I will like to keep a thread like this for every upcoming version where people can list desired features and comments on features I have added. I will re-edit this post with new things as they are added. Not every feature will be added/shown here, only some of them.

This is a picture of the explorer context menu how it will appear in next version. It will all be collapsed under one CryptoSuite menu instead of all in the one main menu.

I hope to have some screenshots of the self extractor soon too.

menu seems better like that.
Personally i don't have many software which add a menu, but just in case, it's better to collapse all menu in one line like Winrar and PGP does.

Hello,

I have d/l cryptosuite and I think it combines a number of nice features into one product - secure delete, checksum etc... In fact, the checksum feature is VERY easy to use compared to several other pieces of software I've tried. However, I would like to suggest the following....

1. If I am going to encrypt a folder, I would prefer to have all the files encrypt as separate files with their original filenames but with the cse extension (so they could be opened individually or as a folder). This would allow the user to simply enter a password and be done. In other words, I would like the ability to compress them all to one file or NOT.

2. And I'm not exactly sure how safe this is but checkout the program File2file by cryptomathic http://www.cryptomathic.com/file2file/index.html - it stores your password so you only have to enter it once after that unless you choose a different password. If you accidentally type it wrong it will inform you immediately. This is a very nice feature, but again, I don't know if there is some major security issue with it.

3. Referencing the chat, by 'chalkboard' to you mean a drawing board (whiteboard) both people could draw on while chatting? Because THAT would be awesome. I have been looking for an IM with such capabilities.

In any event, thanks for a great product that I'm sure will just get better and better as new features are added.

Have a great day,

Tom

Hi Tom, Thank you for your thoughtful suggestions, I am sure Jason will take them on board.

Cheers. Pilli

Hi Tom,

1) A somewhat original feature I havn't heard before. I don't really see much advantage to encrypting each to a seperate CSE file. Seem's like more work for the user to me. Maybe you could explain further what you mean to make it clearer.

2) I don't want CryptoSuite to be used lazily like that. I think the best thing you can do in a program like CryptoSuite is to force people to have to enter their passwords when they can and not remember them. Trust me, when someone is snooping around your files you don't want "accidents" to help them :)

3) Yes a drawing board/chalk board, fully encrypted. I don't know exactly what "features" this will have, it will start off as basic drawing with the mouse with different colours and may expand in the future for shapes and such. This probably won't make it into 1.050, but it may.

Thanks for your kind words. You have a great day too. :)


-Jason-

Here's my two 1.050 feature wishes (but actually Jason knows them already):
- While I like the screenshot with the cascaded context menu, I'd like to be able to additionall have CS NOT display icons in the menu.
- Commandline arguments (checksums, encrypt & decrypt with include/exclude masks, target dir and filename, textfile containing a list of files to process (also for checksums), ...)

Andreas

(
and, as for long-term wishes:
- add PGP-compatible en/decryption
- PGP keyring management
- encrypt/decrypt clipboard content
- virtual drives (mount a cse archive as additional drive)
- and
- so
- on ;D
)

CryptoSuite is fast becoming one of my most used programs.
Of course TDS, WormGuard, ProtExplorer, and ProcessGuard are always running, but they are just in the background doing their thing. CryptoSuite I actually use every day.

I have been registered here for a while, but have never posted.
Time to start getting involved.

Gary

Hi GarySaved! ;)

Welcome to Wilders! :D

Please accept your first karma cookie!

GarySaved Gobbling Cookies -> http://www.wilderssecurity.com/attachments/overboard_gobbling_cookies.gif

Hi Gary, Good to C'ya! ;D

Regarding new features, encrypted file sharing is top of my list, along with the capability of the host to control individual connections.

One feature I would like is a possibility to encrypt files and or folders to an exe file that is password protected.
In effect making a secure file that can be mailed burned to a cd whatever and recovered with the knowledge of the password but without the Crypto Suite application.

