Upload and download with encryption
Thread poster: Oliver Walter
Oliver Walter
Oliver Walter  Identity Verified
United Kingdom
Local time: 13:53
German to English
+ ...
Aug 3, 2008

This may interest anybody who wants to upload files for storage on a server on the Internet but wants to be sure that nobody can read their contents without authorisation. The question arose some weeks ago in the following thread about a new feature here at Proz (file upload and storage):

... See more
This may interest anybody who wants to upload files for storage on a server on the Internet but wants to be sure that nobody can read their contents without authorisation. The question arose some weeks ago in the following thread about a new feature here at Proz (file upload and storage):

http://www.proz.com/forum/prozcom:_translator_coop/107098-new_feature:_file_upload_and_storage_for_tms_glossaries_etc.html

My suggestion is about file encryption.
Although WinZip is promoted as a compression program, it can also be used for encryption (and you save space with the compression at the same time).

My procedure for storing a file (such as a TM, which was discussed in the thread) in encrypted form in Proz (or other Internet upload-and-store service) would be this.

  1. Using WinZip, make a (compressed) Zip file from the file.

  2. Tell WinZip to encrypt it using the 256-bit AES algorithm and a long password (Select the file in WinZip; "Actions" menu, "Encrypt"). The password should be at least 12 characters, not consist purely of real words, and include at least one digit, one uppercase and one lowercase letter. Make sure you keep a record of the password! When the file is encrypted, a superscript cross (x) is shown next to its name in the file list in WinZip.

  3. Upload the resulting Zip file. I am very confident nobody will be able to extract its original contents without being given the password.

  4. When you want to use the file, download the Zip file, then open it with WinZip.

  5. Extract the encrypted file. At this point you have to give the password.

This means you need to use WinZip (or equivalent) both to prepare the file for upload and to use it after download.

I mentioned WinZip because it is the product I use. There are other compression programs, including free ones, but I don't know which of them, if any, can encrypt and/or decrypt (and decompress) using the same algorithm as the AES 256-bit one in WinZip. WinZip can be used free for 30 days and even longer, but then you get a "nag" dialog box every time you use it. I used it free like this for a couple of years, then decided it was both useful and very reliable, so I paid $30 for a licence.

There is information about the algorithm here:
http://www2.winzip.com/aes_info.htm

There are "password recovery" programs, e.g.
http://www.lostpassword.com/zip.htm
and if you read the "limitations" at the bottom of the page, you will see that finding the password for a file encrypted as I described is theoretically possible but, as far as I know, impossible in practice, because it would take far too long. At 100 passwords per second, it can test 8.6 million passwords per day. A 12-character password, even if only from the 26 letters a-z, has 26-to-the-power-12 possibilities, i.e. 95000 million million. At 100 passwords per second, it would take 30 million years to test all of these. (And a million times as fast would take 30 years.)
My suggestion for how to choose the pasword is so that the attempt at decryption would not be helped much by trying simple combinations of ordinary words from a dictionary (called "dictionary attack", a known method). Alternatively you could use real words but, for example, 3 short ones from 3 different languages.

Of course you can use this method for encryption and decryption within one computer; then you just omit the upload and download steps.
I hope that helps with deciding whether to use the Proz (or indeed any other) file upload and storage facility.

Oliver
Collapse


 
Sergei Leshchinsky
Sergei Leshchinsky  Identity Verified
Ukraine
Local time: 15:53
Member (2008)
English to Russian
+ ...
any compressing software will do Aug 3, 2008

By the way, RAR makes smaller archives of TXT.

 
Oliver Walter
Oliver Walter  Identity Verified
United Kingdom
Local time: 13:53
German to English
+ ...
TOPIC STARTER
That's good news Aug 4, 2008

Sergei Leshchinsky wrote:
"any compressing software will do"

By the way, RAR makes smaller archives of TXT.


Yes, I see now that there are a number of other compression programs (including free ones) that support 256-bit AES encryption. So, what you wrote doesn't surprise me.

What would surprise me is any assertion that a well chosen password can be "recovered" (i.e. "cracked") in a reasonable time, e.g. less than several months. If anybody makes this assertion, I will be willing to make an encrypted Zip file (doing that will take only a few minutes) and send it to them for decryption.

Oliver


 


To report site rules violations or get help, contact a site moderator:

Moderator(s) of this forum
Laureana Pavon[Call to this topic]

You can also contact site staff by submitting a support request »

Upload and download with encryption






Wordfast Pro
Translation Memory Software for Any Platform

Exclusive discount for ProZ.com users! Save over 13% when purchasing Wordfast Pro through ProZ.com. Wordfast is the world's #1 provider of platform-independent Translation Memory software. Consistently ranked the most user-friendly and highest value

Buy now! »
Protemos translation business management system
Create your account in minutes, and start working! 3-month trial for agencies, and free for freelancers!

The system lets you keep client/vendor database, with contacts and rates, manage projects and assign jobs to vendors, issue invoices, track payments, store and manage project files, generate business reports on turnover profit per client/manager etc.

More info »