Anything safer than Winzip's 256 bit encryption to secure files?

[StageLeft]

Sometimes I've a need to move files on machines that have access only to port 80. I use megaupload. I always zip and encrypt with winzip's 256 bit, but apparently its implementation of this encryption is not as foolproof as the 256 bit would imply. Are there other freeware tools that really are truly in all ways 256 bit and thus impervious (as impervious as 256 bit is, which is pretty damn impervious)?

 

[Fullmetal Chocobo]

Could you put the files in a TrueCrypt file container and upload it?

 

[sourceninja]

Truecrypt is probably the most secure free tool you can use to encrypt data.

 

[StageLeft]

Sweet, two responses saying the same, I will look into this

 

[Czar]

Yeah, truecrypt definetly

you can first AES 256bit encrypt it then at two more encryption methoods on top of AES.... beat that mr Winzip

 

[sourceninja]

Truthfully, AES 256 with a good strong password is going to be enough to stop almost everyone.

 

[ChAoTiCpInOy]

Yes you should be able to put everything into a Truecrypt container and email it or upload it to someone. I do this frequently to transfer confidential files between myself and other people.

 

[Skeeedunt]

As I understand it, any password that you could (reasonably) remember has less than even 128 bits of entropy, so compromising your data has more to do with brute-forcing your password than it does with breaking 128/256-bit+ encryption. I'm not sure if that's what you're referring to, or if Winzip has some other vulnerability in the way it implements encryption.

Either way, truecrypt is great. It also allows an option to use a keyfile in addition to/instead of a password (which should contain the full entropy required for the 128/256/whatever bits you're encrypting with). The only issue is the that the keyfile must be present on any computer in order to be able to decrypt the container's contents. Doing something like this is probably overkill for keeping a bored sysadmin from snooping through your files, but it's the next step up from password-derived encryption keys.

 

[sourceninja]

I figure that an 8 character or more password using uppercase, lower case, numbers, and common punctuation is enough security. The calculators I find online show that it would take 60 years for 1 computer to crack that and 1000 computers would still take about a month.

 

[Markbnj]

Originally posted by: sourceninja
I figure that an 8 character or more password using uppercase, lower case, numbers, and common punctuation is enough security. The calculators I find online show that it would take 60 years for 1 computer to crack that and 1000 computers would still take about a month.

Randomness is king . There's been some good recent research showing that even a little entropy is enough to make it very hard to brute-force a passphrase.

Just converting letters to numbers doesn't increase entropy as much as, for example, stitching together two completely random facts from your life, and then converting the vowels to numbers, or some such.

 

[MobiusPizza]

If you can't be bothered, WinRAR's encryption is quite good. It's better than zip's for a start.
There aren't any known program that'd retrieve WinRAR encrypted data without using brute force. If you use a powerful password including symbols, you can even use non standard characters like unicode characters.
I don't know how many bits it uses though.

Truecrypt is probably the most secure though.

 

[StageLeft]

I've been playing with TrueCrypt. It's very snazzy. I think I will start using it a lot. However, I have it set to auto-mount on logon and it gives me the prompt for my password. When I put it in, I invariably get: "Incorrect password or no TrueCrypt volume found". if I use the same pass after manually loading and mounting, it works fine. I did try selecting to save history of volume information, but it still cannot find the volume by itself... any ideas?

 

[heymrdj]

I use a twenty-one letter/number combination for my secure password . BEAT THAT!

 

[MobiusPizza]

I used to use a 51 character spaces+number+letter (capital and regular) combination
Althoughs some words are dictionary attackable.

But that was too much hassle
So I am now using 13 character letter (capital and regular) + number + symbols comination

If I really want to be secure, I can even use unicode or extended ascii characters.
I wonder if TrueCrypt supports them.

 

[StageLeft]

Any ideas why it won't mount properly on a fresh log in?

BTW, the best would be to have a long password and then within the truecrypt you have another truccrypt container, or maybe dozens of them!