Community Newsletter: Q&A: Encrypting and password protecting files and folders on my PC
- 9/7/07 10:42 AM
Personal encryption is psychological encryption
by daleisfflchamp - 9/7/07 8:51 AM In reply to: QOTW082407 Bus PassEncrypt 101 by busIt's not that simple, an encryption isn't something to make your data inaccessible by outsiders at all, it is true to say that encryption is NOT a 100% solution. But it should be noted that not all people are skilled enough or have enough determination to break an encryption. Most people are already _discouraged_ at knowing that the target is using a very heavy encryption.
This is the reason for personal encryption, bad guys would look away from you and find a target who doesn't have encryption, bad guy's mindset is [if there are _many_ other targets who doesn't encrypt, why should I waste my time to decrypt your data]. This is why I say the reason to use personal encryption is more psychological.
The reason is different with government and companies, which have secrets they have to keep. Some of their data is very valuable and the reason to encrypt those data is NOT psychological. There ARE real people who would try to spend their time to get that particular information, since nobody but them has that kind of information, and that makes the data valuable enough to be encrypted.
In your model, this would fit like this:
A John Doe (someone who is just nobody) have a puzzle containing his personal information (name, social security number, etc). A bad guy wouldn't stole this puzzle on purpose, knowing its scrambled and he would have to spend some time to complete the puzzle, while he could spend virtually no time getting the same information from the John's neighbor who store that kind of information in plain paper. This is a psychological protection of personal encryption, to discourage potential thieves.
A second Jane Doe, is someone who has stored her restaurant's secret recipe in her puzzle. A bad guy, knowing that she stored a secret recipe would try to do virtually everything to solve the puzzle. A bad guy stole her puzzle on the sole purpose to get that recipe. This is a very real reason to use encryption, her reason of using encryption would NOT be psychological, her reason is not only to discourage people from breaking in, but also to make it impossible for other to break in.
My term would be:
1. John Doe has a personal information. Which is information that mustn't be shared to others, but holds too little value to a bad guy to do an attempt to break it, while he could otherwise spend the time to get 10 other personal information from other people.
2. Jane Doe has a sensitive information. Which is information that mustn't be shared, but holds some value for a bad guy to try to break in.
I, though, have to say that I share a similar view of encryption as controlled data corruption, but it should be noted that controlled data corruption is a reversible process, unlike an uncontrolled data corruption, which is, most of the time, a one-way process. And I have to warn you that public key is the same as no key, there is virtually no benefit for using public key.
Potential winning answers
by Lee Koo (ADMIN) - 8/31/07 3:34 PM
In reply to: Encrypting and password protecting files and folders on my PC by Lee Koo (ADMIN)
Here are the selected submissions grouped in one post. Read through them and place your votes in the newsletter poll.
Answer:
Great file encryption (for free!)
Mudiaga, I have to commend you for what you are trying to do. So may people have sensitive data on their computers, often open to the internet or others with access to the computer, with little or no protection.
There are several programs available, but the ones I have used are TrueCrypt, Kruptos 2, and AxCrypt. They are all free - TrueCrypt is even open-source. You didn't say what OS you have, but XP and Vista also have their own encryption capabilities built in.
I would not suggest using the Windows encryption. It has some flaws and several limitations. The encryption is based on your user profile's name and password. You must export your certificates and private keys in the event that your user profile becomes inaccessible for some reason (ex. corrupted, infected). Without those, you won't be able to decrypt the files. Since the encrypted files are only accessible by your user profile, you can't share them with others in an encrypted form. Also, if you are logged in, your encrypted files are accessible, so don't walk away from your PC without logging out or otherwise preventing access.
Enough of what I don't like. Of the three programs I mentioned, Kruptos 2 and AxCrypt both encrypt on a file by file basis. They both use 128-bit encryption keys. When installed, they are integrated with Explorer's right click menu, so you don't have to start another program. AxCrypt has the ability to decrypt and encrypt on the fly, so if you try to open a file that is encrypted, you will be prompted for the password. With the proper password, the file will open in it's associated program. When you close the file, it will automatically be re-encrypted, so you don't have to remember to take the extra step of re-encryption. Both programs also have good file destruction features; when a file is encrypted, the original file is destroyed, keeping anyone from resurrecting it from the hard drive.