Hello Jason,

Thanks for the rapid reply :)

1. One reason to encrypt files individually that immediately pops into my head is the following: Suppose I have a folder full of Word documents that I want encrypted so no one can read them but I only work with them one at a time. It would be nice to be able to encrypt the whole folder but be able to decrypt them individually to work with when I need that certain file. Also, if I want to send different files to different people, I could encrypt them all in a single folder then choose each one to send individually. It seems to allow for much more flexibility to me.

2. I'm not sure I was clear on the 'remembering' your password concept. Normally, the user would have to type their password twice to encrypt a file. This is, in part, to ensure that they didn't make a mistake and then can't get to their own data! However, it is annoying - especially if you choose a long and complicated password, which is always preferable to, say, short and sweet like your name ;) So to accomodate that, the program remembers a single password that you designate but ONLY for comparative purposes. You must still enter a password to encrypt the data every time. IF it matches the password you designated then the file is encrypted with only typing the password once and you are done. If it does not match the designated password then the program makes you type it twice to be sure you didn't perform a typing error. As far as I can tell, it in no way helps a snooper determine anything about the password to your already encrypted data. Again, you would be surprised at how only having to type your password once brings great convenience. Now, if it compromises the security of the program then that greatly outweighs the convenience. The point is that I don't know how the program 'remembers' your designated password or where/how it stores it. If that part is secure then it is simply a welcome convenience feature. I hopes this explains it a little better.

Thanks again and keep up the great work.

Tom

PS - How do I earn a Karma cookie ;D

{QUOTE-> quoting: Dan Perez link=board=41;threadid=17421;start=0#msg107792 date=1070821025]
Hi GarySaved! ;)

Welcome to Wilders! :D

Please accept your first karma cookie!

GarySaved Gobbling Cookies -> http://www.wilderssecurity.com/attachments/overboard_gobbling_cookies.gif
<-QUOTE}

Welcome aboard from me too GarySaved :). Have another Karma cookie for taking the wilders plunge ;).

Regards,
Jade.

Heya Jason ;)

Yep, your screenshot is exactly what I meant in my email to you :)
In that respect, I can understand what Andreas wished.

And I certainly agree with Andreas with respect to commandline, if possible... ;)

I might have a bit different interests than others ;)
My main interests (oops, is that the right word?) are the checksum-features.
I would love to have the possibilities, based upon CS, like NISFileCheck gives.
That means: not only to calculate a checksum of a single file, but to build a database of files and their checksums. And then later run CS again (on-demand) to look for changes.
I absolutely would love if CS has that feature build in in a future release. (or, if not possible for some reason, to give users that possibility via command-line to build it themselves...... ;) ).

Cheers, Jan.

Tom, well currently you can encrypt a whole folder of files, or the folder itself. Once the files are in the CSE archive file, you can then go to the decrypt tab and click View Files in Archive after entering your password. Once you see the list of files you can extract the one file you want to write to, or if you just need to view it, you can double click the file in the list to open the program which in turns opens the document. If you want to put an updated file back into that same CSE archive, you simply need to add that file like you usually would, except specify the old CSE filename. This way it finds the same filename in the archive and asks if you want to over-write what is currently in the archive. If you click yes here it will be updated. I will be updating the website soon with this sort of information as it isn't really covered yet.

FanJ, I like the sound of that file checking idea. I do want to add some extra things to the checksum part of CryptoSuite and I think that would be perfect. Don't ask for an ETA on it though. :)

Some good ideas here, some I have already seen before. I will try and add as many as I can.

-Jason-

Hi,
Let me first say that I am a new user of TDS, WG, and PE. They are great products, and I can not envision how I ever got by without them.

I have never used a program like Cryptosuite, and I must say that I am finding from the trial that it is a very useful program. I only have a couple comments (which may be taken with a grain of salt, given my newbiness ;D.

-Great idea for collasping the icons on the right click menu, my right click menu is already crowded.....but this program definately belongs there.
-Not sure if it is feasible, but how about an option for a self extracting executable. I would love to be able to send encrypted files to people who can extract them upon arrival having only the passkey.
-Speaking of transfering files and data securely, the chat feature is a cool idea. Are there future plans to cover other areas of data transfer like email or even FTP?

