7z compressed and encrypted files, how secure they are?

Terminal Velocity

Well-Known Member
Joined
Oct 13, 2021
Messages
716
Reaction score
521
Credits
5,083
I use Debian 11 Cinnamon and I compress and encrypt files with the preinstalled programs using ''right click>compress'' from the list I select ''7z'', I expand ''other options'' and I enter a password.
Screenshot from 2024-08-17 13-41-38.png

Since the program does not specify:

1) What method of encryption it uses? Is it AES-256?

2) How secure is the file created from a brute force attack?

What is bothering me is that it has all those file types available and all have the option to encrypt the file... No not all those file types can be encrypted let alone with AS-256... It is puzzling
Screenshot from 2024-08-17 14-55-42.png
 


This is interesting. I use Mate's archive/encryption tool, Engrampa. In its manual I found this:

The encryption provided by archive utilities is weak and insecure. If security is important, use a strong encryption tool such as GNU Privacy Guard.
 
This is interesting. I use Mate's archive/encryption tool, Engrampa. In its manual I found this:
This is disappointing since it requires lots of work to move to an other method now
 
In the properties of a compressed file as 7z says the following in the type field, I don't know if that means something

Edit: Deleted the screenshot for security reasons
 
Last edited:
I don't think anything in your screenshot has to do with the strength of the encryption.
 
your screenshot appears perfectly normal to me.

I think a brute force attack which included your pc would be atmospherically unlikely to ever occur.
 
For the record, you can include special characters (like dashes and hyphens) in a dictionary attack. The 'dictionary attack' is a method of attacking and not limited to just words you find in a dictionary. It's basically a list of potential passwords that are checked sequentially.

It'd be trivial to programmatically create a dictionary that included hyphens.

But, a brute force would also be effective, as that too can use special characters.

(This doesn't mean it'd be quick. It merely means that it is possible. A complicated password is a good thing, though a passphrase is often easier to remember.)
 
From a research I made yesterday it turns out that when you try to compress and encrypt a file as 7z, Nemo File Manager (The default file manager of Cinnamon) invokes the 7-zip program for Linux which is preinstalled. So the produced file has those characteristics:


The main features of the 7z format:

....
Strong AES-256 encryption
...
 
If you want to see the metadata of your encrypted file this is the command:
$ 7z l -slt 'file path'

In my case:
Path = Untitled Document
Size = 4
Packed Size = 16
Modified = 2024-08-17 17:54:06
Attributes = A_ -rw-r--r--
CRC = 15C36BCF
Encrypted = +
Method = LZMA2:12 7zAES:19
Block = 0

Notice that the method of encryption is 7zAES:19 which means 2^19 SHA-256 iterations. This is what Igor Pavlov (the developer of the program) says that it means
 
For file encryption it's much better to encrypt with gpg certificate, you can have a simple memorable password for private key for one certificate and encrypt many files with that one cert.
 
For file encryption it's much better to encrypt with gpg certificate, you can have a simple memorable password for private key for one certificate and encrypt many files with that one cert.
GPG has no GUI for Debian 11, it is CLI only as far as I know. Not fit for the job I need it
 

Members online


Top