TrueCrypt is much more powerful, but works differently than Kruptos or AxCrypt. TrueCrypt uses 256-bit encryption keys, and gives you the choice of three different encryption methods (or even two or all three at the same time) - take a look at TrueCrypt's web site for lots of good information on the methods. The difference with TrueCrypt is that you need to create a container that is encrypted. The container can be a drive (don't ever encrypt your Windows drive!), partition on a drive, or a file with any name you want to give it. When you mount this container using TrueCrypt, you assign it to an open drive letter. Once mounted, it acts just like a drive - you can move files to and from it, open files on it, etc. This is beneficial if you need to frequently access your encrypted files; you will only need to supply the password once to mount the container, and then you can work with all the files until you dismount the container. You need to remember to dismount the container if you leave your computer, since it is fully accessible when mounted. The difference between TrueCrypt and Windows' encryption is that the Windows encrypted files are always accessible when you are logged in, while TrueCrypt containers don't need to be mounted unless you need them.
Whenever you encrypt a file, you run the risk that if any part of the file is corrupted - just one bit - the file won't be decryptable and yo won't be able to use any recovery software to try to even recover part of the file. It will be gone. Did I hear someone say back up and back up often??? TrueCrypt is very vulnerable this way, because the container can be a single file. Recognizing this, TrueCrypt allows you to export the header information (a 1k file) so in the event the header of the file is corrupted, you can import the header and recover the entire container (or at least the uncorrupted portions of it).
No matter what method you choose, be sure to use a very secure password - long, letters, numbers, special characters, and not common words or names.
Before making a decision, take a look at the manufacturer's web sites - they each have pretty good descriptions of what their programs can (and can't) do. TrueCrypt's is by far the best for info, both for general encryption and the program itself. But no matter what, do something to protect your data!
I have used all of these programs, and am currently using a TrueCrypt container to hold all of my sensitive information. I back it up every night, so have never had any lost data even through a failed hard drive.
http://forums.cnet.com/5208-10149_102-0.html?forumID=7&threadID=261492&messageID=2569904#2569904
Submitted by: microbabydad
***********************************************************************
Answer:
Multiple Facets…
You didn’t mention your operating system, but if you are using Windows XP (Professional and Media Center editions) or Windows Vista (Business or Ultimate), the first option is EFS (Encrypting File System). It is a security feature built-into the OS, enabling you to encrypt files such that only you can access the files by logging into your account. The benefits are that there is no third-party software to purchase/install, no additional passwords to remember, and no need to launch a program just to access or encrypt a particular file. Just right-click the file(s) or folder(s) in question, select Properties, click the Advanced button, and check the box labeled “Encrypt contents to secure data.” The initial application of encryption can take some time, but if you encrypt the entire folder any file saved or copied to there from then on will automatically be encrypted ‘on the fly’ with little to no reduction in performance.
However, EFS is far from perfect. If you are logged into your account, no additional protection is available. (If someone takes over your computer while you’re logged in they have full access, just as you did. Secondly, if Windows becomes corrupt you may lose access to your files, since the encryption is directly tied into the OS. Finally, tools to circumvent EFS are widely available for $100-$200, so anyone could crack your files open if they were willing to pay the price.
The second option is Bitlocker, a new feature of Windows Vista Ultimate edition. It’s much more secure for even Windows cannot boot without the correct passcode, protecting not just your personal files but your OS as well. So far there are no commercial workarounds available and everything is done ‘in the background,’ making it an ideal solution for those who worry about stolen laptops. Like EFS, though, it’s tied into the OS so if it becomes corrupt your files may be lost, and if someone takes control while you’re logged in there’s no stopping the unauthorized user. Plus, unlike EFS, there’s no simple recovery option should you forget your passcode or have the OS go south.