On a different note, I have had a blast playing with the benchmark feature...I think with a little more tweaking I can break the 29000 mark ;D
Again, congratulations on a great product.

Self extracting executables has already been discussed, you can probably find the thread in this forum pretty easily :) . Encrypted file transfer will be added to chat, it will most likely be set up also so that the HOST can add a group of files for people to download, similar to a FTP server, but of course different at the same time, since all communications are encrypted and there will be other features. :)

The file transfer will be not be in the pre-xmas release of CryptoSuite though, probably the one after.

-Jason-

It would be really nice if there was an option to prevent CryptoSuite from minimizing to the system tray; I would prefer it to simply minimize to the taskbar.

--Jason

Well... at the moment I like the balance CryptoSuite has. If you minimize CryptoSuite by clicking on the taskbar button, it minimizes as you want. If you click the minimize button on CryptoSuite's GUI, it minimizes to the tray. So both options are covered at the moment, just takes some time to get used to them. :D

-Jason-

Ah, I didn't even realize that. But it works fine. Thanks!

--Jason

Greetings, everyone - I'm new.

Have a question, which may also be a feature request. I'd like to be able to encrypt files on a USB Flash drive and then decrypt/recrypt them on any system - reason being, I only get to use my own computer about 50% of the time, so the rest of the time I'm trying to work on files on any computer I can find in the hospital, none of which contain any kind of decent encryption software (nor can I install ANYTHING, not being an administrator.)

Seems if there was a way I could actually have the encrypt/decrypt software running on the Flash drive itself (perhaps with only the basic tools?) maybe I could do this?

Thanks,
Wily

This was mentioned during Beta testing & Jason may have a solution in the near future. Having said that, creating an encrypted executable is one method but then you would need to re-encrypt after doing work on the files I suppose? Which would not be possible if you cannot load / run the encryption programme on any other work station.

Hi Jason,

You asked me to post this here to remind you:

I secure delete files often using the right click menu & there is a tiny
inconvenience which I would like to add to my wishlist for future versions.

When you have the 'auto-focus on dialogue box' mouse option turned on, the mouse atomatically focuses on'cancel' instead of 'go'. It would be a great help if you could switch these around so that the mouse will be ready on 'go' to delete the file.

I have StealthDisk which makes files 'disappear' so that no-one knows the files even exist on your computer yet alone try and decrypt them. They don't show up in Safemode or any other mode unless you use a hotkey which can be password protected.

Are there plans to do this with CS because what you can't see you can't hack.

Hiding files may work for casual computer users, but does the driver (or whatever is hiding those files) stop itself from being removed, etc? I know with Process Guard it is a pretty hard job covering ALL areas, I just hope they have. :) If you provide a URL to the software I might give it a poke.

Alas with CryptoSuite it doesn't matter if they can see your CSE file, which is the beauty of it. If you use a 20+ character password you will even be safe from governments and large corporations, etc. With CryptoSuite at the moment you can simply just encrypt to a file in the windows directory like c:\windows\temp01.dat or something like that which doesn't look "out of place" :)

I don't know if hiding the files from the operating system is that good a thing, sure it will fool the average computer user and it sounds like a cool thing, but so will encrypting to some weird file in your windows\system32 directory. The added benefit is that CryptoSuite also protects you extremely well from the professionals.

So with some common sense you can already do a lot of steganography without using any other programs. :D


-Jason-

Here is a Work in Progress picture of the upcoming self extractor. It is fairly straight forward but I want to see if you guys have any input into it's design.

So when you run the EXE that CryptoSuite generates you will see this screen first, you click on Extract and the "decrypting files" window will show, just like the normal CryptoSuite. Seems OK to me like this, but I want to be sure. :)

-Jason-

if in the first field it will have the default self extracting archive directory (the current path), when it would be perfect for me :)

Yes, I t might be good if one could select a folder with the additional ability to make it default ie. A tick box "Would you like to make this the default folder?"
This may also be useful for your .cse encrypt folder & decrypt folder

...how about a link "click here to learn more about CryptoSuite"?

