A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows 7 » Windows 7 Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

password-protecting a file or folder



 
 
Thread Tools Rate Thread Display Modes
  #16  
Old July 19th 18, 02:17 PM posted to alt.windows7.general
dave61430[_2_]
external usenet poster
 
Posts: 31
Default password-protecting a file or folder

On Wed, 18 Jul 2018 15:43:37 -0500, Jo-Anne wrote:

I've Googled password-protecting files and folders; and according to
what I've read, one needs third-party software to do this in W7; or one
can encrypt the files/folders instead.

Any suggestions for third-party software?


Yes, I started off using TrueCrypt then VeraCrypt. Both were good and
cross platform, but VeraCrypt for some reason started opening the
encrypted container as read only and googling this it turned out others
were having the same problem. Both of these use an encrypted container,
which is essentially a single file the the program opens as a directory
when you enter the password. For single files, I use AESCrypt for Linux/
Windows compatibility. For windows only, AXCrypt is better since it
removes the target file once encrypted, whereas AEScrypt leaves both the
encrypted and original file in place. Obviously you then have to delete
the original file yourself.
I am now using SiriKali which again runs in both Linux and Windows. It's
quite good and again creates a container file. A nice feature is the size
of the file (container) grows as needed (but never shrinks). It's simpler
to use than the alternatives I mentioned.
There are others, particularly for windows. For archiving, I use a
regular zip file and encrypt it with AESCrypt.
As far as security, any of the above are very secure as long as you use a
decent password.
Ads
  #17  
Old July 19th 18, 03:01 PM posted to alt.windows7.general
Zaidy036[_5_]
external usenet poster
 
Posts: 427
Default password-protecting a file or folder

On 7/19/2018 6:40 AM, J. P. Gilliver (John) wrote:
In message , Jo-Anne
writes:
On 7/18/2018 8:39 PM, Zaidy036 wrote:
On 7/18/2018 5:23 PM, 0 On 18/07/2018 21:43, Jo-Anne wrote:
I've Googled password-protecting files and folders; and according to
what I've read, one needs third-party software to do this in W7; or
one can encrypt the files/folders instead.

Any suggestions for third-party software?


7-zip


7_zip is free and easy to use and can be run in a batch.


Thank you. I assume you mean that I can password-protect the zipped
files?

Yes, and that might be a good compromise. I think even the built-in .zip
handler can handle passwords, though I'm not sure about that. How robust
the protection available is is arguable, but as you've conceded nothing
is bulletproof; if all you want is that when thief/hacker tries to
access a file s/he is prompted for a password, this would be a good
first step (perhaps along with not using obvious filenames). Note that
(I think) you can see the _names_ of the files inside a
password-protected .zip file just by looking at it - you only need the
password to actually extract them. Play with it a bit to see if it'd
suit you (and read up on whether the ease of cracking it would suit your
needs).

https://www.7-zip.org/
There is an encrypt file names option
--
Zaidy036
  #18  
Old July 19th 18, 08:13 PM posted to alt.windows7.general
Jo-Anne[_4_]
external usenet poster
 
Posts: 1,101
Default password-protecting a file or folder

On 7/19/2018 6:30 AM, John B. Smith wrote:
On Wed, 18 Jul 2018 20:58:29 -0500, VanguardLH wrote:

Jo-Anne wrote:

On 7/18/2018 7:00 PM, VanguardLH wrote:
Jo-Anne wrote:

I've Googled password-protecting files and folders; and according to
what I've read, one needs third-party software to do this in W7; or one
can encrypt the files/folders instead.

Any suggestions for third-party software?

W7 (Windows 7) does not state which *edition* you have of that OS. The
Professional and Enterprise editions come with EFS (Encrypting File
System). If you use it, make damn sure to setup a recovery agent.

https://en.wikipedia.org/wiki/Encrypting_File_System
(Requires NTFS file system. You didn't say what you use.)

https://msdn.microsoft.com/en-us/library/cc875821.aspx

EFS is something you need to self-educate yourself before committing to
using it. So enjoy reading several articles about it, like:

https://www.nextofwindows.com/things...a-in-windows-7
and
https://www.google.com/search?q=windows+7+efs

As I recall, EFS was tied to your Windows logon - so you'll need one
(instead of blank credentials). That means no sharing of EFS-protected
folders with other Windows accounts under the same or different
instances of Windows. You can't dole out a shared password. With 3rd
party tools that utilize a password, anyone with it can get inside.

