I am now convinced of the importance of encryption. I was stumbled across Invisible Secrets about 2 weeks ago and I was planning to purchase CryptoSuite from DCS.

But now I am thinking about Invisible Secrets which has more features. Is anybody out there that can help me out on good Encryption Software?

maybe someone use/used Invisible Secrets

http://www.invisiblesecrets.com/invsecr4.html

maybe someone has a better option? thanx in advance

The last time I had a look a Invisible Secrets I figured out that there is a detection algo which can determine whether a file is encrypted with invisible secrets or not. This does not mean that the encryption is weak. However, the stenography feature - at that time - was more or less obsolete.

Thanx in advance!!!

INFINITY

Here is a good link to encryption software.

Bruce Schneier (http://www.schneier.com/blowfish-products.html)

THANX AGAIN Ron, just what I was looking for.

inf.

Glad to see your new interest in encryption. Choose correctly.

Consider your needs......encryption programs offer assorted uses....BUT THE USE OF WEAK ENCRYPTION IS NO ENCRYPTION AT ALL....


Good reading:

http://www.wilderssecurity.com/showthread.php?t=3919



encryption is a world unto itself........member Lov2BSecure has extensive experience on the subject.

GOOD LUCK



oh....just for the heck of it.....if you have a spare moment......take a look at an old program called Scram disk.......or something else like E4M........just to get an idea of encryption uses...

Thanx Snowman, much appreciated, I don't know where to begin or what to thrust cause at encryption I am quite a noob... but can someone here point me to a app with strong encryption? is rijndael and blowfish strong, the thing I read about it is YES, definately but so if there is a program that uses blowfish or rijndael with 256 bit key encryption: it is therefor a strong encryption.
I hope I am correct about that.

who can point me to an app which he would trust on his own pc. Thanx!!!!!!!!!!

But of course I am most will to help if I can.....un-fortunately my os is either Linux or win98se.....the encryption I use may not work on your os....as I recall you use XP ?

Some programs to glance at: Fine Crypt....E4M...Blowfish Advanced Pro (algorithms like Blowfish, Twofish or Triple-DES. Random data is generated with Yarrow)


about FineCrypt

Highly secure encryption with a single mouse click (without entering password or key); Secure communication with other users of FineCrypt; Creation of encrypted archives with which you can work like with zip-archives; Creation of encrypted self-extracting executables, which can be decrypted without FineCrypt; Encryption of files, directories and whole directory trees; Encryption with password or with user encryption key; Advanced key management; Secure delete feature; Statistical analysis of ciphertext; Full integration with Windows shell, including drag-and-drop; FineCrypt is the only program which you can check for correctness of encryption; 10 strongest encryption algorithms, including 5 AES finalists: MARS, RC-6, Rijndael(AES), Serpent, Twofish; 4 encryption modes: ECB, CBC, CFB, OFB (see FineCrypt's Help for details);



About E4M

E4M Encryption for the masses is an on-the-fly disk encryption product. What this means is create a volume on your hard disk, CDROM, floppy or other media which is essentially just a normal file. The file however is in fact a file system itself. It contains all the structures needed by your operating system to recognise the file as a file system of a particular type such as FAT or NTFS. This is called a "file hosted volume". Or you could choose a blank or unwanted partition on a local hard disk or floppy disks and format it using E4M. You can then mount this new encrypted volume, and use it like you would any other drive. This is called a "Raw partition volume". The only difference is that Raw partition volumes do not have a file system in the middle, so they provide an encrypted file system on top of a Raw partition. As opposed to file hosted volumes which need an existing file system to "host" the volume file. An example would be a E4M volume called "myfiles.vol" located on the C drive, rather than the same volume located on the second partition of your hard disk. To your operating system, these new volumes will work exactly like your C drive, or any other drive on your system. Tools are provided to "mount" a volume, and to create a volume. The process of mounting a volume involves pretending that the volume file or partition is in fact a removable media device attached to your system.




F-Prot Desktop Encryption A superior encryption program featuring Blowfish or Triple DES


TrueCrypt 1.0 Based on E4M, (encryption for the masses) an excellent file and folder enryption software app.



That should give some ideas

greatly appreciated Snowguy, indeed, winxp user, I'm downloading it now, it is a quite interesting new world to be honest,

thanx

Great! Ah yes...you will have some fun now.......anyone wanting to mess with your computer best bring lunch...supper.....for an indefinite time.