Andreas

simple detail but important, nice one andreas ;)


As i said in PG forum, i cross here a feature request, even if i know it can't be done for the next version, i which it could be done in a next version.

It has already been asked, but let me give details :)
The feature would be a database with files fingerprint of files we would choose.
Then a scanner could scan all database files and compare computed fingerprints to those of the database and warn if a modification was discovered.
I would like too in addition of the on demand scanner a real time scanner set to a low process priority (why not a threshold in option) to not eat ressources and which would be permanently scanning files database.
The hash algorithm could be chose, from MD5 to SHA-512 (for very paranoid like me ;D)
The perfect way to accomplish this great feature would be to add an import function, able to import files name in a txt files.
For instance let's say i already done the work for norton AV 2004, i create a file "NAV2004.txt" and anyone having it could import files in his database (eventually in modifying before the root path if it isn't the same).

Example :
FILE BEGIN
Root$ = C:\Program Files\Norton AntiVirus
Root$\nav32.exe
Root$\opscan.exe
.
.
.
FILE END

While importing files, CS could compute inthe fly files fingerprints.
This "import" feature isn't absolutly needed, it just would be a bonus :)

Some ideas about CryptoSuite having File Integrity Checker features.

CS could replace the CRC-test in TDS-3 (already suggested by others too).
Although the CRC-test in TDS-3 is a nice feature, replacing it with the possibilities from CS could make it a lot more useful.

Many of the following ideas are based upon the features of NISFileCheck.
The copyright of NISFileCheck is owned by Albert (who made it, based upon ideas from Joseph).
So it could well be that not all below mentioned ideas can be used, due to that copyright.

The CRC-test of TDS-3 uses only one HASH-algorithm.
Using CS gives the possibility to let the user choose which one of the CS-HASH-algorithms to use.
Using CS gives also the possibility to encrypt the database.

Input:
You have to put files into the TDS3-CRC-database (the file crcfiles.txt which is hardly a database) manually by yourself.
I would like to see the following options:
Add a file by browsing to that file.
Add files based upon their extension and partition (for example all exe files from your C-drive).

Output:
I would like to be able to see the following properties of files in the database:
File with its full path (of course).
Checksum.
Date file is added into the database.
File-size.
File-version.
After running a file-check: file is not-changed, changed, new, deleted.
If a file was changed: date/version/size/checksum old/new.
That date needs to be very carefully chosen and defined.

Other output options:
Export record(s) to a text-file and/or a CSV-file.

Filters:
Use filters upon the database.
For example:
Only new files, only deleted files, only changed files.
The possibility to filter for some string of characters in a certain field of the records in the database:
For example all files containing the character-string “tds”.


I’m sure that there are lots of other things you could think of.
Anyone familiar with NISFileCheck will recognize where those ideas come from.

I hope this is not getting too off-topic :P

All you file-integrity-checkers, have you taken a look at Simple Nomad's md5-tool (Poor Man's tripwire) at http://www.nmrc.org/project/ ?
It's linux shell scripts but should be possible with batch-/cmd-files, too. Maybe some day I'll find the time to add it to Dan's NTIDA...

anyway, here's the logic I have in mind, probably some of Jan's suggestions can be added:

1. Builddb.bat:

recursive dir *.exe *.dll *.sys > filelist.txt
cse.exe --hash --allalgos --inputfile filelist.txt --outputfile filedb.txt
cse.exe --encrypt --input filedb.txt --output a:\filedb.cse
cse.exe --delete filedb.txt filelist.txt


2. Checkdb.bat:

recursive dir *.exe *.dll *.sys > filelist.txt
cse.exe --hash --allalgos --inputfile filelist.txt --outputfile filedb.txt
cse.exe --decrypt --input a:\filedb.cse --output filedb.old
diff filedb.txt filedb.old > results.txt
cse.exe --delete filedb.txt filedb.old filelist.txt



Something like this...
In my linux system, I have an archive with several rootkit checkers which is unpacking all the files it needs itself in a cron-job, maybe something like this can be done with CSE as well (not unattended of course, because of the password prompt, but to ensure integrity of the tools used to audit the system)...