I've been twice burned by EFS. I went to TrueCrypt to secrete files
within a mountable container (becomes a drive letter when mounted). You
need to use version 7.1a since the latest version was deliberately
crippled for read-only mode when the authors scurried away (there is
speculation by their behavior that they got a National Security Letter
which legally bars them from revealing getting one, refused to add a
backdoor for the NSA or FBI, and left the last version crippled as a
warrant canary). There are variations of TrueCrypt since it used open
source code, like VeraCrypt.

Any superficial software that bans access to the file or folders using
permissions, ACLs, stacked file drivers, etc will not work when the OS
is not loaded along with that software/drivers. Booting using a
different OS, like from a CD or USB drive, or toting the drive to
another computer running a different instance of Windows will permit
access to all those files and folders. Permissions are enforced per
Windows instance, not across all of them. Using any other OS, whether
it be Windows or Linux, will let you get at the files. While the
container is mounted, you can immediate access to everything inside.
You need to unmount the container (drive) to re-protect its contents.
Logging out or shutting down Windows will also unmount the container.

There are some folder protect tools but they run as stacked file
drivers. That's why I mention they are easily avoided by using a
different OS to read the disk. In another instance of Windows or by
using Linux, the drivers and permissions won't be enforced. Only if
that 3rd party folder protect tool encrypts the folder would its
contents remain safe when using a different booted OS to access the
drive. No 3rd party software needed if you have the Pro or Enterprise
edition of Windows 7 where you can use EFS.

While TrueCrypt can also be used to encrypt an entire volume, like the
partition on the hard disk, even for the OS, I wouldn't suggest it.
Development on TrueCrypt ended before UEFI became ubiquitous in new PC
builds. Use TrueCrypt's whole-disk encryption only in MBR setups.
VeraCrypt is supposed to have been updated to support UEFI. However,
like Bitlocker, if you forget your login credentials, the entire volume
(partition) becomes unusable. You won't even be able to boot the OS
because it is within the encrypted volume. Some users are very paranoid
and use whole-disk encryption. You don't need to secrete the OS or app
code since it isn't your property anyway and anyone can get that code by
simply getting the same OS or app. You really only need to protect your
own data files (unless you're into programming and working on a new
project on your computer and want to make sure espionage can't be used
to get at your gem of new code).

Back in TrueCrypt's hey day, there were some alternative but not all
were free, like TrueCrypt (or provided source code for inspection and
instead were closed and proprietary). There have been 2 audits of
TrueCrypt's code: no backdoors were found and the defects were piddly.
BestCrypt had a free version but closed called Traveller. It was far
more basic than TrueCrypt but then not all users want all the features
of TrueCrypt.


It's Windows 7 Professional 64-bit NTFS. All this sounds, however, like
more than I want to get involved in. Maybe I should forget the whole
thing...


Learning a word processor takes effort, too, as does just about any
software you install.

I've used BestCript for many years. They advertise 'no back doors',
but who knows if this is true. It's pricey at $100 now. I was shocked
when I put Win7 on that my copy no longer works. You have to 'renew'
it every so often or it ages out. I wasn't aware. Since I've used
image backup for years I've managed to keep a working copy. It's a
fairly easy learning curve. It creates 'containers' that are encrypted
throughout and open as drives. A password lets you in.


Sounds interesting, John. I'll check it out. Thank you.

--
Jo-Anne
  #19  
Old July 19th 18, 08:18 PM posted to alt.windows7.general
Jo-Anne[_4_]
external usenet poster
 
Posts: 1,101
Default password-protecting a file or folder

On 7/19/2018 5:40 AM, J. P. Gilliver (John) wrote:
In message , Jo-Anne
writes:
On 7/18/2018 8:39 PM, Zaidy036 wrote:
On 7/18/2018 5:23 PM, 0 On 18/07/2018 21:43, Jo-Anne wrote:
I've Googled password-protecting files and folders; and according to
what I've read, one needs third-party software to do this in W7; or
one can encrypt the files/folders instead.

Any suggestions for third-party software?


7-zip


7_zip is free and easy to use and can be run in a batch.


Thank you. I assume you mean that I can password-protect the zipped
files?

Yes, and that might be a good compromise. I think even the built-in .zip
handler can handle passwords, though I'm not sure about that. How robust
the protection available is is arguable, but as you've conceded nothing
is bulletproof; if all you want is that when thief/hacker tries to
access a file s/he is prompted for a password, this would be a good
first step (perhaps along with not using obvious filenames). Note that
(I think) you can see the _names_ of the files inside a
password-protected .zip file just by looking at it - you only need the
password to actually extract them. Play with it a bit to see if it'd
suit you (and read up on whether the ease of cracking it would suit your
needs).