An now that you are getting into thias.....do install some nice desktop "locking" software......remember "layer"........

lol, you rock man

great.

LOL....Its Still Rock-N-Roll To Me....LOL



seeya later........GONE FISHING

Have fun Fishing , and thank you all for your comments, I will have a lot to learn like allways lol...

have a nice eve

Inf.

You are most welcome.....you are also deserving of the compliments......cause you are doing just fine.....

at some other time perhaps the topic may come up relating to making files "transparent" after encrypting them.....but for now

off to find some rainbow trout.........hopefully...lol.....

The only problem I have heard with encrypting your hard drive (not sure about individual files) is that you can't restore images of your hard drive correctly made with programs like Ghost and True Image. So that's what prevents me from encrypting my entire hard drive.

I strongly suggest staying with open source programs. For container and partition encrypting, Truecrypt is awesome.
http://truecrypt.sourceforge.net/

Individual file encryption, try Axcrypt
http://axcrypt.sourceforge.net/

Invisible secrets uses strong algorithms, but the program itself is closed source. Who knows if it works or not? The interface is not what's important. Both of the programs I mentioned are excellent, open source and FREE.

Hi I am trialling it now for a week and this is one of the best security programs available. I tried Cryptosuite too but all the features, miles ahead then the rest. it has even a locker and can hide files into other files and stuff. I am sticking with this one.

this is tha bomb if you ask me.

Before you decide, at least give this current thread at SecurityForums.com a read http://www.security-forums.com/forum/viewtopic.php?t=17143 There are some real good people there.

---------------

yes, I know Gerard, I read it and at the end it comes down to this.

you gotta feel you are secure, what if someone doesn't feel secure with let's say axcrypt or bestcrypt? I feel good with this program, especially the hiding of files (which is tested by experienced and known authors and cryptographers). the cryptography: so Diamondcs wouldn't be secure too, just because the code isn't public and it isn't tested by famous cryptographers? nope doesn't work for me.

open source isn't a garantee it is better. it is just free and has a huge community. that I can give you.

but this product is a lot more then the critics on that forum.

It's your security. Invisible Secrets has a nice interface, but who knows if it works? Diamond CS as good as they are and I love ProcessGuard are not cryptographers either, so no I wouldn't consider their crypto program. They are programmers not cryptographers I think cryptography is the one application area where closed source will not suffice. But in the end, it is your security. Hope it works out for you.

Gerard

{QUOTE-> It's your security. Invisible Secrets has a nice interface, but who knows if it works? Diamond CS as good as they are and I love ProcessGuard are not cryptographers either, so no I wouldn't consider their crypto program. They are programmers not cryptographers I think cryptography is the one application area where closed source will not suffice. But in the end, it is your security. Hope it works out for you.

Gerard <-QUOTE}

Wouldn't you hope that whoever made a cryptographic program was good at both rather than only good at programming or only good at cryptography? :)

{QUOTE-> It's your security. Invisible Secrets has a nice interface, but who knows if it works? Diamond CS as good as they are and I love ProcessGuard are not cryptographers either, so no I wouldn't consider their crypto program. They are programmers not cryptographers I think cryptography is the one application area where closed source will not suffice. But in the end, it is your security. Hope it works out for you.

Gerard <-QUOTE}

I would turn that around and suggest someone who can be innovative enough to come up with the protections that ProcessGuard has can be equally innovative with cryptography.

I use Cryptosuite from DiamondCS, because from working wiith ProcessGuard, I know the depth of the work these guys do. There is also a trust issue. First and foremost do I trust the company I am buying from?

Finally you have to ask what you are protecting against. If the little men in dark suits come an take the computer will my crypography program protect me. Doesn't matter as in most countries the laws are such that if they have the legal right (sapoena, etc) to take the computer then it is easy for them. You either unlock everything or go to jail.

{QUOTE-> Wouldn't you hope that whoever made a cryptographic program was good at both rather than only good at programming or only good at cryptography? :) <-QUOTE}
Hello Jason. I think Diamond CS has done some great things, especially with ProcessGuard. Infinity ASKED about Diamond CS and I told why I wouldn't consider your products for ENCRYPTION. It's like this, I don't expect a word processor from PGP because it is designed and built by cryptographers, they don't do word processing. Non-cryptographers shouldn't be doing encryption either, imo. As for doing both? I don't expect my general doctor to perform brain surgery.

