This may interest anybody who wants to upload files for storage on a server on the Internet but wants to be sure that nobody can read their contents without authorisation. The question arose some weeks ago in the following thread about a new feature here at Proz (file upload and storage):
My suggestion is about file encryption.
Although WinZip is promoted as a compression program, it can also be used for encryption (and you save space with the compression at the same time).
My procedure for storing a file (such as a TM, which was discussed in the thread) in encrypted form in Proz (or other Internet upload-and-store service) would be this.
- Using WinZip, make a (compressed) Zip file from the file.
- Tell WinZip to encrypt it using the 256-bit AES algorithm and a long password (Select the file in WinZip; "Actions" menu, "Encrypt"). The password should be at least 12 characters, not consist purely of real words, and include at least one digit, one uppercase and one lowercase letter. Make sure you keep a record of the password! When the file is encrypted, a superscript cross (x) is shown next to its name in the file list in WinZip.
- Upload the resulting Zip file. I am very confident nobody will be able to extract its original contents without being given the password.
- When you want to use the file, download the Zip file, then open it with WinZip.
- Extract the encrypted file. At this point you have to give the password.
This means you need to use WinZip (or equivalent) both to prepare the file for upload and to use it after download.
I mentioned WinZip because it is the product I use. There are other compression programs, including free ones, but I don't know which of them, if any, can encrypt and/or decrypt (and decompress) using the same algorithm as the AES 256-bit one in WinZip. WinZip can be used free for 30 days and even longer, but then you get a "nag" dialog box every time you use it. I used it free like this for a couple of years, then decided it was both useful and very reliable, so I paid $30 for a licence.
There is information about the algorithm here:
There are "password recovery" programs, e.g.
and if you read the "limitations" at the bottom of the page, you will see that finding the password for a file encrypted as I described is theoretically possible but, as far as I know, impossible in practice, because it would take far too long. At 100 passwords per second, it can test 8.6 million passwords per day. A 12-character password, even if only from the 26 letters a-z, has 26-to-the-power-12 possibilities, i.e. 95000 million million. At 100 passwords per second, it would take 30 million years to test all of these. (And a million times as fast would take 30 years.)
My suggestion for how to choose the pasword is so that the attempt at decryption would not be helped much by trying simple combinations of ordinary words from a dictionary (called "dictionary attack", a known method). Alternatively you could use real words but, for example, 3 short ones from 3 different languages.
Of course you can use this method for encryption and decryption within one computer; then you just omit the upload and download steps.
I hope that helps with deciding whether to use the Proz (or indeed any other) file upload and storage facility.
| || || |