Community Newsletter: Q&A forum: Encrypting and password protecting files and folders on my PC

Well I encrypt most of my files by using a wonderful free program called truecrypt...you can get it at www.truecrypt.com . Its an awsome program and I think that if you have some sensative files that you dont want ANYONE to see, that you should deffinatly take the time to download and read the tutorial (should take you about 10-15min to set up) and encrypt your files. I think that even the NSA, or FBI would have a VERY hard time trying to get to your files. I gotta say that for a free program, this program is AWSOME.

I am an author of SWAT books and tactics. I always worried about someone hacking into my computer and stealing the information. I use firewalls, anit-virus and anti-spyware programs, but I didn't want to take the chance of the information getting out. I originally uses PCP, but did not like the idea that items I had were being stored on the web. I now use Cypherix's Cryptainer. It is 128 bit encryption. You download the program, then just follow the steps. You make a folder, give it a password and then move the files you want encrypted into it. It is fast, easy and I do not see the average hacker being able to hack 128 bit encryption. If someone physically accesses your computer and they open up cryptainer they will need the user password to get into the files and/or folders that are in it.
John

Go and get this free app--I use it all the time and it works great
www.shareup.com/Kruptos_2-download-38236.html

with a freeware tool called true crypt you can make virtual drives, thes drives can be encrypted up to 3 times in a different way, there is also a feauture that makes it possible to make hidden volumes in another, already encrypted volume so that if you are forced in any way to open it, you can still open the (normal) volume without private files being exposed for more info i'd suggest you google it

i have encripted my folder using this method:
In windows explorer: Right-click on a file or folder, and open the Properties box. On the General tab, in the Attributes section, click Advanced... Check the box "Encrypt contents to secure data".

and now i have forgotten my password of user account.
that folder which i have encripted contained ms words documents and many photos which i have scanned or taken from others
when i log on from guest or administrator i can see that folder and also the data in it but unable to access them i have not try to crack that password because if i change the password by going to safe mode in administrator or by repairing window i know that i would loose that data
please guide me how to recover that data safely
thanks
please answer me by mail in this adress:
saqibmajid89@hotmail.com
saqibmajid89@yahoo.com
regards,

As a first rule, the most secure way to store your data is to save it to a flash drive and put it somewhere safe, maybe in a locked drawer, at least so it's not readily available to hackers or other people using your computer. Flash drives are relatively inexpensive, around $30 for a decent one. If you're still wary of it, SanDisk makes a USB Flash Drive that's got built-in biometric security, meaning that the only way to access the data on the USB Drive would be to swipe your finger on the built-in fingerprint scanner.
If you aren't so keen on the idea of separate secure storage, there are a couple free programs you can download that encrypt your files so that they are only accessible using a password that you set. One of my favorites is AxCrypt, made by Axantum. It's a free program, and you download and install it, and then you can select certain files and/or directories to encrypt by right-clicking on them and choosing AxCrypt. It secures your files with 128-bit AES encryption, which is extremely secure. It's a very helpful, easy, and intuitive tool that should meet your needs.
If you're EXTREMELY paranoid, you can go above and beyond, and encrypt your files with AxCrypt (Or another Encryption program) and then secure them on a biometrically secured flash drive locked in a tamper-proof safe. Though, this is going a bit far and using only one of the above methods will surely thwart anyone who's after your personal data.

Hope this helps!
Dakota Szabo

Easiest and most secure solution is both encryption and separation. Simplest way to achieve both is to go for a thumbdrive with enough space where the associated software allows for encryption. Thats what I use for sensitive stuff at work - I've a few gigabytes of storage space hanging on my ID lanyard. I plug it into my machine when I need to read or work on one of those documents, type in the decryption passphrase to unlock the drive, do the work, save and then remove the device. I keep a backup unencrypted copy of the most critical items in secure storage just in case I forget my passphrase or the device fails. The only way to access the device without the passphrase is to erase it and start from scratch so it's not a risk if I lose it. I never leave it hooked up when I'm away from my keyboard so physical access to my machine wont expose anything, because the data simply isnt there. As for remote intruders, once they are in your machine and rootkit it then they can do anything they like.. they can keylog any passwords you use. However, theres the added complexity of waiting for you to plug in the device, then stealing the password, then (assuming the intruder is not actually on your machine when you plug it in) coming back later to plant a program that will snoop on it NEXT time you connect it, and do that with enough subtlety you dont notice a frantically blinking activity light... Suddenly that data is no longer low-hanging fruit. Unless they have reason to want it specifically they may not bother.

