Weak feature in Encryption software is Password

[Lilija]

I am not much familiar with the Encryption software but I know much about them and how to use them, how they work etc. But now I am having little doubt about this encryption software. Are they providing real security for our data? What would be the genuine protestation of encryption software, moreover at 256 bit or further, if the password to open the software is an ordinary password? As far as I am using password of 17 or 22 complex random characters, but it will be constantly greatly dissimilar from the 256 bit encrypted files within the software, the password will be the feeble part of the software. What do you say about this? Any suggestion will be accepted.

[Alondra]

This is not the only weakness, other than this there are many weakness and drawbacks in Encryption software along with some of the useful advantages. The password feature is an also a good thing and bad thing. For example, if encryption software uses password for:

• As an input to obtain the encryption key.
• As an input to decrypt an encrypted key saved locally.
• As a key to login or enter.
• As an input to confirm that the stocked up encryption key can be encumbered from the storage space

[Mrigankasekhar]

Numerous tribulations relay to a reduced key entropy/exploit of randomization. For instance, you can enclose a 256-bits key created exclusively from a low-entropy input. As from technical view I can say that, you at rest encompass your 256-bits key selection but only little bits may essentially twist to 0's or 1's, which formulates an attacker's effort much easier. In termination, you preserve merely guess that the master password turns into the weak point of password managing software formerly the software itself is measured as "protected". Password management software might be measured as secure once its cryptographic protection factually entails cracking your password and not anything else.

[Muwafaq]

My conclusion is the security of an encryption technique is not associated to the password. It is interrelated to whether or not you know how to break the encryption devoid of significant password. It is about the ability to decrypt the encryption without using any key or password. It is about knowing the encryption algorithm and makes a hole in it. Usually the password strength has been measured by the entropy. Instead of the amount of deductions desired to uncover the password with confidence, the base-2 logarithm of that number is specified, which is the quantity of "entropy bits" in a password. A password in the midst of 42 bits of potency would necessitate 4398046511104 attempts to tire out all potential through a brute force search.

[CRiley]

I think you must use random password other than regular one. Characteristically, if you require 256-bits of entropy from a password completed of a casing perceptive and alphanumeric character group, your password must at slightest be 43-digits lengthy. Random passwords pack of a series of symbols of precise extent in use from various collections of symbols via a indiscriminate assortment procedure in which everyone sign or symbol is evenly expected to be elected. The symbols may be single and lone characters on or after a character set (ASCII character set), syllables premeditated to form pronounceable keys, or even terms from an expression listing (passphrase).

[Laramie]

The security is not about the software or key or password. It is about the type of encryption algorithm used in that software which specifically requires an accurate key to decrypt. We can see that most of the newest virus encrypted with some type of key and due to this they cannot located or detected easily. Passwords can be easily broken by using any fast computer or some brute force attack. The encryption should be in the form so that even a super computer requires several days to decrypt it without key.