encrypt a compressed file

[Sheepdog]

"corrupted" until we restart Total Commander... any way to let us try 3 times or so without needing to restart TC ?

I guess it's only because the tmp-file is still present. Try to delete your tmp-dir.

A point disturbing me... how can we be sure the resulting file is really secure ? what do you think about ?

You cannot. If you really have to protect data you'll have to find a encryption tool you trust. Then only use this tool. Even if the algorythm is secure in many cases the implementation contains weak points.

If you have open source soft and you can program you may check the soft - or you can assume that many people did. But otherwise it's possible for hackers to find by studying the source code the weak point that nobody else noticed before.

Thats my opinion.

sheepdog

[Clo]

2=m4rc=
Hello !
¤ For text-documents, you could use the owner-format *.xed made by the freeware editor xED which is a RTF format, compressed and encryptable.
- The program is in French only, not a problem for you
- A Tutorial is available from my download page.
- Indeed, the recipient must have xED installed.
- Then, making an encrypted ZIP with these *.xed files, you increase the security… if you don't use "toto" as password everywhere!

Best regards,
Claude
Clo

[=m4rc=]

To make short... "thinking you are secure is worst then having no security" (i remember a saying like that)
I knew it would be such kind of answer, so everyone got to "choose" his/her favorite one
My use is only to prevent the commun user and eventually our network administrator to look inside what we exchange (privacy you know sometimes ? ) coz' big brother already knows everything, don't he ?
I could be using PGP, or convert files into twenty different formats and crypto tools and finaly hide it inside a picture... but i wish a simple solution, easy, quick, secure enouth and without installing another program that my contact do not have (now i just have to tell them to load TC )



Clo how did you know i was typing TOTO for my tests ?

Sheepdog there is nothing in the temp directory.
Again the way i do it:
1) i compress a file to eaf (options to the max)
2) i click on it the archive opens
3) i restart TC
4) i click on it, i am asked for a password
5) i type a false pass and get a message "archive corrupted"
no way to give a new password unless i restart TC first.

[Negyedi Vilmos]

no way to give a new password unless i restart TC first.

Create a button in your TC bar with the internal command cm_unloadplugins (Misc section). And when you got this message, just press it, and try to type the password again. (i had problems like this, too )

[Clo]

2=m4rc=
Hello, bonsoir,

Clo how did you know i was typing TOTO for my tests ?

- I've a good pendulum !

…and without installing another program that my contact do not have …

- Freeware and 900 KB installed (including the Tutorial) isn't a big problem, I think. You may even embed some pics in the text…

5) I type a false pass and get a message "archive corrupted"
no way to give a new password unless I restart TC first.

¤ This is a real annoying issue; might be fixed up, I guess.

 Kind regards,
Claude
Clo

[=m4rc=]

Thanx
will wait for the bugfixe... or type the right password

[Sheepdog]

Thanx
will wait for the bugfixe... or type the right password

Possibly it's a feature to prevent from 'brute force' password hacking?


sheepdog

[=m4rc=]

to prevent from 'brute force' password hacking?

do I look like a brute ?
hmm at least two tries would be nice... or a message saying "wrong password" even better

[Clo]

2Sheepdog
Hello Stefan !

Possibly it's a feature to prevent from 'brute force' password hacking?

¤ It could be, you are right. In that case, it should be limited to three attempts or so ? What do you think?

 V G
Claude
Clo

[Sheepdog]

In that case, it should be limited to three attempts or so ? What do you think?

Yes I think 3 times would be appropriate.

sheepdog

[Hacker]

Well, TC is caching the password for the session... there was a thread about this some time ago.

Roman

[=m4rc=]

Well, TC is caching the password for the session... there was a thread about this some time ago.

Roman

thanx for this piece of information... however it is kind of boring/dangerous...

[IGL]

Hello everybody.
For such a plugin that reads a password, there should be option to store the password or not to store it (Default - do not store).
Storing the password is usually unsecure, therefore it must be optional.
If you have many encrypted archives encoded with different passwords, you need to type it many times, so storing password should be disabled.

Talking about brute force prevention by using storing password - this is sensless, someone may use own program to decrypt data or to communicate with a plugin.

2all - please rember to use long and complicated passwords for encrypting. This produces "better" key and makes "brute force" attack much more difficult.
Use various characters (not only letters and numbers, but eg. "a=gf^`8+2gh;[%^,54?7813j".
That will produce much safer encription key.

If you want to be sure that encrypted file is really safe then you have to use a good encryption program, that comes from a trusted company (and usually costs a lot).
Or you can use a good well known open source software, but use it properly and with wisdom, eg. using a password "abc" with the even best program is not secure. As well as sending the encrypted message in email and in the next email sending the password - someone may capture both messages and it is not secure.
But if you think - you can do it well.