Do you feel angry when your file isn't encrypted by a extremely strong password？

[OsQ_Oscar]

I feel really angry that my 900GB file on chinese file hosting websites/google drive isn't encrypted by a extremely strong and strict password , they just passworded too easy with just winrar
I feel crazy now , how can i establish really strict file encryption administrative from now on？

 

[FAST6191]

If you are requiring silly strong encryption and are using google drive you have likely gone wrong somewhere.

As for enforcing something... depending upon the method used it should say what it is -- if say my zip program gives me the options between ROT13 and RSA2048 you can make something to check it is the latter.
Beyond that you can download the file and run it against a dictionary attack of your chosen style of dictionary*.

Also why is winrar bad here? There is a phrase in security that runs security through obscurity is not security at all. Winrar is used the world over and is attacked constantly by people with genuine desire to get in. Something some kid wrote using a crazy long number of bits algorithm is not going to have been tested anywhere near as robustly as good old winrar, which probably still has crypto good enough that it is not going to be cracked this side of quantum computers.

*the following is good for others playing along at home that might not know the more current real world stuff

 

[ThoD]

If you feel angry about it, you got a problem, get yourself looked at

I USED to "like" having strong passwords like a decade ago because of Lavasoft's encryptor that allowed a password that was 800 characters long, but grew out of that face within a month or two after I started forgetting the passwords and needing to bruteforce that craziness to recover the files

 

[Ritsuki]

This.

 

[ThoD]

This.

Actually, the best method is to have more numbers and to mix numbers between the letters of a word without substituting (eg: "g7re9at1h3oly5go6at" or something similar in a way that you can remember). Hardest possible to bruteforce or crack with 99% of the dictionaries/algorithms that are actually used and, just for the record, four random words are just SLIGHTLY harder to crack than the first example in that pic...

 

[Ritsuki]

What if the four words aren't separated? A bit off topic, but I think your combination might be more secure, but it would not solve the "difficult to remember" problem. But I'm no security expert, just some random thoughts so plz dont hurt me if I'm saying something wrong

 

[ThoD]

What if the four words aren't separated? A bit off topic, but I think your combination might be more secure, but it would not solve the "difficult to remember" problem. But I'm no security expert, just some random thoughts so plz dont hurt me if I'm saying something wrong

A dictionary with good algorithm can find the four words easily whether they are separated or not. What makes things harder to crack is if you mix the letters to make the words be different from the ones in the dictionary (eg: something like "love" is in the dictionaries so easy to guess while "l1ov3e" is not, so will take a LOT more tries to crack). This time, the numbers I used are actually those you'd use to replace "l" and "e", so easier to remember.

 

[Ritsuki]

A dictionary with good algorithm can find the four words easily whether they are separated or not. What makes things harder to crack is if you mix the letters to make the words be different from the ones in the dictionary (eg: something like "love" is in the dictionaries so easy to guess while "l1ov3e" is not, so will take a LOT more tries to crack). This time, the numbers I used are actually those you'd use to replace "l" and "e", so easier to remember.

Thank you, very interesting! Off topic again, but how/where did you learn all that stuff?

 

[ThoD]

Thank you, very interesting! Off topic again, but how/where did you learn all that stuff?

Part of my job/degree is programming and since I make systems, I've also needed to learn security stuff and, with password cracking being literally one of the entrypoints to that, I've come to know how the most popular of the algorithms function. One bit of extra protection you can get for passwords on top of what I suggested is, if special characters are allowed (eg: "_"), use them not between words, but halfway through them instead and try to keep passwords at least 8 characters long with 2 or more numbers involved. I actually just go with 9 numbers (that happen to be the product serial of my long disposed of DSi), with a letter 2/3rds of the way through and an exclamation mark or "_" if allowed after the first character, never had stolen accounts Remember, people trying to crack passwords prioritize letters over numbers, so passwords made mostly of numbers are more secure.

 

[smileyhead]

I feel really angry that my 900GB file on chinese file hosting websites/google drive isn't encrypted by a extremely strong and strict password , they just passworded too easy with just winrar
I feel crazy now , how can i establish really strict file encryption administrative from now on？

Okay, what's with you and your encryption-obsession? Why do you want everything you upload to the Internet be encrypted? Are you insecure? Are you Chinese folk constantly monitored by the country, or something? Also, what the everloving fuck do you store in a single 900 GB file?

 

[ThoD]

Okay, what's with you and your encryption-obsession? Why do you want everything you upload to the Internet be encrypted? Are you insecure? Are you Chinese folk constantly monitored by the country, or something? Also, what the everloving fuck do you store in a single 900 GB file?

I'm wondering about the encryption-obsession too considering he's made like 30 threads by now on such topics, but as for the 900GB, depending on the compression, it might be just random useless files or porn...

 

[smileyhead]

I'm wondering about the encryption-obsession too considering he's made like 30 threads by now on such topics, but as for the 900GB, depending on the compression, it might be just random useless files or porn...

Who stores porn that way? Does he download and unpack it every time he needs the contents?
And if it's filled with useless files, why even keep them?

 

[ThoD]

Who stores porn that way? Does he download and unpack it every time he needs the contents?
And if it's filled with useless files, why even keep them?

True. The biggest archive I have is 9GB (and yup, it's ultra compressed porn), so I don't know what he needs 900GBs for, even a hundred games don't take that much!:/

 

[smileyhead]

Also,

That's the exact minute this was posted... Does he log out and only check back daily?

 

[GerbilSoft]

Better question: If you uploaded a "900 GB" file, why didn't you encrypt it yourself instead of relying on the host to encrypt it for you? (Also, I don't know of any host that "encrypts" uploaded files using WinRAR.)

 

[Zanoab]

Actually, the best method is to have more numbers and to mix numbers between the letters of a word without substituting (eg: "g7re9at1h3oly5go6at" or something similar in a way that you can remember). Hardest possible to bruteforce or crack with 99% of the dictionaries/algorithms that are actually used and, just for the record, four random words are just SLIGHTLY harder to crack than the first example in that pic...

You are missing the point. The idea is to make strong passwords that are easy to remember to avoid password reuse. Can you provide some math to backup your claim? The comic is giving each word 11 bits of entropy which assumes the user is randomly picking the words from a dictionary of two thousand and the cracker knows exactly four words, the dictionary, and no other alterations are made. This has been been argued since 2013 so I'm interested if you have something new to add.

 

[jefffisher]

Post a link to the file and the password so we can look into it for you?

 

[linuxares]

Dude why are you always posting about encryptions etc. on a mainly console focused forum?

 

[the_randomizer]

I'm wondering why you're using WinRar when 7zip is far better and doesn't rely on nagware. Not to mention 7zip also can uses and makes RAR files.

 

[yusuo]

I'm kinda with everyone else here, encrypt it yourself, problem solved