Mobile menu

Upload and download with encryption
Thread poster: Oliver Walter

Oliver Walter  Identity Verified
United Kingdom
Local time: 06:04
Member (2005)
German to English
+ ...
Aug 3, 2008

This may interest anybody who wants to upload files for storage on a server on the Internet but wants to be sure that nobody can read their contents without authorisation. The question arose some weeks ago in the following thread about a new feature here at Proz (file upload and storage):

http://www.proz.com/forum/prozcom:_translator_coop/107098-new_feature:_file_upload_and_storage_for_tms_glossaries_etc.html

My suggestion is about file encryption.
Although WinZip is promoted as a compression program, it can also be used for encryption (and you save space with the compression at the same time).

My procedure for storing a file (such as a TM, which was discussed in the thread) in encrypted form in Proz (or other Internet upload-and-store service) would be this.

  1. Using WinZip, make a (compressed) Zip file from the file.

  2. Tell WinZip to encrypt it using the 256-bit AES algorithm and a long password (Select the file in WinZip; "Actions" menu, "Encrypt"). The password should be at least 12 characters, not consist purely of real words, and include at least one digit, one uppercase and one lowercase letter. Make sure you keep a record of the password! When the file is encrypted, a superscript cross (x) is shown next to its name in the file list in WinZip.

  3. Upload the resulting Zip file. I am very confident nobody will be able to extract its original contents without being given the password.

  4. When you want to use the file, download the Zip file, then open it with WinZip.

  5. Extract the encrypted file. At this point you have to give the password.

This means you need to use WinZip (or equivalent) both to prepare the file for upload and to use it after download.

I mentioned WinZip because it is the product I use. There are other compression programs, including free ones, but I don't know which of them, if any, can encrypt and/or decrypt (and decompress) using the same algorithm as the AES 256-bit one in WinZip. WinZip can be used free for 30 days and even longer, but then you get a "nag" dialog box every time you use it. I used it free like this for a couple of years, then decided it was both useful and very reliable, so I paid $30 for a licence.

There is information about the algorithm here:
http://www2.winzip.com/aes_info.htm

There are "password recovery" programs, e.g.
http://www.lostpassword.com/zip.htm
and if you read the "limitations" at the bottom of the page, you will see that finding the password for a file encrypted as I described is theoretically possible but, as far as I know, impossible in practice, because it would take far too long. At 100 passwords per second, it can test 8.6 million passwords per day. A 12-character password, even if only from the 26 letters a-z, has 26-to-the-power-12 possibilities, i.e. 95000 million million. At 100 passwords per second, it would take 30 million years to test all of these. (And a million times as fast would take 30 years.)
My suggestion for how to choose the pasword is so that the attempt at decryption would not be helped much by trying simple combinations of ordinary words from a dictionary (called "dictionary attack", a known method). Alternatively you could use real words but, for example, 3 short ones from 3 different languages.

Of course you can use this method for encryption and decryption within one computer; then you just omit the upload and download steps.
I hope that helps with deciding whether to use the Proz (or indeed any other) file upload and storage facility.

Oliver


Direct link Reply with quote
 

Sergei Leshchinsky  Identity Verified
Ukraine
Local time: 08:04
Member (2008)
English to Russian
+ ...
any compressing software will do Aug 3, 2008

By the way, RAR makes smaller archives of TXT.

Direct link Reply with quote
 

Oliver Walter  Identity Verified
United Kingdom
Local time: 06:04
Member (2005)
German to English
+ ...
TOPIC STARTER
That's good news Aug 4, 2008

Sergei Leshchinsky wrote:
"any compressing software will do"

By the way, RAR makes smaller archives of TXT.


Yes, I see now that there are a number of other compression programs (including free ones) that support 256-bit AES encryption. So, what you wrote doesn't surprise me.

What would surprise me is any assertion that a well chosen password can be "recovered" (i.e. "cracked") in a reasonable time, e.g. less than several months. If anybody makes this assertion, I will be willing to make an encrypted Zip file (doing that will take only a few minutes) and send it to them for decryption.

Oliver


Direct link Reply with quote
 


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

Upload and download with encryption

Advanced search






TM-Town
Manage your TMs and Terms ... and boost your translation business

Are you ready for something fresh in the industry? TM-Town is a unique new site for you -- the freelance translator -- to store, manage and share translation memories (TMs) and glossaries...and potentially meet new clients on the basis of your prior work.

More info »
SDL MultiTerm 2017
Guarantee a unified, consistent and high-quality translation with terminology software by the industry leaders.

SDL MultiTerm 2017 allows translators to create one central location to store and manage multilingual terminology, and with SDL MultiTerm Extract 2017 you can automatically create term lists from your existing documentation to save time.

More info »



All of ProZ.com
  • All of ProZ.com
  • Term search
  • Jobs