Thank you, John. One other question: Someone pointed out that password
protection of folders and files won't work if the disk is moved to
another operating system. As far as I can tell, 7-zip is primarily for
Windows, with something also for Linux. If the program won't run on
other OS's, would the password protection remain?

--
Jo-Anne
  #20  
Old July 19th 18, 08:19 PM posted to alt.windows7.general
Jo-Anne[_4_]
external usenet poster
 
Posts: 1,101
Default password-protecting a file or folder

On 7/19/2018 9:01 AM, Zaidy036 wrote:
On 7/19/2018 6:40 AM, J. P. Gilliver (John) wrote:
In message , Jo-Anne
writes:
On 7/18/2018 8:39 PM, Zaidy036 wrote:
On 7/18/2018 5:23 PM, 0 On 18/07/2018 21:43, Jo-Anne wrote:
I've Googled password-protecting files and folders; and according to
what I've read, one needs third-party software to do this in W7; or
one can encrypt the files/folders instead.

Any suggestions for third-party software?


7-zip


7_zip is free and easy to use and can be run in a batch.


Thank you. I assume you mean that I can password-protect the zipped
files?

Yes, and that might be a good compromise. I think even the built-in
.zip handler can handle passwords, though I'm not sure about that. How
robust the protection available is is arguable, but as you've conceded
nothing is bulletproof; if all you want is that when thief/hacker
tries to access a file s/he is prompted for a password, this would be
a good first step (perhaps along with not using obvious filenames).
Note that (I think) you can see the _names_ of the files inside a
password-protected .zip file just by looking at it - you only need the
password to actually extract them. Play with it a bit to see if it'd
suit you (and read up on whether the ease of cracking it would suit
your needs).

https://www.7-zip.org/
There is an encrypt file names option


Thank you for the additional info, Zaidy.

--
Jo-Anne
  #21  
Old July 19th 18, 08:21 PM posted to alt.windows7.general
Jo-Anne[_4_]
external usenet poster
 
Posts: 1,101
Default password-protecting a file or folder

On 7/19/2018 8:17 AM, dave61430 wrote:
On Wed, 18 Jul 2018 15:43:37 -0500, Jo-Anne wrote:

I've Googled password-protecting files and folders; and according to
what I've read, one needs third-party software to do this in W7; or one
can encrypt the files/folders instead.

Any suggestions for third-party software?


Yes, I started off using TrueCrypt then VeraCrypt. Both were good and
cross platform, but VeraCrypt for some reason started opening the
encrypted container as read only and googling this it turned out others
were having the same problem. Both of these use an encrypted container,
which is essentially a single file the the program opens as a directory
when you enter the password. For single files, I use AESCrypt for Linux/
Windows compatibility. For windows only, AXCrypt is better since it
removes the target file once encrypted, whereas AEScrypt leaves both the
encrypted and original file in place. Obviously you then have to delete
the original file yourself.
I am now using SiriKali which again runs in both Linux and Windows. It's
quite good and again creates a container file. A nice feature is the size
of the file (container) grows as needed (but never shrinks). It's simpler
to use than the alternatives I mentioned.
There are others, particularly for windows. For archiving, I use a
regular zip file and encrypt it with AESCrypt.
As far as security, any of the above are very secure as long as you use a
decent password.


Thank you, Dave. I like the idea of zipping the files and either
password-protecting or encrypting the zipped files.

--
Jo-Anne
  #22  
Old July 19th 18, 08:28 PM posted to alt.windows7.general
David E. Ross[_2_]
external usenet poster
 
Posts: 1,035
Default password-protecting a file or folder

On 7/18/2018 4:15 PM, J. P. Gilliver (John) wrote [in part]:

[snipped]


You'd also need to change your way of working slightly to make sure the
unencrypted versions of the files (they have to be unencrypted for you
to actually use them!) spend as little time on the computer as possible,
and are overwritten with something; they're to be found in page files,
hibernate files, and various buffers.


[also snipped]

I use Eraser from http://eraser.heidi.ie/, which overwrites files to
be erased. There are canned erasing methods within the application that
the user can select. Some overwrite multiple times. The user can also
create additional methods.

