I had to delete the files on my website because the webhost complained that
some of the material is copyrighted in violation of their policy. Can anyone
recommend a good encryption program(other than PGP) that could keep the
powers-that-be from snooping in my files ? This sucks because it's back to
square one ! :mad::mad::mad:

A password protected RAR file, like we do for file hosting sites? Or am I missing the scope of this question?

Maybe there's a program(s) that could create a passworded RAR file, and automatically name it whatever its MD5 hash is, so each file has a unique non-descriptive name? because I'd imagine trying to manual do so for all the files on the FTP would be impossible.

A password protected RAR file, like we do for file hosting sites? Or am I missing the scope of this question?

Perhaps it's the name per se'? While often some programs allow the viewing of content of compressed files and not the extraction (hex editor) your suggestion would work. Maybe he is giving up the goods by the naming convention. But then how does one hunt for what one wants?? The files would be named via algorithmic auto-naming convention and a "content list" is supplied to the user with access (?) Use both of the above suggestions.

WinRAR allows encrypting the filenames too, so even as the contents can't be extracted, the filenames are unknown as well, regardless of hex-editors or whatnot. :)

I'll try WinRAR. I bought it years ago. Maybe that's how people get away
with their files on RapidShare and MegaUpload. The file passwords won't be
kept on the website of course but on the FTP. It still pisses me off because
the time lost uploading all these files.

I discussed the finer points of stealthing files from the copywrong police in another thread some time ago... where that is I don't know, but here is the prevailing theory. It's only theory because we don't actually know what methods they use, but these techniques work in practice.

All "they" have to do is use an automated search query with a database of search terms that are derived from a clients works. The client supplies a list of his works, and the firm, usually a subcontractor to a law firm just scours the net for those terms.

Naturally the easiest way to defeat such search is to randomly assign an alphanumeric name to a file. Also, because they can peer into and read the contents of a compressed archive, you need to password protect the rar file such that you are prompted to enter the password before the contents are shown. Do not use the type of password protection where the contents of the archive are visible, but have an asterisk next to them indicating the are password protected. It is somewhat discouraging to people to have files with random names, so the archived file should still be properly named to identify it.

You can rar individual files in batch, and give them all the same password. You could use a batch renaming program that stores a list of old and new filenames, then use excel to keep a column of original names and a column of random names that can be exported to a list (comma or other delimited list) that an advanced renamer can use to rename the files.

I have a program called "Advanced Find and Replace" that can do just such a thing. You can use winrar to make a compressed archive of each file separately, but each archive will named after the original file. You could do 10 files or 10,000 files at once, the computer does all the work. Next you export a text list of filenames from your windows directory (I forget the command prompt sequence at the moment, but it's easy) and paste the list into excel. You generate a string of random text, or just start at 0001.rar and work down, with an excel formula in an adjacent cell for each filename, save the excel file for your records, and also export the file as a CSV list. You load the CSV list into Advanced Find and Replace, and let it rename all your files. The CSV list tells AFR to look for all your filenames at once, and replace each occurrence with the new name.

If you have from a few dozen to thousands of files this system is a good way to go. If you only have a few files, it will be quicker to name them manually. If you do have a lot of files, the excel list helps keep track of which book belongs to which name (which original name goes to which stealth name).

There might be software that does all of this in one step, but I don't know of any.

If your files are well known, and "they" know where to look for them, they can also detect your files by reading the CRC. Renaming a file does not change this value. You can defeat this by adding a small textfile of randomly generated size to the archive, this changes both the CRC and the filesize. I don't know offhand how you would add a text file to many thousands of rar files automatically, but I am sure some tool is out there that can.

All of these steps are completely moot if "they" monitor the website you post the files on since they can get the password and open the file for themselves. Since this is a time consuming manual process, you would really have to piss off a publisher to get that level of scrutiny.

Find another host, preferably not in the USA. Any half decent host will not go snooping and will only act if someone files a complaint (even better euro hosts ignore DMCA notices).

For the website, I've found the encryption I want and it doesn't require the
end user to have that particular software installed. It has some quirks
setting up but I've gotten through them. The file names will not be obvious.
An alphabetically ordered list, followed by a number and key. This file will NOT
be stored on the website. It will be available only to those already on the
FTP. WinRAR has been ruled because there's a lot of little applications
floating around on the net that can crack the file password. Nothing is
guaranteed of course but I'll certainly take a shot at it.

Most if not all of the WinRAR crackers use brute force techniques, they are useless if you use a decent password.

These crackers use bruteforce and/or dictionary based methods. From what
I've been finding on the net, the best passwords are at least 8 characters
and not some word found in the dictionary. Most of the user reviews say
these programs suck.

What's your definition of a good password ? Some other encryption methods
play hell with geeks/computers at NSA from what I understand.

Advanced RAR Password Recovery can be used to recover lost or forgotten passwords for a RAR/WinRar archives. Unfortunately, there is no known method to extract the password from the compressed file instantly; so the only available methods are brute-force and dictionary-based attacks.

Please take in mind, however, that RAR encryption is VERY strong, and even on very fast CPUs it is possible to test not more than a few thousand passwords per second. So brute-force attack is effective for short passwords only (up to 5 or 6 characters), and if the password is longer and dictionary attack didn't help -- you're out of luck.


WinRAR uses AES128 encryption, which is more than adequate.

12 letters, upper and lower case, with a number and an extended character (ALT+####) would defeat any dictionary attack, and make brute-force unfeasible to anything other than a massive bot-net. :p

Or, what if the pre-compressed file hash was used as the compressed file password? That would be more than adequate, since every file would have a different password, and only the person in possession would know the uncompressed file hash.

As Man Down Under says using a mix of alphanumeric characters and one or two extended characters like $%&/()=? is more than enough. I don't see the need to use alt+xxx chars.

I don't like the idea of using hashes to encrypt the files, because hashes were created to obtain a short number that represents a much bigger entity.
Being a number, it will be a decimal or hexadecimal number, that will seriously limit the amount of posible chars available strongly compromissing the password strength.

Using characters which you cannot find on your keyboard is not a good idea IMO. If you need enhanced security, just add one ore more letters to your password as this will increase security more than adding characters to your character set. After all, the security a password gives you depends on the number of possible passwords which is number of different characters in char setnumber of letters in password. When you're allowed to add something to one of those two numbers, the result of the expression will rise faster if you enlarge the number of letters in your password, so this is the way to go.

As for using file hashes for your passwords: Like APX said, this will only give you passwords using a very limited char set, making them much less secure than they could be. Using the same amount of characters per password, probably 16, you can have passwords a lot safer, e.g. by using a little program which outputs pseudo random data which you can use as passwords.