{QUOTE-> If the little men in dark suits come an take the computer will my crypography program protect me. Doesn't matter as in most countries the laws are such that if they have the legal right (sapoena, etc) to take the computer then it is easy for them. You either unlock everything or go to jail. <-QUOTE}

I know many countries have such laws, but not where I live (USA). We have a 5th amendment to our constitution against self incrimination.

{QUOTE-> I would turn that around and suggest someone who can be innovative enough to come up with the protections that ProcessGuard has can be equally innovative with cryptography. <-QUOTE}

If you are happy with Crypto Suite from Diamond CS than by all means use it. No, I don't think because a good bone doctor can do miracles with arms and legs that he should be operating on the brain. Track record in other application programming counts not a bit when it comes to cryptography and its implementation.

Regards, Gerard

{QUOTE-> Hello Jason. I think Diamond CS has done some great things, especially with ProcessGuard. Infinity ASKED about Diamond CS and I told why I wouldn't consider your products for ENCRYPTION. It's like this, I don't expect a word processor from PGP because it is designed and built by cryptographers, they don't do word processing. Non-cryptographers shouldn't be doing encryption either, imo. As for doing both? I don't expect my general doctor to perform brain surgery. <-QUOTE}

Hi Gerard, you are indeed entitled to your own opinion regarding our cryptographic knowledge. Even if I guess it isn't backed up by any "proof" other than some stereotype based on programs we have done in the past. However to put together a good, secure cryptographic program you need people who are good at both programming and cryptography.

Whilst I agree with your analogies for the most part, I don't think they are valid. To produce a cryptographic program you need skills in at least 2 areas, programming and cryptography. Whilst a general doctor does not need to know how to perform brain surgery to do his job, someone like me needs to know programming and cryptography to produce a program such as CryptoSuite. I hope that makes it clear. :)

{QUOTE-> I know many countries have such laws, but not where I live (USA). We have a 5th amendment to our constitution against self incrimination.



If you are happy with Crypto Suite from Diamond CS than by all means use it. No, I don't think because a good bone doctor can do miracles with arms and legs that he should be operating on the brain. Track record in other application programming counts not a bit when it comes to cryptography and its implementation.

Regards, Gerard <-QUOTE}

Hi Gerard

Guess what. I also live in the good ole US of A. And the law I mentioned is alive and well here. If your computer is confiscated under court order(only way it can be) then indeed you would be required to provide passwords to anything on the computer and failure to comply will have you in jail.

Secondly your analogy against Cryptosuite(CS) has one flaw. IF DiamondCS was trying to design the encryption algorthyms, I would agree with you. But the algorthyms being used are the two top rated approaches. Making a good program than really does become more of a programming issue than an encryption issue. Granted it obviously takes enough to understand and program them, but you and I could gain that if we chose too. What is tougher is programming them correctly and on that score it would be tough to beat Jason's skills. Besides if you think learning cryptography is that much of a challenge, what about learning MS Windows XP to be able to program ProcessGuard. Think about that for a moment.

Pete

PS. Don't get the impression that I am just beating the drum for DiamondCS, but having worked thru the development of ProcessGuard as a beta tester, I have seen the technical skills first hand.

{QUOTE-> But the algorthyms being used are the two top rated approaches. Making a good program than really does become more of a programming issue than an encryption issue <-QUOTE}

exactly my point what I was trying to say. it is not the issue that the code is free. cause it is. it is there for everybody. just need to program good.

{QUOTE-> Guess what. I also live in the good ole US of A. And the law I mentioned is alive and well here. If your computer is confiscated under court order(only way it can be) then indeed you would be required to provide passwords to anything on the computer and failure to comply will have you in jail. <-QUOTE}

Hi Peter. I have no idea what you might be referring to. I know of no case where someone was ordered to hand over passwords, like in the UK. If they were the whole case would be thrown out of court in a split second. In the United States, every person charged with ANY crime has the right to remain silent. That also applies to any investigation before charges are filed. Nobody can be ordered to hand over passwords. No court order can force one to hand over passwords. There have been test cases on this, but way back in the 80's. It is so fundamental a right in the United States, that nobody has since challenged the right to remain silent and the right against self incrimination. These are fundamental rights of any defendant in America.
Gerard

{QUOTE-> Hi Peter. I have no idea what you might be referring to. I know of no case where someone was ordered to hand over passwords, like in the UK. If they were the whole case would be thrown out of court in a split second. In the United States, every person charged with ANY crime has the right to remain silent. That also applies to any investigation before charges are filed. Nobody can be ordered to hand over passwords. No court order can force one to hand over passwords. There have been test cases on this, but way back in the 80's. It is so fundamental a right in the United States, that nobody has since challenged the right to remain silent and the right against self incrimination. These are fundamental rights of any defendant in America.
Gerard <-QUOTE}

Not 100% positive, but I think the Patriot Act might have changed that. Particularily in criminal stuff the FBI can confiscate computers, and if they do while they might need a court order, ulitmately if the court orders passwords surrendered you could be dealling with contempt of court. Granted not quite the same as UK, but still...