--
David E. Ross
http://www.rossde.com/

Attorney-General Sessions claims the bible favors imprisoning illegal
aliens. However, God repeatedly commanded us to welcome the stranger in
our land. For example, see the following:
Exodus 22:20 at
http://bible.ort.org/books/pentd2.asp?ACTION=displaypage&BOOK=2&CHAPTER=22#P2 131
Exodus 23:9 at
http://bible.ort.org/books/pentd2.asp?ACTION=displaypage&BOOK=2&CHAPTER=23#P2 151
Deuteronomy 10:19 at
http://bible.ort.org/books/pentd2.asp?ACTION=displaypage&BOOK=5&CHAPTER=10#P5 200
  #23  
Old July 19th 18, 09:49 PM posted to alt.windows7.general
VanguardLH[_2_]
external usenet poster
 
Posts: 10,881
Default password-protecting a file or folder

John B. Smith wrote:

I've used BestCript for many years. They advertise 'no back doors',
but who knows if this is true. It's pricey at $100 now. I was shocked
when I put Win7 on that my copy no longer works. You have to 'renew'
it every so often or it ages out. I wasn't aware. Since I've used
image backup for years I've managed to keep a working copy. It's a
fairly easy learning curve. It creates 'containers' that are encrypted
throughout and open as drives. A password lets you in.


BestCript? Or BestCrypt? I've only heard about the latter.

It's has been many years since I went looking for an alternative to
TrueCrypt, and back then BestCrypt Traveller was free. They still list
it on their "Free Security Tools" page at:

https://www.jetico.com/free-security-tools

Clicking on Traveller takes you to:

https://www.jetico.com/free-security...rypt-traveller

It doesn't have all the features of their full-blown payware version but
then some folks actually prefer a simpler tool. For example, Traveller
won't do volume (drive) encryption; however, that can be dangerous to
folks that don't understand how it works. I stuck with TrueCrypt.
  #24  
Old July 19th 18, 10:30 PM posted to alt.windows7.general
VanguardLH[_2_]
external usenet poster
 
Posts: 10,881
Default password-protecting a file or folder

Jo-Anne wrote:

I like the idea of zipping the files and either
password-protecting or encrypting the zipped files.


Password protection of .zip files is easily hacked. That is why I did
not mention using passworded compressed archive files (.zip, .7z, etc).
If the zip tool offers legacy Zip and AES encryption, choose AES.
WinZip (payware) offers AES (128 and 256 bit) encryption. Other zip
tools usually only offer the weak legacy Zip encryption. There are many
password recovery tools that will hack the weak legacy Zip password.

Many users like 7-zip (freeware). I use Peazip (also freeware) because
it supports most of the compression algorithms along with 7-zip's own
(Peazip got the library from 7-zip); however, Peazip has a more modern
UI than for 7-zip whose UI harkens back to the Windows 3.x era.
However, neither one supports AES encryption, just the weak encryption.

http://www.peazip.org/encrypt-files.html

While a hacker might try decrypting the AES-based content, they would
have to also have to separately try Serpent or TwoFish which would
dramatically add to the time to decrypt successfully. 7-Zip just has
AES encryption. Peazip has AES, TwoFish, and Serpent; however, since I
haven't used encryption with Peazip, I don't know how to select which
encryption algorithm to use (and didn't see an option when creating a
new archive). Couple be, per the above article, a combined AES +
Serpent + TwoFish encryption requires using the .pea archive format.

When putting files into a compressed archive with a password, remember
that the original file sticks around. You would have to delete it.
Whether you or the archiver deletes the file, the file's contents still
occupies the file system's clusters until those clusters are reallocated
to another file AND until those clusters get overwritten by some other
program writing to that file. Peazip comes with a secure file eraser
(which can optionally be added to the Windows Explorer context menu).
There are lots of file recovery tools. If you don't want to leave
behind any trace of a file's content that you put into a passworded
archive file then you need to securely erase the original file, not just
delete it. I have Peazip configured to do 2 passes to securely erase
the clusters occupied by a file. That is more than sufficient with
drive manufactured for over two decades. Only on ancient RLL-encoded
hard drives might the 35-pass Gutmann method.

Note when using encryption within a .zip file that normally just the
*contents* of the files stored within the archive file are encrypted.
The filenames listed as records within the archive will still have the
original names. If you need to ensure that no one can deduce what might
be within a file, use an archiver that also encrypts the filenames.
Peazip has that option. I'd have to research to find out if 7-zip does.

Peazip also offers a two-factor algorithm: not only do you need to know
the password but must also supply a keyfile. You generate a keyfile for
the .zip archive and store it somewhere, like on a USB flash drive to
which only you have physical access (because you don't want someone else
copying the keyfile off the USB drive). I've never bothered with
2-factor authentication but then I don't bother using encryption in
archivers since I use TrueCrypt (or you could use BestCrypt Traveller or
VeraCrypt or other alternatives).

