2

So I was looking at ways to lock file folders with a password in windows, and this type of security is not really supported.

Given I know C++ I was wondering if I could simply do this myself.

It would be simple enough, in the case of a text file, to copy the entire contents of the file into a C-string. I could then use basic logic to prompt for a password, if it matches, use an fstream overload and insert the whole string into a text file.

Then, simply wipe the file when I'm done using it.

I basically know how to do this, and the result would be a string containing the document compiled into a .exe which I assume would be unreadable. The thing is, I've never really studied encryption or computer security so I'm wondering how secure this would be, or if there is a better way to do this?

Could it be done on photo or video files as well, if so, how?

How hard would it be to reverse (decompile) the process?

What types of things could I do to make reversal more difficult, ie. using multiple strings, or mixing in random characters?

I'm not looking to hide super-sensitive files, I'm just curious about encryption basics.

bigcodeszzer
  • 916
  • 1
  • 8
  • 27
  • 1
    In Windows it is literally as easy as right-clicking the file, choose Properties, General, Advanced and click Encrypt. Then press OK. – Zan Lynx Dec 18 '15 at 07:12
  • for photo and video the encryption process is called steagnography and it is hard ... – Ankur Jyoti Phukan Dec 18 '15 at 07:15
  • @ZanLynx The option is blocked on my version of windows8, I tried to fix that in the registry and it didn't do anything. It just isn't supported. – bigcodeszzer Dec 18 '15 at 07:19
  • @AnkurJyotiPhukan based on what Giorgi was saying, it seems feasible that someone could take a video file, open it in binary, and scramble the 1's and 0's, then do exactly what I was describing to produce that file output in the correct order if the password matches. I think you could then just change the extension back to video? No clue honestly if that would work though. – bigcodeszzer Dec 18 '15 at 07:21
  • @bigcodeszzer: Yes you could do that search for file encryption – Giorgi Moniava Dec 18 '15 at 07:23
  • @bigcodeszzer ohh off topic steagnography is to hide something into media files .... sorry ..... but why you want to encrypt your data ... – Ankur Jyoti Phukan Dec 18 '15 at 07:24
  • @bigcodeszzer if people dont know the encryption process then it is difficult for them to get the data .. it is similar to if you have the key but don't know where is lock ... :P – Ankur Jyoti Phukan Dec 18 '15 at 07:31
  • Well nothing is unbreakable but I'm just saying: To decrypt an .exe you have to be able to read/write assembler and decompile code. Not a lot of people know how to do that. Then you have to actually crack the encryption algorithm IN assembler. It's not worth it for anybody who would be looking at my files. – bigcodeszzer Dec 18 '15 at 07:34
  • 1
    @bigcodeszzer be aware that knowing what kind of filetype you have encrypted may help in decrypting the file. E.g. a bitmap always starts with a similar header, so knowing the first few bytes may really help an attacker. As the answer says: if you need proper encryption, _do not_ write it yourself. If you are just playing / learning / practising, by all means, have a go! I think it would really help if more programmers knew about at least the basics of such things. – CompuChip Dec 18 '15 at 08:25
  • @CompuChip Well my theoretical goal is to just make it so hard to decrypt that only wizards could do it, and it would be a long, painstaking process. Lets face it, there are no 'wizards' out there that are going to take on that task without a damn good reason, or a lot of money haha. – bigcodeszzer Dec 18 '15 at 21:40
  • @CompuChip Whereas, with existing software and libraries, although it will be a stronger encryption, because it is probably more well known, it may be easier to decrypt. There could be decrypting software or algorithms that work for it. My cut-and-paste messy encryption may very well be more 'ugly' to break. Which is the point. – bigcodeszzer Dec 18 '15 at 21:42
  • 1
    @bigcodeszzer security through obfuscation is a very bad idea in general. Publicly available software and libraries are regularly tested by both 'good guys' and 'bad guys' and patched as needed. Ideally the software is open-source so that anyone can find and fix vulnerabilities. Again, if you want to learn about encryption, please read all you can and give it a go -- if you want to _use_ encryption, go for a standard solution because you _will_ get it wrong. – CompuChip Dec 19 '15 at 10:37

1 Answers1

3

Never implement crypto yourself - it is destined to fail. Use well reviewed libraries such as OpenSSL. A good example of using AES for file encryption: Encrypting and decrypting a small file using openssl

Using such simple approach will let you encrypt any file. And it will be secure. Why settle for weak encryption if you can have strong encryption?

If you don't want to write a program, just get, for example, OpenSSL and use the terminal: openssl des3 -salt -in file.txt -out file.des3

Leśny Rumcajs
  • 2,259
  • 2
  • 17
  • 33