Jump to content

Encrypted RAR inside Enceypted RAR

Wfz234
By Wfz234
in Programs, Apps and Websites
 Share
Go to solution Solved by dilpickle,
3 hours ago, Wolfinch said:

Is it safe if I put encrypted rar inside encrypted rar?

Is it safe? Yes

 

Is it providing extra security? No

Posted

Is it safe if I put encrypted rar inside encrypted rar? For example:

 

Encrypted Word.doc INSIDE Files.rar (pass: 567) INSIDE Files2.rar (pass 1234).

 

I do this to make extra security layer. So when people success bypass my first layer (1234), they still need to bypass second and third layer security.

 

Is it safe? Like can it corrupted in the future if I add/remove file inside that kind of archive?

 

Actually I've already do this at least 3 years without porblem at all.. but dunno why, I afraid now.

 

UPDATE: Forgot to say that I use this method only to prevent common people. Not hacker, cracker, or other people that have bypassing knowledge

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

It is fine and all but it is dumb IMO. Why not use something like veracrypt container then put whatever in it instead?

mY sYsTeM iS Not pErfoRmInG aS gOOd As I sAW oN yOuTuBe. WhA t IS a GoOd FaN CuRVe??!!? wHat aRe tEh GoOd OvERclok SeTTinGS FoR My CaRd??  HoW CaN I foRcE my GpU to uSe 1o0%? BuT WiLL i HaVE Bo0tllEnEcKs? RyZEN dOeS NoT peRfORm BetTer wItH HiGhER sPEED RaM!!dId i WiN teH SiLiCON LotTerrYyOu ShoUlD dEsHrOuD uR GPUmy SYstEm iS UNDerPerforMiNg iN WarzONEcan mY Pc Run WiNdOwS 11 ?woUld BaKInG MY GRaPHics card fIX it? MultimETeR TeSTiNG!! aMd'S GpU DrIvErS aRe as goOD aS NviDia's YOU SHoUlD oVERCloCk yOUR ramS To 5000C18

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
Just now, Levent said:

It is fine and all but it is dumb IMO. Why not use something like veracrypt container then put whatever in it instead?

I have veracrypt and use it for another purpose..

 

I use Rar inside rar method only for small file like doc, and upload it to drive.  Too big if i upload and download veracrypt everytime I need to update the data.

 

Cant use auto backup method because internet connection problem

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Old RAR versions have bad encryption, with known tricks to recover passwords relatively fast.  Newer RAR versions have strong encryption.

 

But it would make more sense to stop using RAR and use 7z archives, the encryption is very good and 7-zip is free, open source etc.

 

Also ... using just numbers for passwords makes it super easy and fast for someone to guess the password using an automated tool. Add a few letters and symbols and you increase the difficulty significantly  ... for example instead of 1234 use Wolf12!XY34   ... and then Wolf56!XY7 

 

Another better password than just numbers would be something like  "!!!Stupid Word Document!!!"   - you have symbols, lowercase, uppercase, and enough characters to make it hard to do dictionary attacks and it's easy to remember

 

 

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
24 minutes ago, Wolfinch said:

I do this to make extra security layer. So when people success bypass my first layer (1234), they still need to bypass second and third layer security.

If an actor can bypass one layer using technological means, nesting (the same type of encryption) makes no difference.

 

If an actor has unlimited resources, nesting will make no difference but buy time.

 

If an actor has no moral issues with torture, nesting will just prolong your suffering.

 

From my perspective, I just see a waste of effort and CPU cycles.

Main System (Byarlant): Ryzen 7 5800X | Asus B550-Creator ProArt | EK 240mm Basic AIO | 16GB G.Skill DDR4 3200MT/s CAS-14 | XFX Speedster SWFT 210 RX 6600 | Samsung 990 PRO 2TB / Samsung 960 PRO 512GB / 4× Crucial MX500 2TB (RAID-0) | Corsair RM750X | Mellanox ConnectX-3 10G NIC | Inateck USB 3.0 Card | Hyte Y60 Case | Dell U3415W Monitor | Keychron K4 Brown (white backlight)

 

Laptop (Narrative): Lenovo Flex 5 81X20005US | Ryzen 5 4500U | 16GB RAM (soldered) | Vega 6 Graphics | SKHynix P31 1TB NVMe SSD | Intel AX200 Wifi (all-around awesome machine)

 

Proxmox Server (Veda): Ryzen 7 3800XT | AsRock Rack X470D4U | Corsair H80i v2 | 64GB Micron DDR4 ECC 3200MT/s | 4x 10TB WD Whites / 4x 14TB Seagate Exos / 2× Samsung PM963a 960GB SSD | Seasonic Prime Fanless 500W | Intel X540-T2 10G NIC | LSI 9207-8i HBA | Fractal Design Node 804 Case (side panels swapped to show off drives) | VMs: TrueNAS Scale; Ubuntu Server (PiHole/PiVPN/NGINX?); Windows 10 Pro; Ubuntu Server (Apache/MySQL)


Media Center/Video Capture (Jesta Cannon): Ryzen 5 1600X | ASRock B450M Pro4 R2.0 | Noctua NH-L12S | 16GB Crucial DDR4 3200MT/s CAS-22 | EVGA GTX750Ti SC | UMIS NVMe SSD 256GB / Seagate 1.5TB HDD | Corsair CX450M | Viewcast Osprey 260e Video Capture | Mellanox ConnectX-2 10G NIC | LG UH12NS30 BD-ROM | Silverstone Sugo SG-11 Case | Sony XR65A80K

 

Camera: Sony ɑ7II w/ Meike Grip | Sony SEL24240 | Samyang 35mm ƒ/2.8 | Sony SEL50F18F | Sony SEL2870 (kit lens) | PNY Elite Perfomance 512GB SDXC card

