13

There are encryption softwares like Veracrypt which encrypt data and the only way to open encrypted file is via password, but a simple compressing softwares like RAR also provide password protection.

Now the problem with password is that: it can broken using brute force attack.

So my question is, what makes Veracrypt any different from RAR softwares in case of such attacks, what's point in encryption?

Vilican
  • 2,703
  • 8
  • 21
  • 35
Red Aura
  • 257
  • 1
  • 2
  • 5
  • 12
    Please do a little research on the difference between disk/drive encryption and encrypting a compressed file, then amend your question with what you're actually asking. – Anti-weakpasswords Jan 18 '15 at 05:35
  • 1
    Im not talking about encrypting compressed file. Im asking whats the point in encrypting a file when all a hacker needs is password to decrypt. Why should a user spend time encrypting a file, when RAR compression offers same protection. – Red Aura Jan 18 '15 at 06:41
  • Scenario: a malicious person gains access to your computer, attempts to install a virus/keylogger/malware - using winrar, they succeed in doing so - using veracrypt, they can't without deleting any sensitive info you have saved and alerting you to the alteration – user2813274 Jan 18 '15 at 11:41
  • 10
    Have you ever booted from a rar archive? – CodesInChaos Jan 18 '15 at 16:22
  • Have you ever booted from a rar archive? Im not saying that RAR and VERACRYPT are same, but my question was regarding advantages of Encryption. – Red Aura Jan 19 '15 at 04:46
  • If you don't have a password, how would you expect to access the files inside? –  Jul 19 '15 at 07:49
  • The question title is misleading; the actual queztion is what the difference is between encrypted archives and full disk encryption. – S.L. Barth Jul 19 '15 at 08:06
  • Why do you ask: "But all a hacker needs is Password" ? Why do you feel that a good password/phrase is so vulnerable? Passwords and passphrases have formed the basis for many of the strongest ciphers used over the past century. I admit, they are not perfect; however, please do not confuse simple encryption methods using weak passwords (e.g. RAR) with our sophisticated current ciphers with strong passwords. –  Aug 04 '15 at 20:44

6 Answers6

15

Encrypted archives are fine if you want to send encrypted data to somebody else, or perhaps to encrypt a backup.

Disk encryption software like TrueCrypt target different use cases:

  • You can encrypt your system drive. You get prompted for your password on boot. If somebody steals your computer/hard disk they can't read your data without guessing the password.

  • Mounting encrypted partitions and containers. Once you mount a container all the files in it are accessible to every program transparently, instead of needing a specialized tool.

    Since you can use any filesystem supported by you OS on top of a TrueCrypt container (file, partition or whole disk). These filesystems support efficient random read- and write access. Compressed archives are meant to be created and unpacked as one long operation, they're not suitable for mounting.

If I remember correctly, rar uses ECB mode for encryption. This is very bad for uncompressed data, but compression should eliminate should remove most of the plaintext structure/repetition, so it's slightly less bad in the common case of compressed files in a rar archive.

CodesInChaos
  • 11,854
  • 2
  • 40
  • 50
11

Now the problem with password is that: it can broken using brute force attack.

Not necessarily.

It's possible to mitigate bruce-forcing of passwords such that it is practically impossible to brute-force them. It requires mitigation in the system, but it also requires that the password is secure too.

When an encryption scheme derives its key from a password, it does so using a derivation function, which takes the password as input and generates a sufficiently long key string from it. A simple example of a derivation function is just a plain hash function, like SHA-512 or Whirlpool. Such a derivation function is easy to brute-force, because it runs very quickly and doesn't use many resources, so you can run it millions of times per second in order to try millions of possible passwords a second. Running on a GPU can extend this to hundreds of millions of passwords tried per second because it can be calculating many hashes in parallel.

But encryption schemes like the one in Veracrypt use a derivation function that is difficult to brute-force, because it requires a lot of computing time and resources. For example, instead of running a SHA-512 or Whirlpool hash over the password once to derive the key, it runs that hash function over and over again, thousands of times, each time feeding the output back into the hash function again. Veracrypt does this at least 200,000 times, and up to around 650,000 times. When brute-forcing a password, you would have to run the hash function that many times, just to attempt a single password. It reduces the number of passwords you can brute-force per second from, say, 1 million passwords per second down to maybe 1.5 (one and a half) passwords per second. This all but kills the ability to brute-force. GPUs would still be able to do it faster, if they work on many different passwords at once, but you still get around 1/650,000 the ability to brute-force.

Which brings us to password length. If your password is short or trivial ("12345" or "hunter2"), it's trivial to brute-force it no matter what. Passwords need to be long and unpredictable enough that they are unlikely to be discovered within the first billion attempts in a brute-force. The good thing is that every character you add to your password multiplies its resistance to brute-forcing significantly. If you have a 20-character password that is not predictable (eg random letters with numbers), it's going to be practically impossible to brute force. Coupled with Veracrypt's brute-force mitigation which slows down the ability to brute-force by hundreds of thousands of times, now a 16-character password is just as secure. And even a short password eg 10-12 characters will probably be unfeasible to brute-force - that is, it may still not be discovered after months or years of attempted brute-forcing.

thomasrutter
  • 1,465
  • 11
  • 16
9

VeraCrypt doesn't have to use passwords, they can use smartcards, too. If you read VeraCrypt's documentation, you can see so many differences from a simple encrypted archive.

