Here are the selected submissions grouped in one post. Read through them and place your votes in the newsletter poll.
Great file encryption (for free!)
Mudiaga, I have to commend you for what you are trying to do. So may people have sensitive data on their computers, often open to the internet or others with access to the computer, with little or no protection.
There are several programs available, but the ones I have used are TrueCrypt, Kruptos 2, and AxCrypt. They are all free - TrueCrypt is even open-source. You didn't say what OS you have, but XP and Vista also have their own encryption capabilities built in.
I would not suggest using the Windows encryption. It has some flaws and several limitations. The encryption is based on your user profile's name and password. You must export your certificates and private keys in the event that your user profile becomes inaccessible for some reason (ex. corrupted, infected). Without those, you won't be able to decrypt the files. Since the encrypted files are only accessible by your user profile, you can't share them with others in an encrypted form. Also, if you are logged in, your encrypted files are accessible, so don't walk away from your PC without logging out or otherwise preventing access.
Enough of what I don't like. Of the three programs I mentioned, Kruptos 2 and AxCrypt both encrypt on a file by file basis. They both use 128-bit encryption keys. When installed, they are integrated with Explorer's right click menu, so you don't have to start another program. AxCrypt has the ability to decrypt and encrypt on the fly, so if you try to open a file that is encrypted, you will be prompted for the password. With the proper password, the file will open in it's associated program. When you close the file, it will automatically be re-encrypted, so you don't have to remember to take the extra step of re-encryption. Both programs also have good file destruction features; when a file is encrypted, the original file is destroyed, keeping anyone from resurrecting it from the hard drive.
TrueCrypt is much more powerful, but works differently than Kruptos or AxCrypt. TrueCrypt uses 256-bit encryption keys, and gives you the choice of three different encryption methods (or even two or all three at the same time) - take a look at TrueCrypt's web site for lots of good information on the methods. The difference with TrueCrypt is that you need to create a container that is encrypted. The container can be a drive (don't ever encrypt your Windows drive!), partition on a drive, or a file with any name you want to give it. When you mount this container using TrueCrypt, you assign it to an open drive letter. Once mounted, it acts just like a drive - you can move files to and from it, open files on it, etc. This is beneficial if you need to frequently access your encrypted files; you will only need to supply the password once to mount the container, and then you can work with all the files until you dismount the container. You need to remember to dismount the container if you leave your computer, since it is fully accessible when mounted. The difference between TrueCrypt and Windows' encryption is that the Windows encrypted files are always accessible when you are logged in, while TrueCrypt containers don't need to be mounted unless you need them.
Whenever you encrypt a file, you run the risk that if any part of the file is corrupted - just one bit - the file won't be decryptable and yo won't be able to use any recovery software to try to even recover part of the file. It will be gone. Did I hear someone say back up and back up often??? TrueCrypt is very vulnerable this way, because the container can be a single file. Recognizing this, TrueCrypt allows you to export the header information (a 1k file) so in the event the header of the file is corrupted, you can import the header and recover the entire container (or at least the uncorrupted portions of it).
No matter what method you choose, be sure to use a very secure password - long, letters, numbers, special characters, and not common words or names.
Before making a decision, take a look at the manufacturer's web sites - they each have pretty good descriptions of what their programs can (and can't) do. TrueCrypt's is by far the best for info, both for general encryption and the program itself. But no matter what, do something to protect your data!
I have used all of these programs, and am currently using a TrueCrypt container to hold all of my sensitive information. I back it up every night, so have never had any lost data even through a failed hard drive.
Submitted by: microbabydad
You didnt mention your operating system, but if you are using Windows XP (Professional and Media Center editions) or Windows Vista (Business or Ultimate), the first option is EFS (Encrypting File System). It is a security feature built-into the OS, enabling you to encrypt files such that only you can access the files by logging into your account. The benefits are that there is no third-party software to purchase/install, no additional passwords to remember, and no need to launch a program just to access or encrypt a particular file. Just right-click the file(s) or folder(s) in question, select Properties, click the Advanced button, and check the box labeled Encrypt contents to secure data. The initial application of encryption can take some time, but if you encrypt the entire folder any file saved or copied to there from then on will automatically be encrypted on the fly with little to no reduction in performance.
