When you encrypt a file or a hard drive, is it really secure?

Porcupins asked the Antivirus & Security Software forum if encryption standards like AES really make your data secure.

There's no such thing as perfect security. Someone with sufficient time and money, and a strong enough motive, can crack anything.

So the real question becomes: Is your encryption secure enough. And the answer is: If your encryption software uses a recognized and respected standard such as AES or Blowfish, and you use strong passwords and take other precautions, it almost certainly is.

[Email your tech questions to answer@pcworld.com or post them on the PCW Answer Line forum.]

Given enough time or processing power, any password can be cracked through a brute force attack--where a program throws words and random character strings at an encrypted file until it stumbles upon the right password. But with a sufficiently strong password, the time and processing power required is just not practical.

Click for full image

To get an idea of how quickly a password can be cracked, check out How Secure is My Password? When I tried the word password, the web site told me that a conventional PC could crack it "almost instantly." On the other hand, if I used a random string of eight lowercase letters, my files would be safe for all of 52 seconds. But a string of 18 characters, including digits, punctuation, and upper- and lowercase letters, would remain safe for "3 quintillion years." I think that's sufficient--even assuming the use of hardware more powerful than a single PC.

But back up your strong passwords with other good habits. Always be suspicious about possible scams. Keep your security software up to date. Never share a password with anyone with whom you wouldn't share a credit card account. And if a Web site offers two-step verification, use it.

When you come right down to it, your security system doesn't have to be 100-percent impenetrable. It just needs to be harder to crack that most other, equally-tempting targets.

See Learn to use strong passwords for more on protecting yourself. And read the original forum discussion.

Subscribe to the Security Watch Newsletter

Comments