When you encrypt a file or a hard drive, is it really secure?

Porcupins asked the Antivirus & Security Software forum if encryption standards like AES really make your data secure.

There's no such thing as perfect security. Someone with sufficient time and money, and a strong enough motive, can crack anything.

So the real question becomes: Is your encryption secure enough. And the answer is: If your encryption software uses a recognized and respected standard such as AES or Blowfish, and you use strong passwords and take other precautions, it almost certainly is.

[Email your tech questions to answer@pcworld.com or post them on the PCW Answer Line forum.]

Given enough time or processing power, any password can be cracked through a brute force attack--where a program throws words and random character strings at an encrypted file until it stumbles upon the right password. But with a sufficiently strong password, the time and processing power required is just not practical.

Click for full image

To get an idea of how quickly a password can be cracked, check out How Secure is My Password? When I tried the word password, the web site told me that a conventional PC could crack it "almost instantly." On the other hand, if I used a random string of eight lowercase letters, my files would be safe for all of 52 seconds. But a string of 18 characters, including digits, punctuation, and upper- and lowercase letters, would remain safe for "3 quintillion years." I think that's sufficient--even assuming the use of hardware more powerful than a single PC.

But back up your strong passwords with other good habits. Always be suspicious about possible scams. Keep your security software up to date. Never share a password with anyone with whom you wouldn't share a credit card account. And if a Web site offers two-step verification, use it.

When you come right down to it, your security system doesn't have to be 100-percent impenetrable. It just needs to be harder to crack that most other, equally-tempting targets.

See Learn to use strong passwords for more on protecting yourself. And read the original forum discussion.

Shop ▾
arrow up Amazon Shop buttons are programmatically attached to all reviews, regardless of products' final review scores. Our parent company, IDG, receives advertisement revenue for shopping activity generated by the links. Because the buttons are attached programmatically, they should not be interpreted as editorial endorsements.

Subscribe to the Security Watch Newsletter