If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#31
|
|||
|
|||
password-protecting a file or folder
John B. Smith wrote:
As another poster said, if any govt agency wants your password all they have to do is threaten huge fines etc till you cave. And why having a special container with TrueCrypt (I'm assuming VeraCrypt has it, too) lets you divulge a password under duress that lets them into one part of the container that has inocuous files within without giving them the password to the real goodies in the other part of the container. You have an exposed volume with one password that you can secrete non-damaging files, even those you still want to secrete from casual users and a different password to access a hidden volume within the container where are the damaging or highly sensitive files that you want to secrete from everyone else. https://www.howtogeek.com/109210/the...hidden-volume/ The law (here in the US) cannot legally force you to self-incriminate. They can attempt to lure by saying they will drop or lessen the charges but that doesn't force you to divulge the password. They're even allowed to lie during interrogation. Tell them you want to talk to your lawyer before you divulge anything to them. Shutup until you speak with your lawyer. That's the only response you give them. Yeah, you might end up charged and go to jail and court but they'll have no evidence. I couldn't find a video on it but remember watching a TV show about stupid crooks. In one episode, they had captured a purse snatcher and drove back to the scene of the crime where the victim was still waiting. The idea was to have the victim identify the thief. The police car parked on the other side of the street from the victim and had the accused stand alongside the police car while cuffed. Before the victim could say anything, the accused said, "Yes, officer. That's the woman that I stole the purse." The cop holding the cuffed accused turned around laughing loudly barely maintaining a grip on the accused. The second officer bent over and laid atop the hood while roaring with laughter. The accused has no idea how identification worked. Tell them you forgot the password because you have not accessed that container for way too long to remember. The datestamp on the container file does not change when you make changes to the files inside (create, write, delete, rename, move) because all those changes are recorded within the file system that gets mounted when you access the container. The external file system with the container file sees no changes to the size or datestamp of that file. If you created a container, say, 2 years ago then that is the datestamp it still has even if you just created a new file within the container's file system. If you create a fixed-sized container then its size never changes, too, no matter how may files you create or delete within that container. To outsiders, it looks like you haven't touched the container for 2 years, so it is plausible you forgot the password. |
Ads |
#32
|
|||
|
|||
password-protecting a file or folder
dave61430 wrote:
On Thu, 19 Jul 2018 20:44:43 -0500, Jo-Anne wrote: On 7/19/2018 4:30 PM, VanguardLH wrote: Jo-Anne wrote: I like the idea of zipping the files and either password-protecting or encrypting the zipped files. Password protection of .zip files is easily hacked. That is why I did not mention using passworded compressed archive files (.zip, .7z, etc). If the zip tool offers legacy Zip and AES encryption, choose AES. WinZip (payware) offers AES (128 and 256 bit) encryption. Other zip tools usually only offer the weak legacy Zip encryption. There are many password recovery tools that will hack the weak legacy Zip password. Many users like 7-zip (freeware). I use Peazip (also freeware) because it supports most of the compression algorithms along with 7-zip's own (Peazip got the library from 7-zip); however, Peazip has a more modern UI than for 7-zip whose UI harkens back to the Windows 3.x era. However, neither one supports AES encryption, just the weak encryption. http://www.peazip.org/encrypt-files.html While a hacker might try decrypting the AES-based content, they would have to also have to separately try Serpent or TwoFish which would dramatically add to the time to decrypt successfully. 7-Zip just has AES encryption. Peazip has AES, TwoFish, and Serpent; however, since I haven't used encryption with Peazip, I don't know how to select which encryption algorithm to use (and didn't see an option when creating a new archive). Couple be, per the above article, a combined AES + Serpent + TwoFish encryption requires using the .pea archive format. When putting files into a compressed archive with a password, remember that the original file sticks around. You would have to delete it. Whether you or the archiver deletes the file, the file's contents still occupies the file system's clusters until those clusters are reallocated to another file AND until those clusters get overwritten by some other program writing to that file. Peazip comes with a secure file eraser (which can optionally be added to the Windows Explorer context menu). There are lots of file recovery tools. If you don't want to leave behind any trace of a file's content that you put into a passworded archive file then you need to securely erase the original file, not just delete it. I have Peazip configured to do 2 passes to securely erase the clusters occupied by a file. That is more than sufficient with drive manufactured for over two decades. Only on ancient RLL-encoded hard drives might the 35-pass Gutmann method. Note when using encryption within a .zip file that normally just the *contents* of the files stored within the archive file are encrypted. The filenames listed as records within the archive will still have the original names. If you need to ensure that no one can deduce what might be within a file, use an archiver that also encrypts the filenames. Peazip has that option. I'd have to research to find out if 7-zip does. Peazip also offers a two-factor algorithm: not only do you need to know the password but must also supply a keyfile. You generate a keyfile for the .zip archive and store it somewhere, like on a USB flash drive to which only you have physical access (because you don't want someone else copying the keyfile off the USB drive). I've never bothered with 2-factor authentication but then I don't bother using encryption in archivers since I use TrueCrypt (or you could use BestCrypt Traveller or VeraCrypt or other alternatives). I haven't used Traveller or VeraCrypt. In TrueCrypt, you can even compound the encryption algorithms. You could just use AES, or you could use AES + TwoFish or AES + TwoFish + Serpent. The added layers make decryption much more difficult; however, the extra encryptions also make decryption slower, so the access to the mounted container will be slower (not a problem with doc files but perhaps with videos). In addition, you can create an encrypted container (file) that has 2 passwords: one which allows access to one part of the container and another that allows access to a more secret part of the container. If someone forces you to reveal your password, like pointing a gun at your kids or wife or you or to satisfy FBI investigators applying legal action, you could give them the first password. That lets them into the first part of the container where you deposited inocuous files (something to appease the intruder but nothing sensitive or hurtful to you). They cannot get into the second part of the container where is the real files you want to hide. They cannot determine there is a second password and a second portion of the container because all that data is always randomized by TrueCrypt (rather than being unallocated). Again, these are advanced features that some users don't care about, so they want something simpler, like BestCrypt Traveller. If you go with a compressed archiver (.zip files), many use weak legacy Zip encryption that password recovery tools can hack. So choose wisely. https://www.youtube.com/watch?v=0H3rdfI28s0 And remember that when you read any file whether from an encrypted container or zip file that there could be [temporary] copies left behind outside the container or zip file. The files are secure only when in situ inside the container. Editing a file means creating a temporary copy of it or buffers (which might be in memory but could be on th disk) within the program with portions of the file. You might copy the file out of the container. Once you close the container, you need to securely wipe any remnants of the file when it was outside the container. Thank you, Vanguard. You've been very clear. The situation is more complex than I had anticipated. No he isn't very clear, what is clear is he doesn't read too well. I said encrypt the zip file with something like AESCrypt, not at all the same as using the built in crackable scheme in some zip iterations. If you are paranoid about deleting the original file, there are a number of secure delete utilities available. Note, AXCrypt deletes and scrubs the original but is windows only. I'm on Linux, but want to be able to recover in windows in need be. Your inclusion of using an archiver was irrelevant to using AESCrypt to encrypt the *file*. After encryption, doesn't matter if the file is left in the file system or moved into an archive file: it's encrypted either way. You just compounded the solutions as though both were necessary. The OP never asked how to reduce the disk footprint of an encrypted file. Because you misled the OP is why she said, "I like the idea of zipping the files ...". She was looking at using archiving with passwords. She could encrypt the file and be done. No archiving (zipping) needed. She could shove the file into an archive and then encrypt the archive file but that is unnecessary to her original intention of encrypting the original file. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|