Question

How would one go about encrypting and password protecting specific data files or folders on my PC so that in an event my machine is either accessed physically or through cyberspace intruders, those people will not be able to access or open those particular files. Any details or recommendation would be appreciated. Thank you for your time.
--Submitted by: Mudiaga O.

Password and Encryption 101

The following is my thinking or mental model of password controlled encryption. Say you have a picture puzzle from a store. The picture on the box is the password or key to the puzzle. The pieces of the puzzle in the box are the encrypted data. Doing the puzzle without using the key/password picture makes completing the puzzle very hard but not impossible (this is the way a thief/data spy would have the data). With the picture from the puzzle box (password), some time, and, patience, the puzzle can be completed (decrypted, made viewable) with little trouble.

Lets now define the term public key/password using the above model. The data spy steals your puzzle pieces. The spy would be able to go to a store and buy puzzles and thereby may acquire the picture from the puzzle box (public key/password) and gain the same ease of completing the puzzle as its rightful owner.

Now lets define the term private key/password using our model again. You paint the picture side of your puzzle pieces with a magic paint that only you have a remover for (your paint remover is your private key/password ). When the data spy steals your puzzle pieces this time, he can only fit the pieces together by trial an error.

The mental model I have presented here is an over simplification and may confuse more than enlighten , but its the way I look at password controlled encryption. It brings out the following points.

Encryption systems (software and hardware) are tied to their passwords.
Encryption systems add a layer of difficulty.
The password is the encryptions key.
Fail to protect the password and the encryption is wasted.
Encryption of data is not a 100% solution.
Encryption is a form of password controlled corruption of your data.

I shy away from using data encryption because of controlled corruption of your dataview. I have a hard enough time just keeping normal data flowing from my disk drives. Let-a-lone making it even more difficult for the data to be retrieved and stored. Keep in mind that the data on the disk drive is already encoded (very public password encrypted) for storage. Adding another layer/step to the retrieval/storage process seems to be just asking for trouble.

If you feel you must, my recommendations for passwords and encryption are:
Try some encryption software, some will password protect and encrypt specific data files/folders.
Change your OS to one that has a built-in encryption system.
Use an OS which requires the use of passwords.
Use password protection software like RoboForm.
Buy a new computer that comes with an encryption system.
Review what you consider critical data, perhaps you only need to defend your passwords better.
Dont leave your common sense out of the overall solution.

Here are the selected submissions grouped in one post. Read through them and place your votes in the newsletter poll.

Answer:

Great file encryption (for free!)

Mudiaga, I have to commend you for what you are trying to do. So may people have sensitive data on their computers, often open to the internet or others with access to the computer, with little or no protection.

There are several programs available, but the ones I have used are TrueCrypt, Kruptos 2, and AxCrypt. They are all free - TrueCrypt is even open-source. You didn't say what OS you have, but XP and Vista also have their own encryption capabilities built in.

I would not suggest using the Windows encryption. It has some flaws and several limitations. The encryption is based on your user profile's name and password. You must export your certificates and private keys in the event that your user profile becomes inaccessible for some reason (ex. corrupted, infected). Without those, you won't be able to decrypt the files. Since the encrypted files are only accessible by your user profile, you can't share them with others in an encrypted form. Also, if you are logged in, your encrypted files are accessible, so don't walk away from your PC without logging out or otherwise preventing access.

