Is it safe to store my passwords in an encrypted .7z/.zip by 7-zip?

Question

Here is what I do:

Type in all kinds of passwords in an excel file (.xlsx)

Zip it with a password by 7-zip

• AES 256

• length > 8

• combination of A-Z a-z 0-9 symbols

• different from any other password

Upload it to Dropbox or so.

Is it safe enough, as I do not want to install any additional software specifically for storing passwords? (I mean, if I insist no additional software, any safer ways?)

Be a little bit more specific:

Scenario 1:

Basically I guess no one will be interested in my passwords. Is it safe enough to prevent some casual attacks (for fun maybe) by hackers?

Scenario 2:

If the government is interested in me, and my computer may be taken, is it safe?

---

SUMMARY

The guy asking this question is paranoid and quite lazy (to install additional software).

AES-256 (the encryption method used by 7-zip) is nice enough to prevent any casual attempts, according to Biglig, Randolf Richardson and MaQleod.

KeePass is recommended by pepoluan in case I am not that lazy. An extended list for password management can be found in a related question on this site: How do you keep track of all your passwords?, in which KeePass is the top voted.

TrueCrypt is recommended for encrytion by Darokthar.

For scenario 2 (the government thing), Rubber-hose cryptanalysis should not be underestimated (contributed by grawity).

The question is still open to better answers. No extra password-/encryption-specific software.

Answer 1

7-zip uses AES-256, which is rated acceptable for TOP SECRET documents by the NSA.

Assuming you use a strong pass-phrase that should be more than enough to persuade the attacker not to bother with trying to crack the file, but to move on immediately to beating it out of you with a wrench.

Answer 2

I'd personally use KeePass.

Not only KeePass has a portable version (that you can run straight off of a UFD), it's a full-featured password database, with an 'auto-type' feature so no one need to see what your password is.

Answer 3

If AES-256 encryption is safe enough, then 7-Zip will do that. It also provides an additional option to encrypt the filenames. If you're encrypting your data, you should probably encrypt the filenames, too.

Answer 4

It depends on your .zip Program if the encryption is secure. I would suggest using Truecrypt instead. You could create a encrypted file and store your excel file in it. For passwords I'd think it is better to have strong passwords and write them down, than using weak passwords. As long as your system is not compromised and you are using a strong password for your Truecrypt file it should be pretty safe. But i would save no online banking data in it.

If your system is compromised by a key logger it might even be better to use stored passwords than hacking them in with the keyboard. But i only would use the Truecrypt file in the dropbox for backup reasons. I don't know if dropbox uses a secure connection, if they don't the password and the file could be sniffed by an attacker. Especially if you are using WiFi HotSpots or a shared network.

Daniel Beck is right, too. You have to consider the attack scenario. If you are working for a company and have secret data it might not be a good solution, but for a normal user it is quite ok. You should change your passwords regularly though. Maybe every month or every two month. Just to be sure.

Answer 5

Safe-enough is relative, but generally speaking, it would not be considered secure at all and would not be advisable.