CU,
Andreas

Thanks for mentioning the DEFAULT directory. It should be the one the EXE was run from + the filename of the EXE, something like this.

filename: c:\cryptofiles\cse_file.exe


Should default to extract all the files c:\cryptofiles\cse_file\

-Jason-

What kind of options are you guys wanting regarding the file integrity checking. I was thinking of using just MD5.. but would you guys prefer being able to specify the checksum(s) and what other options are needed to make it worthwhile?

What I was thinking currently was these options :-
1) Add Files To CheckSum List (possibly specifying which checksum(s) to use? )
2) Compare Files in Checksum List (to work out if any changed, and list the ones which have)

Is anything else needed or not? :)

-Jason-

I think that our post describe you in detail what we would want ;)

To answer to your question :

1) yes, at least offer MD5 and SHA-1, the best would be to let us choose between CS algorithms (if we have a fast CPU we can choose higher).

2) this method could be a solution to the pb i had with trying NIS File Check,
if you display all files (i had more than 5000!) it's unreadable.
I think it's better to only show new/modified files, with a maximum of information like the old/new date, ol/new hash, old/new size, etc...
NIS FC has filters to choose how to view the list, may be it's a solution, but as default what you said sounds good.

Yes thanks for reminding me ;) . I just re-read FanJ's last post and I guess that includes everything. Will have to get on top of it :)

-Jason-

Jason, Like your new Avatar - Have a Karma cookie to slice ;D

The old avatar "Ryu" was good too :'(

But anyway, a karma cookie too to be in touch with your cutsomers ;D

RYU didn't work well with Wilders due to the size constraints. I think this one is ok. :)

Thanks guys!

-Jason-

1) I would first like to second the suggestion of a virtual drive. That would make things very convenient.

2) Maybe support for a keyring or something.

3) I think this was hinted at on the first page or perhaps similar to the suggestions in the first page. Once I have selected the files I want to encrypt I use the browse option to search for a location I want to save the encrypted files to. Instead of having to name the encrypted file again, how about an option to just encrypt the files using the original names. That way you just browse to the folder you want and press save. This is just personal preference though, and I can see the reasoning behind the way it is set up now.

4) I was also thinking of an option to securely delete the original file after it has been encrypted. Maybe, have it turned off by default and one would have to checkmark this option in "settings." Some type of warning should also be given to the user when using or activating this as well, I suppose.

5) The help file is very intuitive, but a search function would also be nice.

Thank you for the consideration.

I also like your new avatar Jason! Haohmaru is good, but he is no Jubei ;)

Jason: From your screenshot, all you can do is extract the contents into a directory. Can you add the option to View or run just one from there? I usually want just one file, not all of them.

Gary

Gary, well I will have it extract all at in the next version. More options may come in the future, but for every option added, it adds more size to the EXE file, which a lot of people won't be happy about. :)

Thanks for your suggestions rerun, they have been noted.

-Jason-

Actually, if you are keeping a list of Priorities, size should be high on it. When I tell people of CS, I mention all it does, then say the installer is less then 1 meg.

Very impressive.

Gary

It might just creep over a meg in the next version. Packed full of Christmas goodness. :)

-Jason-

>It might just creep over a meg in the next version. Packed full of Christmas goodness

With a portrait of our beloved DCS team singing and playing jingle bells! for us. Somebody might fly a reindeer over for the event!

yes!

it would be a nice chrismas gift ^^

For the song, i suggest Gavin on the left, Jason in the middle, and Wayne on the right.
Please, if you give us aan avi file or an mpeg, don't do it more than 50MB, thx ;D

http://64.91.255.87/forum/images/smilies/xmas.gifhttp://64.91.255.87/forum/images/smilies/guitarist.gifhttp://64.91.255.87/forum/images/smilies/drummer.gif

http://64.91.255.87/forum/images/smilies/jumping.gif

What kind of stegano is this? with soundwav!