I haven't used Traveller or VeraCrypt. In TrueCrypt, you can even
compound the encryption algorithms. You could just use AES, or you
could use AES + TwoFish or AES + TwoFish + Serpent. The added layers
make decryption much more difficult; however, the extra encryptions also
make decryption slower, so the access to the mounted container will be
slower (not a problem with doc files but perhaps with videos). In
addition, you can create an encrypted container (file) that has 2
passwords: one which allows access to one part of the container and
another that allows access to a more secret part of the container. If
someone forces you to reveal your password, like pointing a gun at your
kids or wife or you or to satisfy FBI investigators applying legal
action, you could give them the first password. That lets them into the
first part of the container where you deposited inocuous files
(something to appease the intruder but nothing sensitive or hurtful to
you). They cannot get into the second part of the container where is
the real files you want to hide. They cannot determine there is a
second password and a second portion of the container because all that
data is always randomized by TrueCrypt (rather than being unallocated).

Again, these are advanced features that some users don't care about, so
they want something simpler, like BestCrypt Traveller. If you go with a
compressed archiver (.zip files), many use weak legacy Zip encryption
that password recovery tools can hack.

So choose wisely.
https://www.youtube.com/watch?v=0H3rdfI28s0

And remember that when you read any file whether from an encrypted
container or zip file that there could be [temporary] copies left behind
outside the container or zip file. The files are secure only when in
situ inside the container. Editing a file means creating a temporary
copy of it or buffers (which might be in memory but could be on th disk)
within the program with portions of the file. You might copy the file
out of the container. Once you close the container, you need to
securely wipe any remnants of the file when it was outside the
container.
  #25  
Old July 20th 18, 12:52 AM posted to alt.windows7.general
J. P. Gilliver (John)[_4_]
external usenet poster
 
Posts: 2,679
Default password-protecting a file or folder

In message , Jo-Anne
writes:
[]
Thank you, John. One other question: Someone pointed out that password
protection of folders and files won't work if the disk is moved to
another operating system. As far as I can tell, 7-zip is primarily for
Windows, with something also for Linux. If the program won't run on
other OS's, would the password protection remain?

If you use a scheme which controls _access_ to files/folders with a
password, but doesn't actually encrypt the files themselves (the data in
them), then indeed it won't be protected if the disc is read on a system
that allows access to them another way.

The zip file format itself is understood by various OSs - IIRR it
predates Windows. And the encryption available _does_ encrypt the actual
data, not just controls access to it - though to varying difficulties,
depending what you use to create them; see VanguardLH's post. I don't
know if 7-zip is Windows only, but if it is, there will certainly be
utilities capable of zipping and unzipping zip files on other systems -
but of course only if you know the password. If I read VLH's post
correctly, not all of such utilities offer the most robust encryption.
(So presumably if you use one that uses the best encryption to create
the zip file, and then try to recover the data using one of the weaker
utilities - whether on the same OS or a different one - you won't
succeed.)
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

Less rules means fewer grammar? - Marjorie in UMRA, 2014-1-28 13:14
  #26  
Old July 20th 18, 01:03 AM posted to alt.windows7.general
J. P. Gilliver (John)[_4_]
external usenet poster
 
Posts: 2,679
Default password-protecting a file or folder

In message , David E. Ross
writes:
On 7/18/2018 4:15 PM, J. P. Gilliver (John) wrote [in part]:

[snipped]


You'd also need to change your way of working slightly to make sure the
unencrypted versions of the files (they have to be unencrypted for you
to actually use them!) spend as little time on the computer as possible,
and are overwritten with something; they're to be found in page files,
hibernate files, and various buffers.


[also snipped]

I use Eraser from http://eraser.heidi.ie/, which overwrites files to
be erased. There are canned erasing methods within the application that
the user can select. Some overwrite multiple times. The user can also
create additional methods.

