Upload and download with encryption Thread poster: Oliver Walter
| Oliver Walter United Kingdom Local time: 01:14 German to English + ...
This may interest anybody who wants to upload files for storage on a server on the Internet but wants to be sure that nobody can read their contents without authorisation. The question arose some weeks ago in the following thread about a new feature here at Proz (file upload and storage):
... See more This may interest anybody who wants to upload files for storage on a server on the Internet but wants to be sure that nobody can read their contents without authorisation. The question arose some weeks ago in the following thread about a new feature here at Proz (file upload and storage):
http://www.proz.com/forum/prozcom:_translator_coop/107098-new_feature:_file_upload_and_storage_for_tms_glossaries_etc.html
My suggestion is about file encryption.
Although WinZip is promoted as a compression program, it can also be used for encryption (and you save space with the compression at the same time).
My procedure for storing a file (such as a TM, which was discussed in the thread) in encrypted form in Proz (or other Internet upload-and-store service) would be this.
- Using WinZip, make a (compressed) Zip file from the file.
- Tell WinZip to encrypt it using the 256-bit AES algorithm and a long password (Select the file in WinZip; "Actions" menu, "Encrypt"). The password should be at least 12 characters, not consist purely of real words, and include at least one digit, one uppercase and one lowercase letter. Make sure you keep a record of the password! When the file is encrypted, a superscript cross (x) is shown next to its name in the file list in WinZip.
- Upload the resulting Zip file. I am very confident nobody will be able to extract its original contents without being given the password.
- When you want to use the file, download the Zip file, then open it with WinZip.
- Extract the encrypted file. At this point you have to give the password.
This means you need to use WinZip (or equivalent) both to prepare the file for upload and to use it after download.
I mentioned WinZip because it is the product I use. There are other compression programs, including free ones, but I don't know which of them, if any, can encrypt and/or decrypt (and decompress) using the same algorithm as the AES 256-bit one in WinZip. WinZip can be used free for 30 days and even longer, but then you get a "nag" dialog box every time you use it. I used it free like this for a couple of years, then decided it was both useful and very reliable, so I paid $30 for a licence.
There is information about the algorithm here:
http://www2.winzip.com/aes_info.htm
There are "password recovery" programs, e.g.
http://www.lostpassword.com/zip.htm
and if you read the "limitations" at the bottom of the page, you will see that finding the password for a file encrypted as I described is theoretically possible but, as far as I know, impossible in practice, because it would take far too long. At 100 passwords per second, it can test 8.6 million passwords per day. A 12-character password, even if only from the 26 letters a-z, has 26-to-the-power-12 possibilities, i.e. 95000 million million. At 100 passwords per second, it would take 30 million years to test all of these. (And a million times as fast would take 30 years.)
My suggestion for how to choose the pasword is so that the attempt at decryption would not be helped much by trying simple combinations of ordinary words from a dictionary (called "dictionary attack", a known method). Alternatively you could use real words but, for example, 3 short ones from 3 different languages.
Of course you can use this method for encryption and decryption within one computer; then you just omit the upload and download steps.
I hope that helps with deciding whether to use the Proz (or indeed any other) file upload and storage facility.
Oliver ▲ Collapse | | | any compressing software will do | Aug 3, 2008 |
By the way, RAR makes smaller archives of TXT. | | | Oliver Walter United Kingdom Local time: 01:14 German to English + ... TOPIC STARTER That's good news | Aug 4, 2008 |
Sergei Leshchinsky wrote:
"any compressing software will do"
By the way, RAR makes smaller archives of TXT.
Yes, I see now that there are a number of other compression programs (including free ones) that support 256-bit AES encryption. So, what you wrote doesn't surprise me.
What would surprise me is any assertion that a well chosen password can be "recovered" (i.e. "cracked") in a reasonable time, e.g. less than several months. If anybody makes this assertion, I will be willing to make an encrypted Zip file (doing that will take only a few minutes) and send it to them for decryption.
Oliver | | | To report site rules violations or get help, contact a site moderator: You can also contact site staff by submitting a support request » Upload and download with encryption Pastey | Your smart companion app
Pastey is an innovative desktop application that bridges the gap between human expertise and artificial intelligence. With intuitive keyboard shortcuts, Pastey transforms your source text into AI-powered draft translations.
Find out more » |
| Trados Business Manager Lite | Create customer quotes and invoices from within Trados Studio
Trados Business Manager Lite helps to simplify and speed up some of the daily tasks, such as invoicing and reporting, associated with running your freelance translation business.
More info » |
|
| | | | X Sign in to your ProZ.com account... | | | | | |