Hi guys!
I know that this is more of an application/presentation layer question, but I’m sure there’s some experts here that could help me with this.
A mediacal institution in our country is sending patient’s exam reports to them using password protected .rar files and the passwords are then send to them via mobile text messaging. The EU legislation requires full encryption when sending this type of data and in our company we use nextcloud to send end-to-end encrypted password protected links for that purpose with way less sensitive data.
I was always wondering - what’s with this .rar/.zip password protected files?
Are they really encrypted, or do they use quasi .pdf protection, that can be broken with a 20$ bruteforce software? I’ve noticed in recent years that google also acts weird if I try to send a password protected .exe as attachments. In theory it should not allow sending encrypted files (let alone an .exe one), but if I remove the .exe extension and encrypt it using 7zip, the .zip file can be send as an attachment. I can’t seem to send the bare extension stripped file (without password protection). To be honest, I’m not quite sure that google is unable to read those password protected files…
Is there any difference between Winrar or 7zip password protection? I don’t think any of them encrypts filenames…and since those files are usually client’s names, that’s really…well a not so ideal solution. I mean It could work in private setting but in professional like that…
Do any of those password removal software work? Because if they do, that’s borderline malpractice…
If there’s anyone here from IT security that would be so kind to explain this to me, I would really appreciate it?
Maybe an idea for a youtube test video