Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: How to prevent zip file corruption?

  1. #1
    Join Date
    Sep 2009
    Beans
    Hidden!
    Distro
    Ubuntu 10.10 Maverick Meerkat

    How to prevent zip file corruption?

    I am trying to encrypt a folder using 7-Zip (Windows version) and I always password protect my files with AES 256 algorithm . Can people actually break this code, or its secure (I'm kinda worried)?
    I always add a second layer of security to my files, by changing the extension of the encrypted zipped folder (such as: .mp3) and I add the fake .mp3 to another zipped encrypted folder. Will this corrupt the folders or the content?

    EDIT: I do the exact reverse when I want to open my files.
    Last edited by sudoer541; June 22nd, 2011 at 04:24 AM.

  2. #2
    Join Date
    Aug 2005
    Beans
    299
    Distro
    Xubuntu 12.04 Precise Pangolin

    Re: How to prevent zip file corruption?

    So long as you stick with AES, they should be safe provided you use a long enough password, 12+

    You can increase security a little by reducing compression (make the file bigger).

    Don't see any point in renaming stuff, 7z has the option of encrypting file names.

    And the password should be unique of course.

    To prevent corruption you can use external redundancy tools such as par2.
    i5-2500, Asus p8p67le, 8g ddr3, gtx460. Eeepc 701 4g surf.

    vm.swappiness=0;noatime,data=writeback;deadline scheduler;preload.

  3. #3
    Join Date
    Mar 2010
    Location
    India
    Beans
    8,136

    Re: How to prevent zip file corruption?

    Quote Originally Posted by sudoer541 View Post
    I am trying to encrypt a folder using 7-Zip (Windows version) and I always password protect my files with AES 256 algorithm . Can people actually break this code, or its secure (I'm kinda worried)?
    For a rough idea of the reliability of AES256 security, read this.
    Excerpt from the above link:
    A 256bit key gives about 1077 (a 1 followed by 77 zeros) different keys while a 128bit key has "only" about 1038 (a 1 followed by 38 zeros). At the moment a typical PC can generate and test about 3*105 (3 followed by 5 zeros) keys per second. So breaking a 128bit key would take a single average PC about 1025 years (1 followed by 25 zeros), which is longer than the universe exists. That should be secure enough for most users.
    To understand how secure 128 bit keys are, you may read this analogy by Jon Callas:


    “Imagine a computer that is the size of a grain of sand that can test keys against some encrypted data. Also imagine that it can test a key in the amount of time it takes light to cross it. Then consider a cluster of these computers, so many that if you covered the earth with them, they would cover the whole planet to the height of 1 meter. The cluster of computers would crack a 128-bit key on average in 1,000 years.”


    Even if you don't believe that the NSA has another planet devoted to key cracking, you still may want to use a longer key. If a weakness in your chosen crypto-module is found, it may limit the keyspace that needs to be tested, and you will then have an effectivly shorter key. Using a 256 bit key will keep your data secure much longer if that should happen.
    Although the above analogy by Jon Callas was made in 2006, and computer speeds have increased significantly since then, I don't think it is gonna make much difference when it comes to break a AES256 encryption . Hope it helps reducing your worries.

    Quote Originally Posted by sudoer541 View Post
    I always add a second layer of security to my files, by changing the extension of the encrypted zipped folder (such as: .mp3) and I add the fake .mp3 to another zipped encrypted folder. Will this corrupt the folders or the content?
    Given the strength of above security with a lengthy passkey (I'd say, 9+ would be sufficient!) I think you don't need that additional security layer unless the passkey is too obvious or you are sure the CIA is after your files .. Although it definitely increases the security (but only if you use different passkey in second archive, else it's useless since the first thing a cracker (if any) would do is to try the same cracked passkey on the second layer too).

    If you still want to use double encryption, just make sure to use "store" mode in next archive since the first one is already compressed. This will save your time. But frankly, you really don't need this if your passkey is long enough and difficult to guess.

    And yeah, it won't corrupt your files, no matter how many layers you use. But be informed that some filesystems may report file copy/extraction errors in case of very long filenames (including their path), or if the names contain characters not supported by that filesystem (as sometimes happens with archives created in linux ext filesystem and extracted on a fat or ntfs partition). This indicates filesystem incompatibility, not necessarily a corrupt file!

    Hope I didn't confuse you.
    Varun
    Help others by marking threads as [SOLVED], if they are. (See how)
    Wireless Script | Use Code Tags

  4. #4
    Join Date
    Dec 2009
    Beans
    121
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: How to prevent zip file corruption?

    AES strength itself seems to be of very little relevance when all that's needed for decryption is a password.

    If I encrypt a text file
    Code:
    echo "Bah" > text.txt
    with AES-256 using a a number between 0 and 1000 for a passphrase:
    Code:
    gpg --cipher-algo AES256 -c text.txt
    then, provided that knowledge about the chosen passphrase, it takes under 4 sec to bruteforce it on a meager laptop
    Code:
    time bash ./decr.sh 2> /dev/null > out; cat out
    real    0m4.804s
    Bah
    Code:
    cat decr.sh
    
    declare -i i=0 n=1000; while [ $i -lt $n ]; do
     echo $i | gpg --passphrase-fd=0 --no-tty -d text.txt.gpg
     let i+=1
    done

  5. #5
    Join Date
    Sep 2009
    Beans
    Hidden!
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: How to prevent zip file corruption?

    Quote Originally Posted by varunendra View Post
    For a rough idea of the reliability of AES256 security, read this.
    Excerpt from the above link:


    Although the above analogy by Jon Callas was made in 2006, and computer speeds have increased significantly since then, I don't think it is gonna make much difference when it comes to break a AES256 encryption . Hope it helps reducing your worries.