You're not quite getting the point I'm making. Jo-Anne is looking into
the possibility of encrypting files, so she can still use them but it's
harder for a thief or hacker to. Utilities like the one you mention make
files irretrievable for anyone - provided you know where they are in the
first place. The point I was making was that when you actually _use_ a
file (edit a document or, copies of the (unencrypted) data will exist in
various buffers (some of which will be written to disc, such as in page
sleep or hibernate files). If you're sufficiently paranoid, you need to
make sure those are erased too - for which you'll first have to know
where they are - as well as the "official" copies of the files
encrypted. I think there are ways of working that minimise such
buffering (usually at the expense of at least _some_ performance) -
things like turning off hibernation/sleep altogether, setting page file
size of zero - not my field.
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

Anything you add for security will slow the computer but it shouldn't be
significant or prolonged. Security software is to protect the computer, not
the primary use of the computer.
- VanguardLH in alt.windows7.general, 2018-1-28
  #27  
Old July 20th 18, 02:41 AM posted to alt.windows7.general
Jo-Anne[_4_]
external usenet poster
 
Posts: 1,101
Default password-protecting a file or folder

On 7/19/2018 6:52 PM, J. P. Gilliver (John) wrote:
In message , Jo-Anne
writes:
[]
Thank you, John. One other question: Someone pointed out that password
protection of folders and files won't work if the disk is moved to
another operating system. As far as I can tell, 7-zip is primarily for
Windows, with something also for Linux. If the program won't run on
other OS's, would the password protection remain?

If you use a scheme which controls _access_ to files/folders with a
password, but doesn't actually encrypt the files themselves (the data in
them), then indeed it won't be protected if the disc is read on a system
that allows access to them another way.

The zip file format itself is understood by various OSs - IIRR it
predates Windows. And the encryption available _does_ encrypt the actual
data, not just controls access to it - though to varying difficulties,
depending what you use to create them; see VanguardLH's post. I don't
know if 7-zip is Windows only, but if it is, there will certainly be
utilities capable of zipping and unzipping zip files on other systems -
but of course only if you know the password. If I read VLH's post
correctly, not all of such utilities offer the most robust encryption.
(So presumably if you use one that uses the best encryption to create
the zip file, and then try to recover the data using one of the weaker
utilities - whether on the same OS or a different one - you won't succeed.)


Thank you again, John.

--
Jo-Anne
  #28  
Old July 20th 18, 02:44 AM posted to alt.windows7.general
Jo-Anne[_4_]
external usenet poster
 
Posts: 1,101
Default password-protecting a file or folder

On 7/19/2018 4:30 PM, VanguardLH wrote:
Jo-Anne wrote:

I like the idea of zipping the files and either
password-protecting or encrypting the zipped files.


Password protection of .zip files is easily hacked. That is why I did
not mention using passworded compressed archive files (.zip, .7z, etc).
If the zip tool offers legacy Zip and AES encryption, choose AES.
WinZip (payware) offers AES (128 and 256 bit) encryption. Other zip
tools usually only offer the weak legacy Zip encryption. There are many
password recovery tools that will hack the weak legacy Zip password.

Many users like 7-zip (freeware). I use Peazip (also freeware) because
it supports most of the compression algorithms along with 7-zip's own
(Peazip got the library from 7-zip); however, Peazip has a more modern
UI than for 7-zip whose UI harkens back to the Windows 3.x era.
However, neither one supports AES encryption, just the weak encryption.

http://www.peazip.org/encrypt-files.html

While a hacker might try decrypting the AES-based content, they would
have to also have to separately try Serpent or TwoFish which would
dramatically add to the time to decrypt successfully. 7-Zip just has
AES encryption. Peazip has AES, TwoFish, and Serpent; however, since I
haven't used encryption with Peazip, I don't know how to select which
encryption algorithm to use (and didn't see an option when creating a
new archive). Couple be, per the above article, a combined AES +
Serpent + TwoFish encryption requires using the .pea archive format.

When putting files into a compressed archive with a password, remember
that the original file sticks around. You would have to delete it.
Whether you or the archiver deletes the file, the file's contents still
occupies the file system's clusters until those clusters are reallocated
to another file AND until those clusters get overwritten by some other
program writing to that file. Peazip comes with a secure file eraser
(which can optionally be added to the Windows Explorer context menu).
There are lots of file recovery tools. If you don't want to leave
behind any trace of a file's content that you put into a passworded
archive file then you need to securely erase the original file, not just
delete it. I have Peazip configured to do 2 passes to securely erase
the clusters occupied by a file. That is more than sufficient with
drive manufactured for over two decades. Only on ancient RLL-encoded
hard drives might the 35-pass Gutmann method.

Note when using encryption within a .zip file that normally just the
*contents* of the files stored within the archive file are encrypted.
The filenames listed as records within the archive will still have the
original names. If you need to ensure that no one can deduce what might
be within a file, use an archiver that also encrypts the filenames.
Peazip has that option. I'd have to research to find out if 7-zip does.

