Question about hacking and security

S

sram

[H]ard|Gawd
Joined
Jul 30, 2007
Messages
1,699
Hi, I'm just wondering about a thing. When you get hacked into, the hacker can get a copy of your files, pics...etc, right? Say that one file that has some sensitive information, was compressed into a rar file and a password was set for it. Now that will add one more layer of protection and it will be harder for the hacker to see the contents of the file.......am I right till here?

Now, the question is : if the rar file is opened and its contents are loaded into RAM, will that make it any easier to get its contents? Maybe he will be able to see it, but in order to save it permanently into his PC, he will still need the rar password.....right?

Am I making myself clear?

To summarize, does having the data in the temp storage(RAM) make it easier for hackers to get the files?

Many thanks.
 
I would say no on the ram question, however, there are many programs already out there for breaking the password on things like rar and zip files.

If you have some sensitive files, you need to encrypt the whole file/set of files with a passphrase(not just a word) using something like PGP.
 
For pictures and other documents (especially) having a copy in RAM wouldn't really be the main concern - it's a big PITA to pull anything of real value from RAM on a running PC. The bigger concern would be temporary copies (when the file is decompressed) and/or hidden/autosave files that aren't securely deleted and can be easily restored.
 
Crax said:
I would say no on the ram question, however, there are many programs already out there for breaking the password on things like rar and zip files.

If you have some sensitive files, you need to encrypt the whole file/set of files with a passphrase(not just a word) using something like PGP.
Click to expand...

I know about these password breaking programs, which use dictionary attack or brute-force attack. If the password is long and complex enough and it has a mixture of letters and symbols, it is next to impossible to break. (unless you a 1 THz cpu that is ^_^)
 
Innocence said:
For pictures and other documents (especially) having a copy in RAM wouldn't really be the main concern - it's a big PITA to pull anything of real value from RAM on a running PC. The bigger concern would be temporary copies (when the file is decompressed) and/or hidden/autosave files that aren't securely deleted and can be easily restored.
Click to expand...

Now, if you double click on a password-protected rar/zip file, it will just open. If you click on the contents, it will ask you for the password and open the contents(word file for example). No actual extraction is done while doing this.

So, when that is done, does a temp copy get saved somewhere???


Thanks.
 
depends on the program, but yeah it's possible a temp file does get created. I would hope that these programs cleanup after themselves, but another concern is that this temp file that has been deleted is rather fresh on the hard drive and could potentially be recovered.
 
It will create a temp file but it'd be an empty file until the program extracts the contents. In short, if the password doesn't match then that files contents won't be stored temporarily.
 
sram said:
Now, the question is : if the rar file is opened and its contents are loaded into RAM, will that make it any easier to get its contents? Maybe he will be able to see it, but in order to save it permanently into his PC, he will still need the rar password.....right?

Am I making myself clear?

To summarize, does having the data in the temp storage(RAM) make it easier for hackers to get the files?
Click to expand...

Having files in RAM vs. disk makes no difference as far as trying to break into a file he copied from your PC. The data is exactly the same on disk as it is in RAM. RAM is simply where the CPU can actually process things, while disk is just for storage. Everything your PC does with data, it does in RAM (even if it reads something from disk, processes it, and writes it back to disk immediately - it does the processing in RAM). Think of disk as your filing cabinet while RAM is your physical desktop. If you have an encoded paper, it doesn't make any difference whether it's in the filing cabinet or on your desk - it's the exact same paper either place.

If the hacker was actually in the process of trying to copy data from your PC, it would be a different situation. If you have the file encrypted on disk, but you have the file open to work on it, then you'd have an unencrypted copy of the data in RAM. If he were to copy the file saved on disk, he'd then need to break then encryption. But if he could find the chunk of RAM where the in-process data is being worked on, then he could just make a copy of that unencrypted data. Going back to the physical desk analogy, this would be like decoding that paper to work on it and leaving a copy of it sitting on your desk. If he could get that copy, then he wouldn't have to decode the paper, he'd just be grabbing it while you had it in decoded form.

It depends on the specific program as to how data is handled in memory. Good programs will keep as little unencrypted data in memory as possible, but poor ones could be much worse about it. This would be the equivalent of only decoding a single line of your paper at a time, putting the decoded parts of the paper on a bunch of random sticky notes all over your desk instead of one start-to-finish piece of paper, etc.


sram said:
Now, if you double click on a password-protected rar/zip file, it will just open. If you click on the contents, it will ask you for the password and open the contents(word file for example). No actual extraction is done while doing this.

So, when that is done, does a temp copy get saved somewhere???
Click to expand...

The details of the archive's contents (filename, size, etc.) aren't encrypted, but the actual data is. You can see the filenames and such without having to decrypt the file (what you see when open the archive), but you can't actually get to the data without the password. Think of it like a book where you can read the table of contents, but the actual pages of the book are encrypted and can't be seen without decrypting them.

Sometimes there are advanced options to encrypt the file details too, but it may have downsides as well. More processing time, harder to recover from file corruption, those sorts of things...
 
InvisiBill said:
Having files in RAM vs. disk makes no difference as far as trying to break into a file he copied from your PC. The data is exactly the same on disk as it is in RAM. RAM is simply where the CPU can actually process things, while disk is just for storage. Everything your PC does with data, it does in RAM (even if it reads something from disk, processes it, and writes it back to disk immediately - it does the processing in RAM). Think of disk as your filing cabinet while RAM is your physical desktop. If you have an encoded paper, it doesn't make any difference whether it's in the filing cabinet or on your desk - it's the exact same paper either place.

This is just basic IT knowledge

If the hacker was actually in the process of trying to copy data from your PC, it would be a different situation. If you have the file encrypted on disk, but you have the file open to work on it, then you'd have an unencrypted copy of the data in RAM. If he were to copy the file saved on disk, he'd then need to break then encryption. But if he could find the chunk of RAM where the in-process data is being worked on, then he could just make a copy of that unencrypted data. Going back to the physical desk analogy, this would be like decoding that paper to work on it and leaving a copy of it sitting on your desk. If he could get that copy, then he wouldn't have to decode the paper, he'd just be grabbing it while you had it in decoded form.

It depends on the specific program as to how data is handled in memory. Good programs will keep as little unencrypted data in memory as possible, but poor ones could be much worse about it. This would be the equivalent of only decoding a single line of your paper at a time, putting the decoded parts of the paper on a bunch of random sticky notes all over your desk instead of one start-to-finish piece of paper, etc.




The details of the archive's contents (filename, size, etc.) aren't encrypted, but the actual data is. You can see the filenames and such without having to decrypt the file (what you see when open the archive), but you can't actually get to the data without the password. Think of it like a book where you can read the table of contents, but the actual pages of the book are encrypted and can't be seen without decrypting them.

Sometimes there are advanced options to encrypt the file details too, but it may have downsides as well. More processing time, harder to recover from file corruption, those sorts of things...

However, this is what I wanted to know!! So, thank you very much.
Click to expand...

Thanks
 
If you're really worried about your data, don't store it on a computer connected to the internet. Keeping things offline is the easiest way to keep them secure.
 
You must log in or register to reply here.
Back
Top