Enough of what I don't like. Of the three programs I mentioned, Kruptos 2 and AxCrypt both encrypt on a file by file basis. They both use 128-bit encryption keys. When installed, they are integrated with Explorer's right click menu, so you don't have to start another program. AxCrypt has the ability to decrypt and encrypt on the fly, so if you try to open a file that is encrypted, you will be prompted for the password. With the proper password, the file will open in it's associated program. When you close the file, it will automatically be re-encrypted, so you don't have to remember to take the extra step of re-encryption. Both programs also have good file destruction features; when a file is encrypted, the original file is destroyed, keeping anyone from resurrecting it from the hard drive.

TrueCrypt is much more powerful, but works differently than Kruptos or AxCrypt. TrueCrypt uses 256-bit encryption keys, and gives you the choice of three different encryption methods (or even two or all three at the same time) - take a look at TrueCrypt's web site for lots of good information on the methods. The difference with TrueCrypt is that you need to create a container that is encrypted. The container can be a drive (don't ever encrypt your Windows drive!), partition on a drive, or a file with any name you want to give it. When you mount this container using TrueCrypt, you assign it to an open drive letter. Once mounted, it acts just like a drive - you can move files to and from it, open files on it, etc. This is beneficial if you need to frequently access your encrypted files; you will only need to supply the password once to mount the container, and then you can work with all the files until you dismount the container. You need to remember to dismount the container if you leave your computer, since it is fully accessible when mounted. The difference between TrueCrypt and Windows' encryption is that the Windows encrypted files are always accessible when you are logged in, while TrueCrypt containers don't need to be mounted unless you need them.

Whenever you encrypt a file, you run the risk that if any part of the file is corrupted - just one bit - the file won't be decryptable and yo won't be able to use any recovery software to try to even recover part of the file. It will be gone. Did I hear someone say back up and back up often??? TrueCrypt is very vulnerable this way, because the container can be a single file. Recognizing this, TrueCrypt allows you to export the header information (a 1k file) so in the event the header of the file is corrupted, you can import the header and recover the entire container (or at least the uncorrupted portions of it).

No matter what method you choose, be sure to use a very secure password - long, letters, numbers, special characters, and not common words or names.

Before making a decision, take a look at the manufacturer's web sites - they each have pretty good descriptions of what their programs can (and can't) do. TrueCrypt's is by far the best for info, both for general encryption and the program itself. But no matter what, do something to protect your data!

I have used all of these programs, and am currently using a TrueCrypt container to hold all of my sensitive information. I back it up every night, so have never had any lost data even through a failed hard drive.


http://forums.cnet.com/5208-10149_102-0.html?forumID=7&threadID=261492&messageID=2569904#2569904

Submitted by: microbabydad

***********************************************************************

Answer:

Multiple Facets

You didnt mention your operating system, but if you are using Windows XP (Professional and Media Center editions) or Windows Vista (Business or Ultimate), the first option is EFS (Encrypting File System). It is a security feature built-into the OS, enabling you to encrypt files such that only you can access the files by logging into your account. The benefits are that there is no third-party software to purchase/install, no additional passwords to remember, and no need to launch a program just to access or encrypt a particular file. Just right-click the file(s) or folder(s) in question, select Properties, click the Advanced button, and check the box labeled Encrypt contents to secure data. The initial application of encryption can take some time, but if you encrypt the entire folder any file saved or copied to there from then on will automatically be encrypted on the fly with little to no reduction in performance.

However, EFS is far from perfect. If you are logged into your account, no additional protection is available. (If someone takes over your computer while youre logged in they have full access, just as you did. Secondly, if Windows becomes corrupt you may lose access to your files, since the encryption is directly tied into the OS. Finally, tools to circumvent EFS are widely available for $100-$200, so anyone could crack your files open if they were willing to pay the price.

The second option is Bitlocker, a new feature of Windows Vista Ultimate edition. Its much more secure for even Windows cannot boot without the correct passcode, protecting not just your personal files but your OS as well. So far there are no commercial workarounds available and everything is done in the background, making it an ideal solution for those who worry about stolen laptops. Like EFS, though, its tied into the OS so if it becomes corrupt your files may be lost, and if someone takes control while youre logged in theres no stopping the unauthorized user. Plus, unlike EFS, theres no simple recovery option should you forget your passcode or have the OS go south.

