none
Generate a hidden password

    Question

  • Hi,

    I need to create a script that creates a zip file and creates a password on the zip file.  Because each zip file needs a different password I need a reliable way to create the password but a way to know what the password will be.

    I was thinking that maybe I could do it with a date stamp which is then hashed.

    Is there any standard for doing this?, I could easily do this with a variable and some maths functions but need to know its secure.

    regards

    james


    Alter De Ruine

    Tuesday, January 07, 2014 8:05 PM

Answers

  • Any password is as secure as the next one, and zip files are not that secure to begin with. Just have the script generate a random password for each file in whatever way is most convenient to you. Unless you actually encrypt the zip file using something like AES, anyone who is interested in teh zip file contents can use a couple of zip file crackers and read whatever you store in that zip file.

    This is correct. If you want something actually secure, either use 7z files with the AES encryption (which is probably more difficult with powershell since it doesn't seem to have a NET library) or use built in crypto.

    As to the latter, you could zip the files, read the filestream, Base64 encode it (not sure if this is required), then use the built in Rijndael assemblies to encrypt it.  A packaged function for the encryption is at http://gallery.technet.microsoft.com/scriptcenter/PowerShell-Script-410ef9df


    Wednesday, January 15, 2014 6:16 AM

All replies

  • I don't know of any standards in this area.

    You say you need to know that the zip files are secure, but you don't say how secure they need to be. In my experience, passworded zip files are not encrypted, and thus the contents are easily accessible. For example, it seems to me that I once opened a passworded zip file using Knoppix, a linux-base operating system.

    If you need to transmit these things by email, a more secure method would be to use some public key encryption system.


    Al Dunbar -- remember to 'mark or propose as answer' or 'vote as helpful' as appropriate.

    Tuesday, January 07, 2014 8:57 PM
  • Hi Al,

    Thanks for the feedback,  machines where the script is running don't have internet access so a PKI is not in the question.

    James


    Alter De Ruine

    Tuesday, January 07, 2014 9:21 PM
  • Hi,

    I hope the below link could be helpful for you:

    PowerShell function to create a password protected zip file

    http://blog.danskingdom.com/powershell-function-to-create-a-password-protected-zip-file/

    Regards,

    Yan Li


    Regards, Yan Li

    Thursday, January 09, 2014 6:15 AM
  • There is no standard for doing things like this. It all depends on what is secure enough for you. First of all, a zip file is not secure. There are tons of zip file password crackers out there. Second, a hash of a datestamp is not that secure either if you always reuse the same seeding value. And if you don't reuse the seeding value, then hashing is not giving you anything that choosing a random password doesn't give you.

    Any password is as secure as the next one, and zip files are not that secure to begin with. Just have the script generate a random password for each file in whatever way is most convenient to you. Unless you actually encrypt the zip file using something like AES, anyone who is interested in teh zip file contents can use a couple of zip file crackers and read whatever you store in that zip file.

    Thursday, January 09, 2014 6:55 AM
  • Hi,

    Just checking in to see if the suggestions were helpful. Please let us know if you would like further assistance.

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Regards, Yan Li

    Wednesday, January 15, 2014 2:56 AM
  • Any password is as secure as the next one, and zip files are not that secure to begin with. Just have the script generate a random password for each file in whatever way is most convenient to you. Unless you actually encrypt the zip file using something like AES, anyone who is interested in teh zip file contents can use a couple of zip file crackers and read whatever you store in that zip file.

    This is correct. If you want something actually secure, either use 7z files with the AES encryption (which is probably more difficult with powershell since it doesn't seem to have a NET library) or use built in crypto.

    As to the latter, you could zip the files, read the filestream, Base64 encode it (not sure if this is required), then use the built in Rijndael assemblies to encrypt it.  A packaged function for the encryption is at http://gallery.technet.microsoft.com/scriptcenter/PowerShell-Script-410ef9df


    Wednesday, January 15, 2014 6:16 AM
  • Thanks for this, encryprio is definitely something I think needs doing also.  In the end I opted for read-host to create the password variable, where the password was agreed verbally.  This way it's secure as far as the people who create the zip files.  for my purpose this is enough as the contents of the zips is not sesnsitive.

    thanks


    Alter De Ruine

    Friday, January 17, 2014 7:06 PM