The last option is third-party encryption software; TrueCrypt is one of the most well-respected freeware options while Cryptainer is my personal favorite. They both enable you to drag-and-drop your files into an encrypted ‘folder,’ which can even be hidden from view of all other users, a feature EFS and Bitlocker lack. They’re also completely independent of the OS, so you can copy the encrypted ‘folder’ and take it with you, accessing it on any computer while keeping the contents safe. To top it off, no one can access your files even while you’re logged into Windows unless they also have the passcode for the encrypted container. Considering you’re not limited by your OS (Windows 95 or better will do, and TrueCrypt runs on Linux) or transportation choices (works on flash drives, CDs/DVDs, etc.), it’s a worthy trade-off for the lack of automatic, on-the-fly encryption.
And on a final note, be sure to keep your security software up-to-date. No matter how many layers of encryption and password protection you employ it could all be for nothing if spyware is installed on your computer, designed to log your keystrokes (including passcodes) and/or take pictures of your activities. PCTools' Spyware Doctor, Webroot's SpySweeper, and AVG's Antispyware are the top-ranked options to protect yourself against such, but there are many other options available.
Hope this helps,
John
http://forums.cnet.com/5208-10149_102-0.html?forumID=7&threadID=261492&messageID=2569955#2569955
Submitted by John.Wilkinson
***********************************************************************
Answer:
Encryption
This has become a more common question since ID theft has become more common than Auto Theft...
The BEST option is not to make those files available to the internet connected PC in the first place. Physical security is more secure than encryption in almost every case. My financial files are on a usb flash drive which is in the PC ONLY when using that software. Any file left on the PC while it is on the internet could be copied and hacked at at the leisure of the hacker.
Windows XP and Vista comes with encryption, however I almost never hear of anyone using their encryption.
Encryption comes with a cost beyond software *which can be free* in the performance hit when reading / writing files. However this hit isn't as bad now with the faster drives and processors we are using. Just something to keep in mind, putting a high-performance program (game) on an encrypted or compressed drive can cause suboptimal performance.
For your specific question I'd recommend TrueCrypt, which is an open-source project (check Sourceforge). With Truecrypt you can set up a file on a drive (or even the whole drive) which is encrypted. You then mount that file as if it were a physical drive (with a letter or in a folder redirection), and your software doesn't have to know that the files they are reading/writing are encrypted.
Keys for Truecrypt can be either passwords, file(s) on the machine or a combination of both. For example, you could have a set of files on a USB drive, which MUST be in the PC AND have a password to enter, if you need that level of security.
The filesystem on the hard drive can look like just another binary file.
One Caveat, key management isn't robust enough (IMHO) for serious corporate use with the current version.
Venerable PGP has more options in how you use it, it's possible to encrypt individual files, set up a filesystem like TrueCrypt (using PGPdisk), or integrate with many email packages to deliver secure email. PGP has more robust key handling features for corporate use, for example a master key can be created so a corporation could recover data from a drive should the user's password be lost.
Invisible Secrets is an interesting program which takes a "carrier" file and injects your encrypted data into the carrier in such a way that the "carrier" is not rendered unusable. For example you could place an encrypted document into a JPG file. If you email the JPG file, anyone intercepting the message could see the picture, but someone with the program and the password could extract the embedded information.
Another caveat to this is this: If the hacker has access to your PC, then having one of these programs would be a tip that you're probably encrypting data. In that case, something which can be run directly from removable media without leaving a footprint on the PC would be desirable. I know that TrueCrypt can do this, I'm not certain about PGP.
http://forums.cnet.com/5208-10149_102-0.html?forumID=7&threadID=261492&messageID=2571636#2571636
Submitted by cdwatters
Backup of HDD
by deadkeen - 8/31/07 3:56 AM In reply to: Encrypting and password protecting files and folders on my PC by Lee Koo (ADMIN)
Cloning a hard drive is something I have been doing for years, by using Ghost 2003 - which works off a bootable floppy.