The last option is third-party encryption software; TrueCrypt is one of the most well-respected freeware options while Cryptainer is my personal favorite. They both enable you to drag-and-drop your files into an encrypted folder, which can even be hidden from view of all other users, a feature EFS and Bitlocker lack. Theyre also completely independent of the OS, so you can copy the encrypted folder and take it with you, accessing it on any computer while keeping the contents safe. To top it off, no one can access your files even while youre logged into Windows unless they also have the passcode for the encrypted container. Considering youre not limited by your OS (Windows 95 or better will do, and TrueCrypt runs on Linux) or transportation choices (works on flash drives, CDs/DVDs, etc.), its a worthy trade-off for the lack of automatic, on-the-fly encryption.

And on a final note, be sure to keep your security software up-to-date. No matter how many layers of encryption and password protection you employ it could all be for nothing if spyware is installed on your computer, designed to log your keystrokes (including passcodes) and/or take pictures of your activities. PCTools' Spyware Doctor, Webroot's SpySweeper, and AVG's Antispyware are the top-ranked options to protect yourself against such, but there are many other options available.

Hope this helps,
John

http://forums.cnet.com/5208-10149_102-0.html?forumID=7&threadID=261492&messageID=2569955#2569955

Submitted by John.Wilkinson

***********************************************************************

Answer:

Encryption

This has become a more common question since ID theft has become more common than Auto Theft...

The BEST option is not to make those files available to the internet connected PC in the first place. Physical security is more secure than encryption in almost every case. My financial files are on a usb flash drive which is in the PC ONLY when using that software. Any file left on the PC while it is on the internet could be copied and hacked at at the leisure of the hacker.

Windows XP and Vista comes with encryption, however I almost never hear of anyone using their encryption.

Encryption comes with a cost beyond software *which can be free* in the performance hit when reading / writing files. However this hit isn't as bad now with the faster drives and processors we are using. Just something to keep in mind, putting a high-performance program (game) on an encrypted or compressed drive can cause suboptimal performance.

For your specific question I'd recommend TrueCrypt, which is an open-source project (check Sourceforge). With Truecrypt you can set up a file on a drive (or even the whole drive) which is encrypted. You then mount that file as if it were a physical drive (with a letter or in a folder redirection), and your software doesn't have to know that the files they are reading/writing are encrypted.

Keys for Truecrypt can be either passwords, file(s) on the machine or a combination of both. For example, you could have a set of files on a USB drive, which MUST be in the PC AND have a password to enter, if you need that level of security.

The filesystem on the hard drive can look like just another binary file.

One Caveat, key management isn't robust enough (IMHO) for serious corporate use with the current version.

Venerable PGP has more options in how you use it, it's possible to encrypt individual files, set up a filesystem like TrueCrypt (using PGPdisk), or integrate with many email packages to deliver secure email. PGP has more robust key handling features for corporate use, for example a master key can be created so a corporation could recover data from a drive should the user's password be lost.

Invisible Secrets is an interesting program which takes a "carrier" file and injects your encrypted data into the carrier in such a way that the "carrier" is not rendered unusable. For example you could place an encrypted document into a JPG file. If you email the JPG file, anyone intercepting the message could see the picture, but someone with the program and the password could extract the embedded information.

Another caveat to this is this: If the hacker has access to your PC, then having one of these programs would be a tip that you're probably encrypting data. In that case, something which can be run directly from removable media without leaving a footprint on the PC would be desirable. I know that TrueCrypt can do this, I'm not certain about PGP.

http://forums.cnet.com/5208-10149_102-0.html?forumID=7&threadID=261492&messageID=2571636#2571636

Submitted by cdwatters

I use BartPE to find newer SATA drives when booting. BartPE is a free program that allows you create a bootable CD. The bootable CD is a small version of your windows operating system and it allows you to load hard drive and network drivers for your system. It also allows you to load ghost v8, and other HD utilities for viewing, copying, virus and spyware scan, etc. Follow the link below to download the free software.