 

Network:

Spoiler 
                           ┌─────────────── Office/Rack ────────────────────────────────────────────────────────────────────────────┐
Google Fiber Webpass ────── UniFi Security Gateway ─── UniFi Switch 8-60W ─┬─ UniFi Switch Flex XG ═╦═ Veda (Proxmox Virtual Switch)
(500Mbps↑/500Mbps↓)                             UniFi CloudKey Gen2 (PoE) ─┴─ Veda (IPMI)           ╠═ Veda-NAS (HW Passthrough NIC)
╔═══════════════════════════════════════════════════════════════════════════════════════════════════╩═ Narrative (Asus USB 2.5G NIC)
║ ┌────── Closet ──────┐   ┌─────────────── Bedroom ──────────────────────────────────────────────────────┐
╚═ UniFi Switch Flex XG ═╤═ UniFi Switch Flex XG ═╦═ Byarlant
   (PoE)                 │                        ╠═ Narrative (Cable Matters USB-PD 2.5G Ethernet Dongle)
                         │                        ╚═ Jesta Cannon*
                         │ ┌─────────────── Media Center ──────────────────────────────────┐
Notes:                   └─ UniFi Switch 8 ─────────┬─ UniFi Access Point nanoHD (PoE)
═══ is Multi-Gigabit                                ├─ Sony Playstation 4 
─── is Gigabit                                      ├─ Pioneer VSX-S520
* = cable passed to Bedroom from Media Center       ├─ Sony XR65A80K (Google TV)
** = cable passed from Media Center to Bedroom      └─ Work Laptop** (Startech USB-PD Dock)

 

Retired/Other:

Spoiler

Laptop (Rozen-Zulu): Sony VAIO VPCF13WFX | Core i7-740QM | 8GB Patriot DDR3 | GT 425M | Samsung 850EVO 250GB SSD | Blu-ray Drive | Intel 7260 Wifi (lived a good life, retired with honor)

Testbed/Old Desktop (Kshatriya): Xeon X5470 @ 4.0GHz | ZALMAN CNPS9500 | Gigabyte EP45-UD3L | 8GB Nanya DDR2 400MHz | XFX HD6870 DD | OCZ Vertex 3 Max-IOPS 120GB | Corsair CX430M | HooToo USB 3.0 PCIe Card | Osprey 230 Video Capture | NZXT H230 Case

TrueNAS Server (La Vie en Rose): Xeon E3-1241v3 | Supermicro X10SLL-F | Corsair H60 | 32GB Micron DDR3L ECC 1600MHz | 1x Kingston 16GB SSD / Crucial MX500 500GB

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

The biggest improvements to security you can make are: Use something with a strong encryption algorithm (e.g. 7-zip uses AES-256) and pair it with a strong password (password length being one of the most important factors). Using the same algorithm twice doesn't add much extra security, if any.

Remember to either quote or @mention others, so they are notified of your reply

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
14 hours ago, mariushm said:

Also ... using just numbers for passwords makes it super easy and fast for someone to guess the password using an automated tool. Add a few letters and symbols and you increase the difficulty significantly  ... for example instead of 1234 use Wolf12!XY34   ... and then Wolf56!XY7 

 

Another better password than just numbers would be something like  "!!!Stupid Word Document!!!"   - you have symbols, lowercase, uppercase, and enough characters to make it hard to do dictionary attacks and it's easy to remember

Thanks for the knowledge, but that number password is only for example. My real password is 30-40 length with combination of number, symbol, and words

14 hours ago, AbydosOne said:

If an actor can bypass one layer using technological means, nesting (the same type of encryption) makes no difference.

 

If an actor has unlimited resources, nesting will make no difference but buy time.

 

If an actor has no moral issues with torture, nesting will just prolong your suffering.

 

From my perspective, I just see a waste of effort and CPU cycles.

13 hours ago, Eigenvektor said:

The biggest improvements to security you can make are: Use something with a strong encryption algorithm (e.g. 7-zip uses AES-256) and pair it with a strong password (password length being one of the most important factors). Using the same algorithm twice doesn't add much extra security, if any.

Forgot to say that I make this method only to prevent common people, not to hacker, cracker, or other people that have knowledge to bypass something. Just like put a locker inside a locker to prevent "common" thief, but of course it cant prevent robbery with bomb, etc.

 

And what if I use encypted rar inside encrypted 7z? What do you think?

11 hours ago, dilpickle said:

Is it safe? Yes

 

Is it providing extra security? No

what if I use encypted rar inside encrypted 7z? What do you think?

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

It makes no importance if it's rar or 7zip  or other archive format.  It's a locked box, inside a locked box.   If someone is clever enough to break the first lock, they can break the second lock, you're just extending the amount of time it takes to break the locks - eventually, they'll break the lock.

 

Most archive formats use well known encryption algorithms these days, similar to the ones browsers use when you access an encrypted website (the ones with https:// in front) . 

For example, this website uses TLS_AES_128_GCM_SHA256 , TLS 1.3 , AES-128 bits encryption  ... WinRAR uses AES-256, 7-zip  uses AES-256, WinZIP uses AES-128 or AES-256...

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
2 hours ago, Wolfinch said:

And what if I use encypted rar inside encrypted 7z? What do you think?

While technically more secure, it's not worth the effort, imho. AES-256 should be "unbreakable" for the foreseeable future.

 

The weakest link is your password. If your password is good, one should be enough. If your passwords are easy to guess, adding a second one makes little difference.

 

I would put my efforts into creating one secure password rather than two medium ones.

Remember to either quote or @mention others, so they are notified of your reply

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Programs, Apps and Websites

×