Post by VanguardLH
I like the idea of zipping the files and either password-protecting or
encrypting the zipped files.
Password protection of .zip files is easily hacked. That is why I did
not mention using passworded compressed archive files (.zip, .7z, etc).
If the zip tool offers legacy Zip and AES encryption, choose AES.
WinZip (payware) offers AES (128 and 256 bit) encryption. Other zip
tools usually only offer the weak legacy Zip encryption. There are
many password recovery tools that will hack the weak legacy Zip
Many users like 7-zip (freeware). I use Peazip (also freeware) because
it supports most of the compression algorithms along with 7-zip's own
(Peazip got the library from 7-zip); however, Peazip has a more modern
UI than for 7-zip whose UI harkens back to the Windows 3.x era.
However, neither one supports AES encryption, just the weak encryption.
While a hacker might try decrypting the AES-based content, they would
have to also have to separately try Serpent or TwoFish which would
dramatically add to the time to decrypt successfully. 7-Zip just has
AES encryption. Peazip has AES, TwoFish, and Serpent; however, since I
haven't used encryption with Peazip, I don't know how to select which
encryption algorithm to use (and didn't see an option when creating a
new archive). Couple be, per the above article, a combined AES +
Serpent + TwoFish encryption requires using the .pea archive format.
When putting files into a compressed archive with a password, remember
that the original file sticks around. You would have to delete it.
Whether you or the archiver deletes the file, the file's contents still
occupies the file system's clusters until those clusters are
reallocated to another file AND until those clusters get overwritten by
some other program writing to that file. Peazip comes with a secure
file eraser (which can optionally be added to the Windows Explorer
context menu). There are lots of file recovery tools. If you don't
want to leave behind any trace of a file's content that you put into a
passworded archive file then you need to securely erase the original
file, not just delete it. I have Peazip configured to do 2 passes to
securely erase the clusters occupied by a file. That is more than
sufficient with drive manufactured for over two decades. Only on
ancient RLL-encoded hard drives might the 35-pass Gutmann method.
Note when using encryption within a .zip file that normally just the
*contents* of the files stored within the archive file are encrypted.
The filenames listed as records within the archive will still have the
original names. If you need to ensure that no one can deduce what
might be within a file, use an archiver that also encrypts the
filenames. Peazip has that option. I'd have to research to find out if
Peazip also offers a two-factor algorithm: not only do you need to know
the password but must also supply a keyfile. You generate a keyfile
for the .zip archive and store it somewhere, like on a USB flash drive
to which only you have physical access (because you don't want someone
else copying the keyfile off the USB drive). I've never bothered with
2-factor authentication but then I don't bother using encryption in
archivers since I use TrueCrypt (or you could use BestCrypt Traveller
or VeraCrypt or other alternatives).
I haven't used Traveller or VeraCrypt. In TrueCrypt, you can even
compound the encryption algorithms. You could just use AES, or you
could use AES + TwoFish or AES + TwoFish + Serpent. The added layers
make decryption much more difficult; however, the extra encryptions
also make decryption slower, so the access to the mounted container
will be slower (not a problem with doc files but perhaps with videos).
In addition, you can create an encrypted container (file) that has 2
passwords: one which allows access to one part of the container and
another that allows access to a more secret part of the container. If
someone forces you to reveal your password, like pointing a gun at your
kids or wife or you or to satisfy FBI investigators applying legal
action, you could give them the first password. That lets them into
the first part of the container where you deposited inocuous files
(something to appease the intruder but nothing sensitive or hurtful to
you). They cannot get into the second part of the container where is
the real files you want to hide. They cannot determine there is a
second password and a second portion of the container because all that
data is always randomized by TrueCrypt (rather than being unallocated).
Again, these are advanced features that some users don't care about, so
they want something simpler, like BestCrypt Traveller. If you go with
a compressed archiver (.zip files), many use weak legacy Zip encryption
that password recovery tools can hack.
So choose wisely.
And remember that when you read any file whether from an encrypted
container or zip file that there could be [temporary] copies left
behind outside the container or zip file. The files are secure only
when in situ inside the container. Editing a file means creating a
temporary copy of it or buffers (which might be in memory but could be
on th disk)
within the program with portions of the file. You might copy the file
out of the container. Once you close the container, you need to
securely wipe any remnants of the file when it was outside the
Thank you, Vanguard. You've been very clear. The situation is more
complex than I had anticipated.