However, EFS is far from perfect. If you are logged into your account, no additional protection is available. (If someone takes over your computer while youre logged in they have full access, just as you did. Secondly, if Windows becomes corrupt you may lose access to your files, since the encryption is directly tied into the OS. Finally, tools to circumvent EFS are widely available for $100-$200, so anyone could crack your files open if they were willing to pay the price.
The second option is Bitlocker, a new feature of Windows Vista Ultimate edition. Its much more secure for even Windows cannot boot without the correct passcode, protecting not just your personal files but your OS as well. So far there are no commercial workarounds available and everything is done in the background, making it an ideal solution for those who worry about stolen laptops. Like EFS, though, its tied into the OS so if it becomes corrupt your files may be lost, and if someone takes control while youre logged in theres no stopping the unauthorized user. Plus, unlike EFS, theres no simple recovery option should you forget your passcode or have the OS go south.
The last option is third-party encryption software; TrueCrypt is one of the most well-respected freeware options while Cryptainer is my personal favorite. They both enable you to drag-and-drop your files into an encrypted folder, which can even be hidden from view of all other users, a feature EFS and Bitlocker lack. Theyre also completely independent of the OS, so you can copy the encrypted folder and take it with you, accessing it on any computer while keeping the contents safe. To top it off, no one can access your files even while youre logged into Windows unless they also have the passcode for the encrypted container. Considering youre not limited by your OS (Windows 95 or better will do, and TrueCrypt runs on Linux) or transportation choices (works on flash drives, CDs/DVDs, etc.), its a worthy trade-off for the lack of automatic, on-the-fly encryption.
And on a final note, be sure to keep your security software up-to-date. No matter how many layers of encryption and password protection you employ it could all be for nothing if spyware is installed on your computer, designed to log your keystrokes (including passcodes) and/or take pictures of your activities. PCTools' Spyware Doctor, Webroot's SpySweeper, and AVG's Antispyware are the top-ranked options to protect yourself against such, but there are many other options available.
Hope this helps,
Submitted by John.Wilkinson
This has become a more common question since ID theft has become more common than Auto Theft...
The BEST option is not to make those files available to the internet connected PC in the first place. Physical security is more secure than encryption in almost every case. My financial files are on a usb flash drive which is in the PC ONLY when using that software. Any file left on the PC while it is on the internet could be copied and hacked at at the leisure of the hacker.
Windows XP and Vista comes with encryption, however I almost never hear of anyone using their encryption.
Encryption comes with a cost beyond software *which can be free* in the performance hit when reading / writing files. However this hit isn't as bad now with the faster drives and processors we are using. Just something to keep in mind, putting a high-performance program (game) on an encrypted or compressed drive can cause suboptimal performance.
For your specific question I'd recommend TrueCrypt, which is an open-source project (check Sourceforge). With Truecrypt you can set up a file on a drive (or even the whole drive) which is encrypted. You then mount that file as if it were a physical drive (with a letter or in a folder redirection), and your software doesn't have to know that the files they are reading/writing are encrypted.
Keys for Truecrypt can be either passwords, file(s) on the machine or a combination of both. For example, you could have a set of files on a USB drive, which MUST be in the PC AND have a password to enter, if you need that level of security.
The filesystem on the hard drive can look like just another binary file.
One Caveat, key management isn't robust enough (IMHO) for serious corporate use with the current version.
Venerable PGP has more options in how you use it, it's possible to encrypt individual files, set up a filesystem like TrueCrypt (using PGPdisk), or integrate with many email packages to deliver secure email. PGP has more robust key handling features for corporate use, for example a master key can be created so a corporation could recover data from a drive should the user's password be lost.
Invisible Secrets is an interesting program which takes a "carrier" file and injects your encrypted data into the carrier in such a way that the "carrier" is not rendered unusable. For example you could place an encrypted document into a JPG file. If you email the JPG file, anyone intercepting the message could see the picture, but someone with the program and the password could extract the embedded information.
Another caveat to this is this: If the hacker has access to your PC, then having one of these programs would be a tip that you're probably encrypting data. In that case, something which can be run directly from removable media without leaving a footprint on the PC would be desirable. I know that TrueCrypt can do this, I'm not certain about PGP.
Submitted by cdwatters