Is CryptoSuite only as strong as the password you use to encrypt your data?

I am considering the purchase of CryptoSuite, I have trialed it for a few days now and really like the program and how easy it is to use. It also seems to be pretty much the best encryption program that the home user can get. To be honest I don’t have much sensitive data on my computer that really needs to be encrypted but to be safe there are a few things I would like to encrypt and plus having a an encryption program is just cool. But could I trust CS with lets say a text document of important passwords? I am not worried about someone cracking CS’s encryption methods but rather the password I use to encrypt the data. Couldn’t someone with a password cracker figure it out relativity easily? Also two other questions, can CS encrypt pretty much any file type? And has anyone ever had any problems with losing their data that they encrypted with CS due to some error with the decryption processes?

 

Yes, read futher please ..

To be honest, i think it is wise that you ask this, if you are not sure.
For every Encryption/Decryption program it is very important that you
choose a good password or passphrase, if you have ANY doubt about your password,
then it can be unsafe to use ANY program.

Think about selecting a new password that perhaps is not in the dictionary
add some numbers and/or other characters or better create a unlogical line with more words and add a few of typical passwords (more then 8 chars total, not only A-Z but also use numbers or ^?*&$# chars as well)

yes, it can, i have never seen it fail, and even never heard about it,
search this forum if there is any doubt.

You can encrypt any file, and even create it into a self-extracting executable file.

Example: you can create a CS .exe file from a .jpg picture
send it to your friend and tell them that the file can be found
if they type your dogs name.
Then they DON'T even need to have CryptoSuite or any other program
installed to extract it from that archive.

I've tested a lot of encryption/decryption programs the last years,
but for encryption/decryption of a file CryptoSuite is my favorite.

Except of being safe and having a good encryption algoritme,
it is also very user friendly and easy to use, and has a very good support.

 

One method to slow down brute force cracking of passwords, is for the software to create a built in delay in recognising passwords so that while the delay is minimal for one password it will add up and take a lot of time to try multiple passwords.

I've never understood how open source encryption products could include this, because it seems to me the hacker would just rip out that part of the code? But any how cryptosuite isn't open source. Perhaps it has this feature already.

 

CryptoSuite uses multiple methods to delay generations of passwords. Even if you had the source to CryptoSuite and emulated its password generation it would still take considerable time to generate one password. It isn't too noticeable to most users in CryptoSuite when encrypting with only one password.

Brute forcing however would be in the region of 1000 to 10000 times longer than without the protections in place. Remember however, that the doubling of entropy (security) in your password would be much more worthwhile to stop brute forcers, because that adds magnitudes of time depending on the amount of entropy you add. Basically, increasing the security of your password (longer and more random) gives you much more protection than anything else.

 

Thanks for the replies, it sounds like as long as I have a good, strong password I will be all set, like I said I am not trying to protect anything from the government here. I also had a question about CS’s secure delete function. It is up to par with standalone secure delete programs? Because I have also wanted one of them and I find it very useful that CS includes it, but I want to make sure it works well. Has anyone ever used it and then tried to recover the file using decent file recovery software?

 

The reason it doesn't help to have the source code has to do with how it works. One approach is to hash the original key, then encrypt the output of that many times, and take the result of that as the final key. So, the software isn't just adding an "empty" delay; it's performing a series of steps, each of which is necessary to arrive at the correct final key, and each of which introduces a computational delay.

An attacker who tried guessing the original key, then, would have to try many keys, and compute them all through the entire process, in an attempt at getting the correct final key. Since each original key needs to be hashed and encrypted many times, the process becomes much harder.

 

Why was my post removed? It contained a high-level explanation of one approach used to help defend against brute-force attacks. One that is easily found on the internet, I might add. There was nothing in it that could possibly be helpful to someone trying to brute force a password.

 

Apologies, meargh. Still getting use to the new forum software. Post has since been returned otherwise.

 

Ah, I figured. No problem! For awhile there I was thinking, "What did I do wrong?!"

Thanks.