Watch it Jooske, LWM might get jealous with all these new smilies

Just use my referral link in my sig to the forum to get them all
but don't forget to login to avoid this http://64.91.255.87/forum/images/smilies/wall.gif
Dance to the christmas music!
LWM's smileys have no stegano included .. yet (i think)

Some more to join the party
http://64.91.255.87/forum/images/smilies/bigcry.gifhttp://64.91.255.87/forum/images/smilies/sing.gifhttp://64.91.255.87/forum/images/smilies/cheers.gif

I hope to have this version out in 1 or 2 days. The beta testers already have one beta from the new version, and will be getting a new one tonight. So far it looks like everything is running smoothly, the new features work as they should already. Just some small fine-tuning. :)

-Jason-

The CS server will be down for a few minutes during the 1,050 B2 install back on soon :)

Hi Jason:

1.
I have not tried CryptoSuite yet. Therefore, my comments do not necessarily apply to CS. They may be useful, however, if you consider adding new features.

2.
Based on my experience /w several other encryption programs I usually distinguish between "on-the-fly harddrive encryption programs /w preboot authentication" (like Safeguard Easy, Safeboot, Safeboot Solo, DriveCrypt Plus Pack) and strong AES/Rijndael-based "container solutions" (like BestCrypt, DriveCrypt etc.).

3.
Generally, it seems to me that container solutions are inconvenient if you cannot mount the encrypted container(s) as a virtual harddrive or something similar.

If you want to encrypt more than a few files it must be ensured that you are not required to type in a password more than once per each start of the computer (i.e., there should be the possibility to unlock all encrypted folders and files at once). It must also be ensured that you can easily encrypt entire folders and, moreover, it should be possible to "work" on-the-fly with encrypted folders/partitions like if they were not encrypted at all.

By contrast, if you are merely encrypting a few files you may also use WinRAR offering 128bit AES (which is still considered uncrackable by most experts) plus good compression.

I believe that it is extremely important whether an encryption program is convenient or not since most users will not timely encrypt all sensitive data if this is a hassle.

Container solutions have the disadvantage that you cannot encrypt the entire harddrive (including the boot partition). In consequence, many folders (e.g., folders containing applications which are autostarted) must remain unprotected.

Personally, I store all backup images in an encrypted container. This is because my encryption program offers a "portable mode" (i.e., I can open the containers on every computer w/o having to install the encryption program -- I merely need to distribute a small portable version of the encryption program together with each container).

IMHO, a container solution is only required if you have to share your computer with other people.

4.
Since I do not need to share my computer I use a harddrive encryption program /w preboot auth. This is the most convenient way to secure all (!) my data. There is no risk that I forget to protect sensitive data. I need to type in the password only once per reboot. Usually, on-the-fly encryption/decryption does not come with a noticeable speed penalty.

There is (almost) no risk of losing my data: if Windows crashes and cannot be repared you can still decrypt the protected partitions. You just need to set up a new OS on a different partion or harddrive and reinstall the encryption program. (Frequent backups are still a good idea ;-)

I do not trust harddrive encryption programs which support a remote challenge response procedure in order to help a user who has forgotten his/her password.

Hi ano5, thanks for your thoughts on container/hard-drive based encryption schemes. My own opinions differ slightly, I think whole hard drive encryption is pointless(except in the ease of use stakes) and in some ways offers "worse" protection. Entering the password/key only once basically means once in your operating system everything is as it would be on a normal system. Sure you had to log in decrypt the data in the first place, and your hard-drives if removed from your computer would need to be decrypted first also, but these cases of data theft are very rare. Most cases of data theft these days occur from trojans,spyware, etc, something which these full-harddrive encryption programs don't really offer any protection against. Unless they have the ability to set-up other partitions which you store all your private documents onto and require a password for every read and write then they have full access to these files just like a user who logged in would. Full Disk encryption programs don't really hide the fact to other people that you are using encryption either, at least with other encryption software you can choose whether or not to let people know you are encrypting documents. Some people for instance don't want to let others who use the computer like wives, siblings, daughters, sons, etc that they are encrypting documents. Hiding the fact you encrypt things is a common requirement for a lot of people.