If your question is simply, "I don't see why encryption is a protection if all you need is a password to decrypt", then we can talk about that. Yes, passwords can be brute-forced, which is why VeraCrypt offers things like hidden volumes. In any case, the protection of the password becomes very important.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • 5
    Hidden volumes don't protect against brute-force. It's just a legal trick of unclear effectiveness. – CodesInChaos Jan 18 '15 at 20:57
  • 1
    It protects against brute-force if you can't find it. Rar files are evident. – schroeder Jan 18 '15 at 21:04
  • 3
    Hidden volumes are not hidden in the sense of "can't find it", they're only hidden in the sense of "can't prove it exists". Assuming Veracrypt works like TrueCrypt in that regard, each volume has two slots one for the normal volume and one for the hidden volume. Since some users only use one volume and some both, you can't know if a particular volume contains a hidden volume. It's hoped that this prevents countries like the UK from forcing you to reveal that password when you claim "I don't use a hidden volume". – CodesInChaos Jan 18 '15 at 21:09
  • 1
    Perhaps I'm missing something. I know all that you have told me. The hidden volume does not announce itself in any way. To access it, you need to use the password of the outer volume, then mount the hidden volume. The fact that you have to bruteforce the outer first, then guess that there is a second is in itself a protection, if only by obscurity. An overt file is a target, a hidden file is a guess. – schroeder Jan 18 '15 at 21:17
  • I would like to say Schroeder answer showed a difference between Encryption and RAR Password protection. I thank rest of the users for answering my question. – Red Aura Jan 20 '15 at 04:54
  • @schroeder you don't need access to the regular volume to access the hidden volume, all you need is the passphrase to the hidden volume. They are independent volumes that happen to co-exist side-by-side - NOT a volume layered inside another volume. A hidden volume provides no additional protection against brute-forcing - to brute-force it, simply tell your brute-forcing tool to work on the hidden volume - which is at the end of the drive - instead of the main volume which is at the start. Hidden volumes only let you reveal a "fake" main volume to someone without proof there's a hidden one. – thomasrutter Aug 24 '15 at 12:36
6

You are comparing apples with oranges a bit. VeraCrypt offers the possibility of full disk encryption, the aim being to protect all your file system from unauthorized access. Even if the process depends on a password and is theoretically brute-forcible, this does not mean that the attack will be successful in a reasonable amount of time.

Taken from VeraCrypt website:

As an example, when the system partition is encrypted, TrueCrypt uses PBKDF2-RIPEMD160 with 1000 iterations whereas in VeraCrypt we use 327661. And for standard containers and other partitions, TrueCrypt uses at most 2000 iterations but VeraCrypt uses 655331 for RIPEMD160 and 500000 iterations for SHA-2 and Whirlpool.

This enhanced security adds some delay only to the opening of encrypted partitions without any performance impact to the application use phase. This is acceptable to the legitimate owner but it makes it much harder for an attacker to gain access to the encrypted data.

The large number of iterations is supposed to add a significant delay to the decryption operation, so that an attack would take tens/hundreds of years to complete. Of course, this applies if a strong password is used. If your system is stolen, the probability of your files being accessed is very limited.

WinRar password protection is used to protect individual files(archives) and uses AES 256. Provided you use a strong enough password, the brute force process would also too much time to make it useful, so using passwords to protect archives is not a bad idea.

Dinu
  • 3,166
  • 14
  • 25
  • But all a hacker needs is Password, then whats the advantage of encryption ??? If its like WinRAR file can be opened without Password and Veracrypt will not give access until hacker submits real Password, it make a Huge difference. That's not case here. – Red Aura Jan 18 '15 at 15:43
  • 2
    VeraCrypt encrypts your disk, you enter the password at boot, then it is transparent for all your running programs. They will not knowb that the files are encrypted. On the other side, you cannot install a program inside an archive an run it, without extracting the archive. – Dinu Jan 18 '15 at 15:48
2

Encrypted files/drives/partitions are designed so its content appears random without a decrypt and to be at best hack resistant if not proof [ see Truecrypt entry in Wikipedia for all the tricks it includes] whereas RAR was mainly designed to compresses or container files for distribution with security as a secondary concern. For example, RAR can leave images of the decrypted files in cache, virtual memory, or a created temp file. Since inception, RAR and other container formats like 7z, tar or zip, have added encryption like features, but not selecting the most secure method opens the container to easy decryption even without passwords, even if the container requires a password. Just google password removers for RAR or other container formats, they are designed to exploit those weaknesses. Even assuming RAR introduces more veracrypt like features, containers "decrypt" each file on demand or you can decrypt the container completely, which slows throughput as the files size increases and leaves a decrypted footprint somewhere the user must clean up; Veracrypt was designed as a user transparent layer between file access and the user, so the overhead of a decrypt suffers minimally regardless of file size and also best attempts are made to insure no trace of the decrypted file or the password is left when a veracrypt session is closed. RAR files resize on demand, while Veracrypt files are fixed size.

All passwords can be brute forced, but it can take a long time to guess it if you make it as difficult as possible, as explained elsewhere. It doesn't matter what the application is. However, using Veracrypt or Truecrypt avoids holes hackers can exploit as a shortcut, as exemplified by the RAR password hacking programs you can easily download.

John Smith
  • 21
  • 2
1

simple answer/summary of other answers: the encryption with Veracrypt is more robust than the one used by RAR.

See other answers for details, and this thread for 7zip against TrueCrypt (base of VeraCrypt): Is 7-Zip's AES encryption just as secure as TrueCrypt's version?

Community
  • 1
EricBDev
  • 111
  • 1