http://www.nu2.nu/pebuilder/

Before Windows XP and maybe 2000 which I never used, Microsoft had a wonderful tool built into Windows that allowed putting a password on a directory (folder). It was called, as I remember, "Share Level Access Control." It may not have provided sufficient security to prevent access to the president's nuclear codes, but it was sure as hell good enough to keep a third grader out of your Quicken directory or the directory where you might have accidentally stored adult material -- purely for academic research purposes, of course. It was simple. As you were setting up a share, you had the opportunity to enter a password and, voila, others without the password were blocked. And I could get into it from the family computer if I wanted by simply entering the password. Could they get around it? I don't know but I do know that no-one on my home network ever did. Now, I'm not saying that the would be super security of Windows XP doesn't have its place. But its place is not in a 2 or 3-pc network that does not involve a fortune 500 corporation or the pentagon. I would happily pay to get this functionality back.

This is what Microsoft does. They have a nice feature or interface that people like (or even more so, know how to use) and they screw it up because somebody in Redmond plays Big Brother and decides what we SHOULD like. Why can't they improve functionality but let you work the way you're used to? I don't have Vista yet, but I did get Office 2007. I almost immediately removed it because the interface was so different that I couldn't hit the ground running with it. Accepting, arguendo, that the new interface is better, why not let me select a classic or an earlier interface I want so I can use the damn thing and learn the new stuff when I don't have to get out a 20 page contract that day (in a new file format that you have to override so your colleagues can read it. At least it should be an option you have to select when you run it for the first time. I don't want and I don't need docx to send a friend driving directions to my home. )Why is there no cheat sheet that says "if you did it this way in Word 2003, you do it this way in 2007. WordPerfect, a vastly superior program which I stayed with as long as I could, used to offer you the option of using keyboard layouts (going back to DOS ver 5.1) from their several previous versions so you could feel at home in your new environment and, most importantly, use those familiar keystrokes to do things in half the time it takes with a mouse.

I guess I digressed a bit, but I'd still like to see share level access back. If Windows were open source like Firefox, someone would have written an extension by now.

Hello,

I noticed one basic drawback in applications being suggested. Nearly all of them create their own restricted access spaces for storage of files/folders, etc. (By the way, Folder Guard is another good application in this avenue, in my opinion.)

The leading problem I noticed is that this approach of creating application-specific secure storage locations defeats the overall orderly archiving/file-folder tree structuring; i.e., a particular file kept under, example 'my docs' folder shall be moved into the secure vault/drive etc. etc. created by the application used, thus 'nicely' undermining the overall archiving structure that one would like to maintain. [Creating shortcuts for the moved-away items at their proper location might be (??) a cumbersome half-solution (how would the encrypting/decrypting application(s) react to a double-click on the shortcut of an encypted and moved away item???)

PGP Tools (Network Associates PGP Freeware v6.5.8) sitting on the toolbars corner nicely offers encryption / decryption / signing / verifying / file secure wipe / empty space secure wipe options. In addition to public key encryption a further handy option also being offered is the creation of self decrypting archives. It is a pity that later versions of PGP excluded this most handy PGPtray tool!

Maybe I am naive but with regard to protecting documents, what's wrong with MS Word & Excel protect Document feature in the Tools menu?

The password protection feature only provided minimal protection, and is in fact very easy to circumvent. Software designed to exploit its flaws is readily available, many offering trialware versions that will reveal the first 3-5 characters. Thus, it's merely a deterrent, just like the Windows password and Windows EFS, both of which can be circumvented in a matter of minutes for a one-time $100 fee.

John

I use Winzip.

I put the file I want to protect into a winzip file and then apply 256 bit encrytption.

In this way you get compression as well, bearing in mind that image files don't compress well if at all.

Also, at least you know that you'll get some form of longevity & future proofing with Winzip.

Seperation still applies too as you can save it off to any other media and store it away from your PC.

Hope this helps!

Bungy