    Given the strength of above security with a lengthy passkey (I'd say, 9+ would be sufficient!) I think you don't need that additional security layer unless the passkey is too obvious or you are sure the CIA is after your files .. Although it definitely increases the security (but only if you use different passkey in second archive, else it's useless since the first thing a cracker (if any) would do is to try the same cracked passkey on the second layer too).

    If you still want to use double encryption, just make sure to use "store" mode in next archive since the first one is already compressed. This will save your time. But frankly, you really don't need this if your passkey is long enough and difficult to guess.

    And yeah, it won't corrupt your files, no matter how many layers you use. But be informed that some filesystems may report file copy/extraction errors in case of very long filenames (including their path), or if the names contain characters not supported by that filesystem (as sometimes happens with archives created in linux ext filesystem and extracted on a fat or ntfs partition). This indicates filesystem incompatibility, not necessarily a corrupt file!

    Hope I didn't confuse you.
    This makes sense. And LOL the contents of my encrypted folders are "Bank statements" for those who are wondering LOL.
    Thanks!

  6. #6
    Join Date
    Dec 2007
    Location
    The last place I look
    Beans
    Hidden!
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: How to prevent zip file corruption?

    Quote Originally Posted by DZ* View Post
    AES strength itself seems to be of very little relevance when all that's needed for decryption is a password.

    If I encrypt a text file
    Code:
    echo "Bah" > text.txt
    with AES-256 using a a number between 0 and 1000 for a passphrase:
    Code:
    gpg --cipher-algo AES256 -c text.txt
    then, provided that knowledge about the chosen passphrase, it takes under 4 sec to bruteforce it on a meager laptop
    Code:
    time bash ./decr.sh 2> /dev/null > out; cat out
    real    0m4.804s
    Bah
    Code:
    cat decr.sh
    
    declare -i i=0 n=1000; while [ $i -lt $n ]; do
     echo $i | gpg --passphrase-fd=0 --no-tty -d text.txt.gpg
     let i+=1
    done
    yes, if you limit yourself to (3^9) + 1 options, bruteforcing is easy. that is not an argument about AES however, but one regarding strong password use.
    a 8-digit 4-factor password has a complexity of 64^8, a much larger number. 281474976710656 possible combinations vs 19683 in your example, and assuming a linear time scale, would take 14333179383 times longer than your sample did, or in this case 15925755 hours (1818 years) using your 4second finding.
    Last edited by doas777; June 24th, 2011 at 05:29 AM.
    Things are rarely just crazy enough to work, but they're frequently just crazy enough to fail hilariously.

  7. #7
    Join Date
    Dec 2007
    Location
    The last place I look
    Beans
    Hidden!
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: How to prevent zip file corruption?

    Quote Originally Posted by sudoer541 View Post
    This makes sense. And LOL the contents of my encrypted folders are "Bank statements" for those who are wondering LOL.
    Thanks!
    Truecrypt FTW.
    Things are rarely just crazy enough to work, but they're frequently just crazy enough to fail hilariously.

  8. #8
    Join Date
    Feb 2009
    Location
    Trinidad and Tobago
    Beans
    340
    Distro
    Ubuntu Development Release

    Re: How to prevent zip file corruption?

    Quote Originally Posted by doas777 View Post
    I use AES-Twofish-Serpent with truecrypt. Never, ever gonna be cracked.
    The above post definitely does not contain any sarcasm at all.

  9. #9
    Join Date
    Dec 2009
    Beans
    121
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: How to prevent zip file corruption?

    Quote Originally Posted by doas777 View Post
    yes, if you limit yourself to (3^9) + 1 options, bruteforcing is easy. that is not an argument about AES however, but one regarding strong password use.
    I'm not arguing against AES. I'm saying that its strength is largely irrelevant when the key is generated from a password. You simply don't retain the 256 bit strength when you use it that way. Actually, in my example there are only 1000 passwords to guess and one reason it took whole 4 sec to break is the usage of gpg which deliberately slows down the key generation process by salting the password and iterating. Is that even implemented in 7zip?

  10. #10
    Join Date
    Mar 2010
    Location
    India
    Beans
    8,136

    Re: How to prevent zip file corruption?

    Quote Originally Posted by DZ* View Post
    I'm not arguing against AES. I'm saying that its strength is largely irrelevant when the key is generated from a password. You simply don't retain the 256 bit strength when you use it that way. Actually, in my example there are only 1000 passwords to guess and one reason it took whole 4 sec to break is the usage of gpg which deliberately slows down the key generation process by salting the password and iterating. Is that even implemented in 7zip?
    You're right from your point of view, an easy password = easy to crack.

    That's why it is always recommended to use a strong (long + complex) password which is difficult to guess. And that's when we come to the point of view of doas777, or Jon Callas for that matter..

    Here 'long' does not mean you necessarily have to write a full poem as your password. It'll be too easy to guess/crack if the cracker knows or can guess that your favourite one is "Twinkle-twinkle little star....". Again, if the password is complex enough (not an obvious word or phrase, uses a combination of alphabets in small & caps + numbers + special chars) then even 9 digits produce a huge no. of passwords to guess.

    And for a person who uses such technique for security (who at least 'knows' s/he's using AES-256 encryption), don't we presume that s/he understands the importance of the strength of a password?

    By the way, doas777, I'm not familiar with the term 'four-factor', seems to be an important one to know, can you explain it for me please?
    Varun
    Help others by marking threads as [SOLVED], if they are. (See how)
    Wireless Script | Use Code Tags

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •