Whats the point in having software's like Veracrypt, which end of the day needs password to decrypt?

  • There are encryption softwares like Veracrypt which encrypt data and the only way to open encrypted file is via password, but a simple compressing softwares like RAR also provide password protection.

    Now the problem with password is that: it can broken using brute force attack.

    So my question is, what makes Veracrypt any different from RAR softwares in case of such attacks, what's point in encryption?

    Please do a little research on the difference between disk/drive encryption and encrypting a compressed file, then amend your question with what you're actually asking.

    Im not talking about encrypting compressed file. Im asking whats the point in encrypting a file when all a hacker needs is password to decrypt. Why should a user spend time encrypting a file, when RAR compression offers same protection.

    Scenario: a malicious person gains access to your computer, attempts to install a virus/keylogger/malware - using winrar, they succeed in doing so - using veracrypt, they can't without deleting any sensitive info you have saved and alerting you to the alteration

    Have you ever booted from a rar archive?

    Have you ever booted from a rar archive? Im not saying that RAR and VERACRYPT are same, but my question was regarding advantages of Encryption.

    If you don't have a password, how would you expect to access the files inside?

    The question title is misleading; the actual queztion is what the difference is between encrypted archives and full disk encryption.

    Why do you ask: "But all a hacker needs is Password" ? Why do you feel that a good password/phrase is so vulnerable? Passwords and passphrases have formed the basis for many of the strongest ciphers used over the past century. I admit, they are not perfect; however, please do not confuse simple encryption methods using weak passwords (e.g. RAR) with our sophisticated current ciphers with strong passwords.

  • schroeder

    schroeder Correct answer

    6 years ago

    VeraCrypt doesn't have to use passwords, they can use smartcards, too. If you read VeraCrypt's documentation, you can see so many differences from a simple encrypted archive.

    If your question is simply, "I don't see why encryption is a protection if all you need is a password to decrypt", then we can talk about that. Yes, passwords can be brute-forced, which is why VeraCrypt offers things like hidden volumes. In any case, the protection of the password becomes very important.

    Hidden volumes don't protect against brute-force. It's just a legal trick of unclear effectiveness.

    It protects against brute-force if you can't find it. Rar files are evident.

    Hidden volumes are not hidden in the sense of "can't find it", they're only hidden in the sense of "can't prove it exists". Assuming Veracrypt works like TrueCrypt in that regard, each volume has two slots one for the normal volume and one for the hidden volume. Since some users only use one volume and some both, you can't know if a particular volume contains a hidden volume. It's hoped that this prevents countries like the UK from forcing you to reveal that password when you claim "I don't use a hidden volume".

    Perhaps I'm missing something. I know all that you have told me. The hidden volume does not announce itself in any way. To access it, you need to use the password of the outer volume, then mount the hidden volume. The fact that you have to bruteforce the outer first, then guess that there is a second is in itself a protection, if only by obscurity. An overt file is a target, a hidden file is a guess.

    I would like to say Schroeder answer showed a difference between Encryption and RAR Password protection. I thank rest of the users for answering my question.

    @schroeder you don't need access to the regular volume to access the hidden volume, all you need is the passphrase to the hidden volume. They are independent volumes that happen to co-exist side-by-side - NOT a volume layered inside another volume. A hidden volume provides no additional protection against brute-forcing - to brute-force it, simply tell your brute-forcing tool to work on the hidden volume - which is at the end of the drive - instead of the main volume which is at the start. Hidden volumes only let you reveal a "fake" main volume to someone without proof there's a hidden one.

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM