Is 7-zip encryption secure? If yes, then to what extend?
I have a text file in which I store all my bank details. I compress and encrypt it with 7-Zip encryption using the following parameters: Compression parameters:
- Archive format: 7z
- Compression level: Ultra
- Compression method: LZMA2
- Dictionary size: 64 MB
- Solid Block size: 4 GB
- Number of CPU threads: 4
Encryption method: AES-256
Encrypt file names: True
The password for the encryption is chosen such that it won't be found in any dictionary and is rather an almost random string (composed of 15-20 upper and lower case letters, numbers, and symbols). I do not store this password anywhere.
Also, the filename of the text file is kept such that no one will be able to tell that the file is related to bank details at all.
Is 7-zip encryption secure enough, under the following scenarios? The attacker takes full control of the system but does not know that this particular file is of any importance to him. The attacker is in possession of the file and is actively trying to decrypt it, knowing that it has the bank details.
7-zip encryption (or any other similar utilities) is designed to protect archived files. So, as long as the tool designers did their job well, you are safe for the second case (somebody getting his hand on the encrypted file and trying to crack it). However, such utilities like 7-zip encryption, are not designed to protect you against your first mentioned case (someone getting access to your account data on your machine and/or you accessing the file content regularly). Indeed, someone who has taken full (or even just minimal, no need to escalate privileges) access to your system will see you use this file and will also be able to capture your keystrokes while you type your password. Even worse: an attacker will actually will not even have to bother with this since the file will most probably be present in clear form in your Windows Temp directory. So, for your first threat, I would definitively recommend you to use a tool designed for this usage, like KeePass which will avoid storing decrypted data in temporary files and will provide minimum protection when typing the password.
How to use 7-zip encryption to files and folders?
To obtain a copy of 7-Zip, please see http://www.7-zip.org/ and select the appropriate Download link.
Once the software is installed, please follow these steps to encrypt a file or folder.
Step 1: Right click on the file / folder to be encrypted.Step 2: Select “7-Zip” then “Add to archive…” Step 3: In the Add to Archive window change the name of the archive you wish to create. Step 4: Change the Archive format to “Zip”.Step 5: Change the Encryption Method to “AES-256”.It is strongly recommended to use AES-256 to protect sensitive and confidential data.Step 6: Enter a Password. Use a strong password with at least 8 characters containing upper and lowercase letters, and a minimum of one number.Step 7: Select “Ok” to create the encrypted archive file. The new archive file will be located in the same folder as the original.