This gives a perfect answer to you as it copies EVERYTHING on your HDD (as it is a full clone of your existing drive at the time you carried out the cloning).
You could then demount your existing HDD from your case, and replace it with the clone, and everything would be as before (except for anything you had added to the HDD in the meantime), if your drive falls over.
If you repeat this cloning once a week, for instance, you are going to lose very little information if you have change to the clone.
However, there is one problem I have come across - this Norton program was written before the introduction of SATA drives - so does not recognise them!
If you wish to either clone an IDE drive to a SATA (which you might have to do once), or a SATA to a SATA, then I do not have the answer yet, but would like to find out - if someone can give me the answer please! I wait with bated breath . . . . . . !
BartPE
by jaminjake - 9/7/07 8:17 PM In reply to: Backup of HDD by deadkeenI use BartPE to find newer SATA drives when booting. BartPE is a free program that allows you create a bootable CD. The bootable CD is a small version of your windows operating system and it allows you to load hard drive and network drivers for your system. It also allows you to load ghost v8, and other HD utilities for viewing, copying, virus and spyware scan, etc. Follow the link below to download the free software.
http://www.nu2.nu/pebuilder/
Free
by mham001 - 8/31/07 6:19 PM In reply to: Encrypting and password protecting files and folders on my PC by Lee Koo (ADMIN)
Truecrypt is open source and free. It includes many of the latest greatest encryptions and is more protection than most will ever need.
Password Protecting Directories
by businessaffairs - 8/31/07 10:35 PM In reply to: Encrypting and password protecting files and folders on my PC by Lee Koo (ADMIN)
Before Windows XP and maybe 2000 which I never used, Microsoft had a wonderful tool built into Windows that allowed putting a password on a directory (folder). It was called, as I remember, "Share Level Access Control." It may not have provided sufficient security to prevent access to the president's nuclear codes, but it was sure as hell good enough to keep a third grader out of your Quicken directory or the directory where you might have accidentally stored adult material -- purely for academic research purposes, of course. It was simple. As you were setting up a share, you had the opportunity to enter a password and, voila, others without the password were blocked. And I could get into it from the family computer if I wanted by simply entering the password. Could they get around it? I don't know but I do know that no-one on my home network ever did. Now, I'm not saying that the would be super security of Windows XP doesn't have its place. But its place is not in a 2 or 3-pc network that does not involve a fortune 500 corporation or the pentagon. I would happily pay to get this functionality back.
This is what Microsoft does. They have a nice feature or interface that people like (or even more so, know how to use) and they screw it up because somebody in Redmond plays Big Brother and decides what we SHOULD like. Why can't they improve functionality but let you work the way you're used to? I don't have Vista yet, but I did get Office 2007. I almost immediately removed it because the interface was so different that I couldn't hit the ground running with it. Accepting, arguendo, that the new interface is better, why not let me select a classic or an earlier interface I want so I can use the damn thing and learn the new stuff when I don't have to get out a 20 page contract that day (in a new file format that you have to override so your colleagues can read it. At least it should be an option you have to select when you run it for the first time. I don't want and I don't need docx to send a friend driving directions to my home. )Why is there no cheat sheet that says "if you did it this way in Word 2003, you do it this way in 2007. WordPerfect, a vastly superior program which I stayed with as long as I could, used to offer you the option of using keyboard layouts (going back to DOS ver 5.1) from their several previous versions so you could feel at home in your new environment and, most importantly, use those familiar keystrokes to do things in half the time it takes with a mouse.
