How efficient is using WinRAR to password protect a file?

I have a a file with important data that I want to password-protect. I basically want to be prompted for a password every time I try to open the file. I tried TrueCrypt but it doesn't seem to prompt for a password every time you try to open the file (well, unless I missed something).

As a simple workaround, I decided to use WinRAR for this task (by adding a password to the archive). It works great and all but I have a little concern. Everytime I open a file with WinRAR it decompresses the file to a temporary folder. Now I'm worried that the data can be accessed in the temporary folder. I don't know if WinRAR deletes the content of the temporary folder later but even if this is the case the content can still be accessed by some utility (one of those utilities that allow you to view/save deleted files) so it doesn't seem like a secure option to me.

My questions are, is my understanding about how WinRAR works correct? If so, is there another simple (and secure) way to password protect a file?

truly

Posted 2010-08-16T15:10:23.990

Reputation: 41

Answers

Truecrypt is actually quite a good approach.

It has a "cache recently used passwords" option, so that if you mount your file, then un-mount it, the mount it again - it won't ask for the password the second time to save you time. You can (and by the sounds of things want to) turn this off, and which point it probably does what you want.

DMA57361

Posted 2010-08-16T15:10:23.990

Reputation: 17 581

You are correct, if security is a concern, then WinRAR is not a secure option. It's designed more for archiving or delivering files than secure storage. RAR is a known format with many implementations -- you would need to know the details of the specific implementation you were using to guarantee security.

You could still use TrueCrypt if you want to have to type the password every time you use the file. Just create a volume with the secret file, mount it when you need to use it, and unmount it when you're done.

There's also an option to Auto-dismount after no data has been read/written for X minutes, which you could use to eliminate the dismount step.

zildjohn01

Posted 2010-08-16T15:10:23.990

Reputation: 2 212

Doesn't the RAR format always use AES-128? – user1686 – 2010-08-16T21:24:57.800

Yes, but different programs might extract first to a nonsecure location, or even leave temporary files laying around after they quit. Even if they are deleted, they most likely aren't deleted securely, thereby leaving traces of the secret file on disk. In fact, the more times the file is extracted, the more copies could potentially be floating around in unused sectors. – zildjohn01 – 2010-08-17T02:18:00.847

Try My Private folder, XP only

http://www.softpedia.com/get/Security/Lockdown/Microsoft-Private-Folder.shtml

Moab

Posted 2010-08-16T15:10:23.990

Reputation: 54 203

This looks quite interesting. I'll have a look on it. Thanks a lot. – truly – 2010-08-16T15:41:56.847

3This was distributed by Microsoft for Free, then IT administrators screamed to have it removed, so they did, but it was too late, copies spread around the net. – Moab – 2010-08-17T00:54:41.353

TrueCrypt asks you for the password when you mount the container. Of course, it defeats the purpose of encryption software if you mount it automatically, so mount it when you need to use it, then unmount afterwards.

Hello71

Posted 2010-08-16T15:10:23.990

Reputation: 7 636

I really like TrueCrypt but this mounting/unmounting thing makes it almost useless for me if all I need is to password-protect one single file. It's almost impossible that I'll remember to unmount every time I'm done with the file. – truly – 2010-08-16T15:39:04.973

I don't understand your request. You want security, but don't want to mount every time. That's what it costs to secure your file/files. Winrar IS NOT an option. Use Truecrypt, or bestcrypt: they're the most known tools for that

AziD

Posted 2010-08-16T15:10:23.990

Reputation: 1

I have been using the Sophos Free Encryption tool for a while now. I generally use it to encrypt customer data before emailing it. Sophos Encryption tool can be downloaded from their website.

Ɖiamond ǤeezeƦ

Posted 2010-08-16T15:10:23.990

Reputation: 101