Secondly, full disk encryption means you have areas of your hard-drive which don't need to be encrypted, encrypted. For example your system32 files, 99.9% of them are available everywhere yet they have to be decrypted everytime a program runs or loads something etc. Does it matter that someone knows you have vbm400.dll in your system32 folder if they ever stole your hard-drive? :) . Is it worth this redundant data from being encrypted? What about the performance hit, meaning only those with fast CPU's can really use these products without noticing a major slow-down.

I do have a certain liking for containers where you can mount them as a partition, usually because these are used to store only documents which need to be protected. CryptoSuite will expand in the future to add support for this, and will probably support existing archives. :)

One more thing I might add, cryptography software should not merge with "ease-of-use" to the point where it is extremely easy to protect everything but at the cost of privacy and security. I have yet to see a scheme where entering your password/key LESS equates to better or SAME security to a scheme which requires it more. Just because the shortest distance between two points is a straight line, doesn't mean the curvy road isn't the best option. :)

*EDIT* In regards to your WinRAR statement, most experts are now saying to use 256bit algorithms (CryptoSuite uses two of these), you aren't really getting 128bits of protection using a 128bit cipher, due to the attack methods which reduce this. Whilst using 256bit keys doesn't mean you get 256bits of protection exactly it is what I would recommend people use, there is no reason to still be on 128bit. CryptoSuite archive's are also compressed, whilst RAR offers about 0.01%-2% better compression (depending on size of file), it's not really something that is noticable. Also you might want to compare the time required to add a file to WinRAR compared to adding a file in CryptoSuite, you will be surprised. :)

-Jason-

CS Chat Server is now running 1.050 No problems thus far :)

81.105.28.14 PW: pc2 Port: 5096

Jason:

You arguments are valid. Actually, I expected them ;-)

1.
It is true that harddrive encryption does not protect you from internet attacks (like trojan attacks). For this reason, I combine harddrive encryption & a container solution: very sensitive data like passwords are additionally stored in an encrypted container.

2.
Even a container solution cannot easily protect you from internet attacks. Inter alia, a container solution must prevent keyloggers, screenshot tools etc. from recording the password. Therefore, I believe that it is generally the responsibility of AV/AT scanners, personal firewalls and system firewalls (like SSM, PG or TPF) in connection with common sense to protect you from net spies.

Does CryptoSuite include a concept to protect you from keyloggers etc.?

3.
Harddrive encryption makes a lot of sense for notebook users since notebooks may get stolen. It also makes sense if there is the risk that certain authorities will search your premises. In addition, it is the preferable solution if you want to protect many files.

4.
I completely agree that container solutions are good if you want to hide the fact that you encrypt a few files. Personally, I use a stenographic encryption program which allows me to store encrypted data within my digital photos.

5.
It is true that harddrive encryption protects each & everything. But that's good because it is not only convenient (and thereby increases security) but also makes it harder to distinguish sensitive from non-sensitive data. As regards the performance hit: I did some benchmarking tests a few years ago. Usually, the performance decrease is not noticeable unless you copy very large files like a 800mb DivX video. Computers with a processor speed of less than 1Ghz may be slowed down if they use a very fast harddrive (i.e., it is the ratio between processor speed and harddrive speed which matters).

6.
Entering a "global password" could be an optional feature. It would increase security for people who would not encrypt anything at all if they were required to use an inconvenient solution. On the other hand, paranoid people could still protect every single file with a different password (and then store all passwords in an encrypted master pw file .. ;-)

There is no anti-keylogger features in CryptoSuite yet, these are planned to be added very soon.