I guess I digressed a bit, but I'd still like to see share level access back. If Windows were open source like Firefox, someone would have written an extension by now.
ture crypt or windows encryption
by webblaster - 8/31/07 10:47 PM In reply to: Encrypting and password protecting files and folders on my PC by Lee Koo (ADMIN)
I can recommend true crypt.. It works fine for ur need..
http://www.truecrypt.org/downloads.php
you can try the window's encryption too.. thats aLso fine method for userlevel encryption in windowsxp systems.
http://support.microsoft.com/kb/308989
http://www.pc4safe.com
Would be problems for orderly archiving...
by mehap - 9/1/07 12:55 AM In reply to: Encrypting and password protecting files and folders on my PC by Lee Koo (ADMIN)
Hello,
I noticed one basic drawback in applications being suggested. Nearly all of them create their own restricted access spaces for storage of files/folders, etc. (By the way, Folder Guard is another good application in this avenue, in my opinion.)
The leading problem I noticed is that this approach of creating application-specific secure storage locations defeats the overall orderly archiving/file-folder tree structuring; i.e., a particular file kept under, example 'my docs' folder shall be moved into the secure vault/drive etc. etc. created by the application used, thus 'nicely' undermining the overall archiving structure that one would like to maintain. [Creating shortcuts for the moved-away items at their proper location might be (??) a cumbersome half-solution (how would the encrypting/decrypting application(s) react to a double-click on the shortcut of an encypted and moved away item???)
PGP Tools (Network Associates PGP Freeware v6.5.8) sitting on the toolbars corner nicely offers encryption / decryption / signing / verifying / file secure wipe / empty space secure wipe options. In addition to public key encryption a further handy option also being offered is the creation of self decrypting archives. It is a pity that later versions of PGP excluded this most handy PGPtray tool!
encrypt on click ?
by markske100 - 9/1/07 2:14 AM In reply to: Encrypting and password protecting files and folders on my PC by Lee Koo (ADMIN)
might want to consider encrypt on click , is quite easy , quite secure , and the best part : free !
What's wrong with MS Word & Excel doc encryption?
by Fred07 - 9/1/07 9:12 AM In reply to: Encrypting and password protecting files and folders on my PC by Lee Koo (ADMIN)
Maybe I am naive but with regard to protecting documents, what's wrong with MS Word & Excel protect Document feature in the Tools menu?
Falling over!
by deadkeen - 9/1/07 9:24 AM In reply to: What's wrong with MS Word & Excel doc encryption? by Fred07This is fine until the HDD itself falls over! A clone is then extremely useful to slot into your PC instead of the broken HDD - you are up and way in less than a few minutes this way. It has happened to me - so I know!
If you download some some software - either deliberately, or by someone unknown, that corrupts your HDD, then just swap it over with a clone!
Highly ineffective...
by John.Wilkinson - 9/1/07 8:27 PM
In reply to: What's wrong with MS Word & Excel doc encryption? by Fred07
The password protection feature only provided minimal protection, and is in fact very easy to circumvent. Software designed to exploit its flaws is readily available, many offering trialware versions that will reveal the first 3-5 characters. Thus, it's merely a deterrent, just like the Windows password and Windows EFS, both of which can be circumvented in a matter of minutes for a one-time $100 fee.
John
encrypting with out a special program...
by 7aji88 - 9/1/07 8:41 PM In reply to: Encrypting and password protecting files and folders on my PC by Lee Koo (ADMIN)
change the file extension, so if it was a word file I would make it a .dll or a .psd or something that falls in different category. Also I would put the file in some weird folder so no body will know what the heck is that!!
I use Winzip!
by thebungywilliams - 9/2/07 6:31 AM In reply to: Encrypting and password protecting files and folders on my PC by Lee Koo (ADMIN)
I use Winzip.
I put the file I want to protect into a winzip file and then apply 256 bit encrytption.
In this way you get compression as well, bearing in mind that image files don't compress well if at all.
Also, at least you know that you'll get some form of longevity & future proofing with Winzip.
Seperation still applies too as you can save it off to any other media and store it away from your PC.
Hope this helps!
Bungy
Is Winzip secure?
by beliche - 9/3/07 4:42 AM In reply to: I use Winzip! by thebungywilliamsI use Winzip also with 256 encryption. Does anyone know how secure this is?
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