Peazip also offers a two-factor algorithm: not only do you need to know
the password but must also supply a keyfile. You generate a keyfile for
the .zip archive and store it somewhere, like on a USB flash drive to
which only you have physical access (because you don't want someone else
copying the keyfile off the USB drive). I've never bothered with
2-factor authentication but then I don't bother using encryption in
archivers since I use TrueCrypt (or you could use BestCrypt Traveller or
VeraCrypt or other alternatives).

I haven't used Traveller or VeraCrypt. In TrueCrypt, you can even
compound the encryption algorithms. You could just use AES, or you
could use AES + TwoFish or AES + TwoFish + Serpent. The added layers
make decryption much more difficult; however, the extra encryptions also
make decryption slower, so the access to the mounted container will be
slower (not a problem with doc files but perhaps with videos). In
addition, you can create an encrypted container (file) that has 2
passwords: one which allows access to one part of the container and
another that allows access to a more secret part of the container. If
someone forces you to reveal your password, like pointing a gun at your
kids or wife or you or to satisfy FBI investigators applying legal
action, you could give them the first password. That lets them into the
first part of the container where you deposited inocuous files
(something to appease the intruder but nothing sensitive or hurtful to
you). They cannot get into the second part of the container where is
the real files you want to hide. They cannot determine there is a
second password and a second portion of the container because all that
data is always randomized by TrueCrypt (rather than being unallocated).

Again, these are advanced features that some users don't care about, so
they want something simpler, like BestCrypt Traveller. If you go with a
compressed archiver (.zip files), many use weak legacy Zip encryption
that password recovery tools can hack.

So choose wisely.
https://www.youtube.com/watch?v=0H3rdfI28s0

And remember that when you read any file whether from an encrypted
container or zip file that there could be [temporary] copies left behind
outside the container or zip file. The files are secure only when in
situ inside the container. Editing a file means creating a temporary
copy of it or buffers (which might be in memory but could be on th disk)
within the program with portions of the file. You might copy the file
out of the container. Once you close the container, you need to
securely wipe any remnants of the file when it was outside the
container.


Thank you, Vanguard. You've been very clear. The situation is more
complex than I had anticipated.

--
Jo-Anne
  #29  
Old July 20th 18, 01:01 PM posted to alt.windows7.general
dave61430[_2_]
external usenet poster
 
Posts: 31
Default password-protecting a file or folder

On Thu, 19 Jul 2018 20:44:43 -0500, Jo-Anne wrote:

On 7/19/2018 4:30 PM, VanguardLH wrote:
Jo-Anne wrote:

I like the idea of zipping the files and either password-protecting or
encrypting the zipped files.


Password protection of .zip files is easily hacked. That is why I did
not mention using passworded compressed archive files (.zip, .7z, etc).
If the zip tool offers legacy Zip and AES encryption, choose AES.
WinZip (payware) offers AES (128 and 256 bit) encryption. Other zip
tools usually only offer the weak legacy Zip encryption. There are
many password recovery tools that will hack the weak legacy Zip
password.

Many users like 7-zip (freeware). I use Peazip (also freeware) because
it supports most of the compression algorithms along with 7-zip's own
(Peazip got the library from 7-zip); however, Peazip has a more modern
UI than for 7-zip whose UI harkens back to the Windows 3.x era.
However, neither one supports AES encryption, just the weak encryption.

http://www.peazip.org/encrypt-files.html

While a hacker might try decrypting the AES-based content, they would
have to also have to separately try Serpent or TwoFish which would
dramatically add to the time to decrypt successfully. 7-Zip just has
AES encryption. Peazip has AES, TwoFish, and Serpent; however, since I
haven't used encryption with Peazip, I don't know how to select which
encryption algorithm to use (and didn't see an option when creating a
new archive). Couple be, per the above article, a combined AES +
Serpent + TwoFish encryption requires using the .pea archive format.

When putting files into a compressed archive with a password, remember
that the original file sticks around. You would have to delete it.
Whether you or the archiver deletes the file, the file's contents still
occupies the file system's clusters until those clusters are
reallocated to another file AND until those clusters get overwritten by
some other program writing to that file. Peazip comes with a secure
file eraser (which can optionally be added to the Windows Explorer
context menu). There are lots of file recovery tools. If you don't
want to leave behind any trace of a file's content that you put into a
passworded archive file then you need to securely erase the original
file, not just delete it. I have Peazip configured to do 2 passes to
securely erase the clusters occupied by a file. That is more than
sufficient with drive manufactured for over two decades. Only on
ancient RLL-encoded hard drives might the 35-pass Gutmann method.