There is no more protection using different schemes, whether full-disk,container or archive based. The protection with encryption comes with the algorithm used and the key. Each scheme has its pros and cons in "ease-of-use" terms, but cryptographically, it all depends on what algorithm is used. You seem to be under the impression that full-disk encryption offers you more protection than something else in certain situations, this isn't a valid judgement.

For instance, does it matter if your laptop is stolen if you have encrypted all the files which need to be into a CryptoSuite archive compared to full full-disk encryption (with a good algorithm/key)? No, they still can't get your private info without the key/password either way. When people physically steal your computers they typically aren't out to get your data, rather it is the hardware they are after. Trojans,spyware, etc are the biggest data theft causing devices, yet seem to be second on your list compared to authorities/thieves :) .

I don't find it inconveniant using CryptoSuite to encrypt my files which I do very regularly. There is some things which could be streamlined and they will be. I can also send my CryptoSuite archives very easily through email and other insecure networks without any issues at all. Whereas someone with full disk encryption would have to bother making an archive, that is if the software even supported that.

There is no point arguing about how using full-disk encryption for you is easier because it all depends on the person and situations. And as you said, you still use other software solutions apart from your full-disk encryption package (which are expensive enough as it is), I just use one piece of software now that is very affordable for everyone. :)

Try and keep this thread on topic also.

-Jason-

"You seem to be under the impression that full-disk encryption offers you more protection than something else in certain situations, this isn't a valid judgement."

No. I am not. I generally agree with you. It is the encryption algorithm and the protection against internet spies which matters. In respect of a harddrive encryption program it maybe harder to develop a driver which allows for a bruteforce attach. But this is not important because most AES-based encryption algorithms are safe.

"I don't find it inconveniant using CryptoSuite to encrypt my files which I do very regularly."

I was only talking about container solutions in general and container solutions /w or /wo mounting capabilities in specific.

"I can also send my CryptoSuite archives very easily through email and other insecure networks without any issues at all. "

That's definitely a plus. I assume that the recipient of the email must also have CryptoSuite in order to decrypt the file? If yes: I suggest to create a special free CryptoSuite version which permits only the decryption (but not the encryption) of files. Possibly, this would increase the sales volume. (See for example Enigma 2000). -- EDITED: With CS you can create SFX files. Therefore, it is not absolutely necessary that the recipient has CS installed on his/her computer. However, a SFX file puts the recipient under the risk that the SFX file contains a trojan or the like. Therefore, a free stand-alone decrypt-only version of CS w/o any nag screens would still be helpful. --

"There is no point arguing about how using full-disk encryption for you is easier because it all depends on the person and situations."

Absolutely. That's what I said right at the beginning. It depends. But I would not rule out the possibility to add such feature to CryptoSuite in the future. For example, DriveCrypt has also started as a pure container solution.

"Try and keep this thread on topic also."

Come on. This was on topic since you asked for feature requests and the like. I think at least some of my thoughts were helpful.

Ano, Your thoughts are very helpful but arguing about encryption semantics may be better persued in a new thread.

Hope this does not cause offence & thanks for your input. :)

@Pilli Thanks. But I believe that I have already posted all my arguments and thoughts now (i.e., it would have been a very short thread).

CryptoSuite will work forever in Decrypt mode, ie even when trial runs out you can still decrypt. The one message box which pops up on startup is hardly THAT nagging in my opinion, does it bother you? :)

Yes your thoughts were helpful, however it would of been better on your part to first try the program to see what it's features were and then comment on what you thought it needed, rather than just commenting on it from afar. The reason for this is some of your questions could of been anwered just be using the program. :)

Keeping this thread on topic just meant posting in regards to features wanted in CryptoSuite, and as you can see some of what you posted isn't related to this. You could always start another thread, there is also a privacy forum on Wilders if you are interested. No ill-harm meant just a relaxed suggestion. :)

Happy New Years!

-Jason-