How secure is the winzip/winrar passwords?

[brannsiu]

How secure is the password set for extraction of the winzip / winrar files? Is it a good way to protect the privacy of files by zipping them with winzip / winrar ? How secure it is? Of course I will not assign stupid passwords like abcde or 12345 , but passwords like fsgj#AAs212fssjh

 

[Phillip Corcoran]

Regardless of where a password is used (eg an app or a website), these main rules apply:

1) Make it fairly long and composed of random letters & numbers, and preferably a mix of uppercase & lowercase letters for good measure.


2) Then the next vital thing to do is to keep your password reminder notes (you'll never remember secure passwords without writing them down somewhere) securely out of sight.


3) Last but not least, passwords should be changed regularly - - it's a bind to have to have to do that but just as important for security as the previous two points.

 

[camieabz]

Assuming the zip / archive program is using AES 128 or 256, and you're using long, complicated passwords, it should be fine.

If sharing zipped files with others, e.g. over the Internet, I suggest a very long password, especially if the sharing is on a potentially public place. What protects most data is the lack of access to it. If I hand a USB drive to another, only the two of us have direct access to it (short of a PC being compromised by malware). If I e-mail it, potentially either end of the communication can be compromised, and presumably there could be 3rd party access, such as ISP, government services and so on. If I put it on an FTP server where other can see it, and download it, but not access it, they have time to get at it.

If you're protecting these files locally from other users, they will theoretically have all the time in the world to crack the password(s), so change your passwords periodically. It's a pain in the backside sometimes, but far more secure (assuming good password practices are exercised). If allowing guest access, disable removable drives for guests. You get the idea.

Zip security info - https/blog.itsecurityexpert.co.uk/2017/04/winzip-encryption-password-security-2017.html

Random Password Generator - https/passwordsgenerator.net (suggest minimum of 16 characters for expiring passwords of a month or less and 30 characters for greater, or if data is mission critical). Similar / ambiguous characters might confuse persons entering password(s) manually. Tick or untick as required. Suggest spaces are not used, as they can confuse users, and some text editors mess with them.)

Password Strength Checker - http/www.passwordmeter.com (ignore any repeating character warnings; any password generator that doesn't repeat characters is less safe, as cracking people/systems love a password with non-repeating characters.)