Security - Encryption vs Password Protection
Hi,
I'm just curious if any of you have any thoughts about file security using encryption, e.g. PGP, versus Password Protected RAR files. For example, is a file encrypted using say a 64 character string in PGP any more (or less) secure than a RAR file with a 64 character password.
__________________
Dear Aunt Em, Hate you, hate Kansas, taking the dog. Dot. |
The Following User Says Thank You to spyderccp For This Useful Post: |
|
June 10th, 2010, 10:58 PM | #2 |
Vintage Member
Join Date: Jul 2007
Posts: 443
Thanks: 2,727
Thanked 21,496 Times in 536 Posts
|
Howdy,
There are probably hundreds of versions of PGP, with different levels of security. As I understand RAR uses AES for encryption algorithm. Personally I prefer to keep the archieving program (RAR, ZIP, tar) separate from the encryption program. The simpler or weaker a program is the harder it is to break or manipulate. In the end it also matters who you are protecting the files from. /trm |
The Following 4 Users Say Thank You to the real McCoy For This Useful Post: |
June 11th, 2010, 12:07 AM | #3 |
Vintage Member
Join Date: Jun 2008
Location: Behind the Decks
Posts: 1,902
Thanks: 5,342
Thanked 45,319 Times in 1,892 Posts
|
Both are susceptible to brute force hacks, but to be honest cracking a 64 character password Rar is easier than decrypting an 64bit encrypted file
__________________
Please read the Forum To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts. |
June 23rd, 2010, 09:10 PM | #4 | |
Vintage Member
Join Date: Jul 2007
Posts: 443
Thanks: 2,727
Thanked 21,496 Times in 536 Posts
|
Quote:
The length of the password is not the same as the length of the encryption key. Maybe you already know this. Apologies, all around. As far as I know, a 64 character string is going to be equally hard to guess. It's just a 64 character string, whether you use PGP or some other program. The numbers of possible passwords are the same. If we are talking encryption key length, I don't think that any PGP version ships with a 64 bit key length. That's very short. As I remember there were a 512, 1024 and a 2048 bit encryption key length available in my Open Source version of PGP. The algorithm in AES doesn't need as long encryption keys as PGP. Thus a 64 bit AES key would be harder to crack then a 64 bit PGP key. However, neither AES does ship with such short keys. As far as I know the shortest encryption key length is 128 bit in AES. (Ok, I had to Google that one). /trm |
|
June 24th, 2010, 09:55 PM | #5 |
Former Staff
Join Date: Aug 2008
Location: Germany - Tripping the Rift
Posts: 1,427
Thanks: 16,756
Thanked 39,593 Times in 1,329 Posts
|
Your are comparing apples with oranges and here is my complicated answer:
1. RAR encryption is used to encrypt data for all users which share a secret (i.e. the password). The password is used to generate an encryption key which in turn is used to encrypt the data. This is called symmetric cryptology because the sender and the recipient share the same secret. 2. PGP (or its free GNU pedant GPG) is mainly intended for encrypting data for certain recipient(s). The sender uses the public key(s) of the recipient(s) to encrypt the data. For this the recipients must have communicated their public key(s) to the sender. The recipient uses the matching private key (which is his personal secret which he doesn't share with anyone) to decrypt the data. Nobody who doesn't knows the private key of one of the recipient(s) should be able to decrypt the data (even not the sender if he doesn't is also one of the recipients himself). This is called asymmetric cryptography because sender and recipient don't share a secret. PGP usually protects the private key with a passphrase. Nobody who doesn't knows the passphrase should be able to use the private key to decrypt data which was encrypted for the recipient. I assume you meant the passphrase when you talked about the 64 character string in PGP. And here are you comparing apples with oranges again, the passphrase is not used to encrypt the data (or to derive a key for encryption), it only protects your private key But to make it more complicated PGP has also a symmetric mode (for GPG the command line option is `-c' or `--symmetric'). In this case a password is requested which in turn is used to generate a key that is used to encrypt the data by using a certain algorithm, e.g. AES. The length of the generated key depends on the algorithm. And this is more or less the same what RAR makes, both programs use different (default) algorithms (DES, AES CAST5, whatever) in different program versions. And here is a more practical answer under the assumption that you want to use symmetrical cryptography (i.e. share your data with all of us ): Recent versions of RAR use AES for encryption, my actual version of GPG use CAST5 by default. Which algorithm is better is beyond my knowledge. But a practical approach: The key which is used is derived from your password. Using common, short passwords like "qwerty" makes it easy to guess the password (dictionary attack). The attacker may also assume short passwords (e.g. up to 8 characters) which make it easier to guess the password by trying all possibilities (brute-force attack) in a reasonable time. There may also still be some programs which uses "weak" algorithms for encryption which make it easy to decrypt data. But as far as I know neither PGP nor (recent versions of) RAR do this.
__________________
PM me if my uploads are no longer available, I will re-upload them Last edited by svga; June 24th, 2010 at 10:29 PM.. Reason: additional info |
The Following 3 Users Say Thank You to svga For This Useful Post: |
|
|