Note when using encryption within a .zip file that normally just the
*contents* of the files stored within the archive file are encrypted.
The filenames listed as records within the archive will still have the
original names. If you need to ensure that no one can deduce what
might be within a file, use an archiver that also encrypts the
filenames. Peazip has that option. I'd have to research to find out if
7-zip does.

Peazip also offers a two-factor algorithm: not only do you need to know
the password but must also supply a keyfile. You generate a keyfile
for the .zip archive and store it somewhere, like on a USB flash drive
to which only you have physical access (because you don't want someone
else copying the keyfile off the USB drive). I've never bothered with
2-factor authentication but then I don't bother using encryption in
archivers since I use TrueCrypt (or you could use BestCrypt Traveller
or VeraCrypt or other alternatives).

I haven't used Traveller or VeraCrypt. In TrueCrypt, you can even
compound the encryption algorithms. You could just use AES, or you
could use AES + TwoFish or AES + TwoFish + Serpent. The added layers
make decryption much more difficult; however, the extra encryptions
also make decryption slower, so the access to the mounted container
will be slower (not a problem with doc files but perhaps with videos).
In addition, you can create an encrypted container (file) that has 2
passwords: one which allows access to one part of the container and
another that allows access to a more secret part of the container. If
someone forces you to reveal your password, like pointing a gun at your
kids or wife or you or to satisfy FBI investigators applying legal
action, you could give them the first password. That lets them into
the first part of the container where you deposited inocuous files
(something to appease the intruder but nothing sensitive or hurtful to
you). They cannot get into the second part of the container where is
the real files you want to hide. They cannot determine there is a
second password and a second portion of the container because all that
data is always randomized by TrueCrypt (rather than being unallocated).

Again, these are advanced features that some users don't care about, so
they want something simpler, like BestCrypt Traveller. If you go with
a compressed archiver (.zip files), many use weak legacy Zip encryption
that password recovery tools can hack.

So choose wisely.
https://www.youtube.com/watch?v=0H3rdfI28s0

And remember that when you read any file whether from an encrypted
container or zip file that there could be [temporary] copies left
behind outside the container or zip file. The files are secure only
when in situ inside the container. Editing a file means creating a
temporary copy of it or buffers (which might be in memory but could be
on th disk)
within the program with portions of the file. You might copy the file
out of the container. Once you close the container, you need to
securely wipe any remnants of the file when it was outside the
container.


Thank you, Vanguard. You've been very clear. The situation is more
complex than I had anticipated.


No he isn't very clear, what is clear is he doesn't read too well. I said
encrypt the zip file with something like AESCrypt, not at all the same as
using the built in crackable scheme in some zip iterations.
If you are paranoid about deleting the original file, there are a number
of secure delete utilities available. Note, AXCrypt deletes and scrubs
the original but is windows only. I'm on Linux, but want to be able to
recover in windows in need be.
  #30  
Old July 20th 18, 02:30 PM posted to alt.windows7.general
John B. Smith
external usenet poster
 
Posts: 47
Default password-protecting a file or folder

On Thu, 19 Jul 2018 15:49:02 -0500, VanguardLH wrote:

John B. Smith wrote:

I've used BestCript for many years. They advertise 'no back doors',
but who knows if this is true. It's pricey at $100 now. I was shocked
when I put Win7 on that my copy no longer works. You have to 'renew'
it every so often or it ages out. I wasn't aware. Since I've used
image backup for years I've managed to keep a working copy. It's a
fairly easy learning curve. It creates 'containers' that are encrypted
throughout and open as drives. A password lets you in.


BestCript? Or BestCrypt? I've only heard about the latter.

It's has been many years since I went looking for an alternative to
TrueCrypt, and back then BestCrypt Traveller was free. They still list
it on their "Free Security Tools" page at:

https://www.jetico.com/free-security-tools

Clicking on Traveller takes you to:

https://www.jetico.com/free-security...rypt-traveller

It doesn't have all the features of their full-blown payware version but
then some folks actually prefer a simpler tool. For example, Traveller
won't do volume (drive) encryption; however, that can be dangerous to
folks that don't understand how it works. I stuck with TrueCrypt.


Sorry mis-spelling it is BestCrypt. My excuse is I took a header on
my bike and am existing on pills.

As another poster said, if any govt agency wants your password all
they have to do is threaten huge fines etc till you cave.
 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 12:34 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.