How secure Is downloading encrypted WinRar files?

Discussion in 'privacy technology' started by arran, Dec 16, 2009.

Thread Status:
Not open for further replies.
  1. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    if you were to download a file which is encrypted with the common WinRar program can the content of the file be revealed through transit with deep packet inspection? Reason why I ask this is because in transit the file is broken down into smaller pieces or I guess another name would be Packets, is every individual piece of the file encrypted?
     
  2. simo1337

    simo1337 Registered Member

    Joined:
    Oct 30, 2009
    Posts:
    17
    If, let's say, a piece of malware is encrypted inside a WinRar archive or any other encryption software:

    The AV will not detect anything, neither during nor after the download.
    But once you open the archive with the correct pwd (hence decrypting it's content) the AV scans the decrypted files on the fly and will spot the malware right away.

    So, it is safe to download encrypted files no matter what is inside.
     
  3. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    With some encrypted archives (ZIP), the filenames can be visible but not the contents of the files. This may be the case with RAR also. Would file name exposure be an issue for you?
     
  4. simo1337

    simo1337 Registered Member

    Joined:
    Oct 30, 2009
    Posts:
    17
    You can choose to "encrypt filesnames too" before the encryption process.
     
  5. snowdrift

    snowdrift Registered Member

    Joined:
    Sep 7, 2007
    Posts:
    394
    I'd recommend 7-Zip over WinRAR; it's free. ;-)

    You can open RAR files with 7-Zip, you just cannot make them.

    7-Zip supports AES-256.
     
  6. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    Bump.

    well of course AV's won't detect anything, it doesn't operate with deep packet inspection.

    I was more along the lines of if say for example some one at an ISP was performing deep packet inspection on your traffic. Now to encrypt a say 1 gig
    winrar file it only takes like 2 seconds. This indicates to me that the only protection it provides is that you cannot open the file without the password. however when you are downloading the winrar file it is broken down into smaller separate pieces ie packets during the downloading process. Therefore
    some one at an ISP who is performing Deep Packet Inspection would be able to see the actual contents of the file.

    Does any one get what I am trying to say here?
     
  7. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    DPI from an ISP cannot read truly encrypted packets - in any way. They may be in bits and pieces as they are downloaded, but they are still like pieces of a scrambled puzzle that can only be put back together with the decryption key.
     
  8. box750

    box750 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    259
    I second that, the only way for your ISP to read those files is by decrypting them first, deep packet inspection does not decrypt anything. It does not matter if the files are split into pieces or not, it is still encrypted data with a different file size.

    At the same time your antivirus will not be able to detect any virus until you have decrypted the file.

    My only concern would be the .rar file name, your ISP will log the file name and location of download, as well as size (e.g. 20MB).

    For example URL rapidshare.com/buildanuke.rar would be logged, the encrypted content does not have to necessarily be buildanuke, but it would not look too good on you.
     
Loading...
Thread Status:
Not open for further replies.