Even without the patriot act - it doesn't matter. The 5th Amendment protection against self incrimination is not all-emcompassing - it only relates to testimonial evidence. Non-testimonial evidence is not covered or protected and includes things such as blood samples, an individuals appearance, fingerprints, records/documents, voice recordings, etc. A password to unlock records or other non-testimonial evidence would not be considered by the Supreme Court as testimonial evidence.

It should additionally be noted that that is the minimum level of protection according to federal precedent and individual states are free to offer more individual protection than the federal minimum.

who would be non affiliated and trustworthy and could test the program if it doing the tasks it is supposed to do? what if let's say: cryptosuite or bestcrypt not using any secure algorithms? this would be very important to know now since I am planning to purchase something but now I am doubting. I really really like Invisible Secrets and their Steganography is tested good. but how do you test a programs' cryptography?

Thanx

{QUOTE-> Even without the patriot act - it doesn't matter. The 5th Amendment protection against self incrimination is not all-emcompassing - it only relates to testimonial evidence. Non-testimonial evidence is not covered or protected and includes things such as blood samples, an individuals appearance, fingerprints, records/documents, voice recordings, etc. A password to unlock records or other non-testimonial evidence would not be considered by the Supreme Court as testimonial evidence. <-QUOTE}

No, no, no. The PATRIOT Act has nothing to say on this matter at all. Nothing. As for the Fifth Amendment, it protects a defendant from the MOMENT he or she is arrested. In 1966, the US Supreme Court even ruled that law enforcement is REQUIRED to tell an individual of these rights. It is known as the Miranda ruling and the Miranda warning is known to all Americans.
----------
Miranda warning
From Wikipedia, the free encyclopedia.

The Miranda warning is given by police officers of the United States to suspects who they have arrested and intend to question. The Miranda Rights were mandated by the 1966 United States Supreme Court decision in the case of Miranda v. Arizona. The Miranda Warning is a means of protecting a criminal suspect's Fifth Amendment right not to be subjected to coerced self-incrimination. This principle of law, though under different names, has been adopted in some other jurisdictions that derive their legal systems from English common law.
-------------

The Miranda warning must be given in some variation of the following:
''You have the right to remain silent. If you give up that right, anything you say can and will be used against you in a court of law. You have the right to an attorney and to have an attorney present during questioning. If you cannot afford an attorney, one will be provided to you at no cost.'''

The 5th amendment protects anyone being questioned by the police, not only to a defendant on trial. This was the PURPOSE of Miranda, so that suspects facing questioning know they have the right to remain silent. Silent means silent with no exceptions and that includes any self incriminating evidence like passwords.

As for blood samples, DNA and the like. None of this is self incrimination, which has been defined as primarily knowledge of ones own actions. Even with DNA, it cannot be required of a suspect and must be obtained in sometimes sneaky ways by law enforcement. i.e.: Following a suspect and picking up a cigarette butt, finding blood samples within a home after a search warrant has been obtained, getting a suspect to touch a glass to use for fingerprints, are but a few examples. If law enforcement finds a password written down in your home, it is fair game and is not protected. Not offering up a password verbally, however, is constitutionally protected in America.

More on the 5th Amendment and Miranda can be found here http://en.wikipedia.org/wiki/Miranda_Warning

Regards,
Gerard

@Gerald. You are absolutely right, but once they obtain a court order you are absolutely wrong.

@infinity. I only keep a couple of things on my puter that I wish to keep from prying eyes. I use Cryptosuite. I suspect more than worrying about the cryptography is worrying about the password. I use a 80 character random character password that is not on paper, nor stored anywhere. Fact is I don't even know what it is.(no this isn't a joke) If you are curious how I do that send me a private message.

Pete

{QUOTE-> @Gerald. You are absolutely right, but once they obtain a court order you are absolutely wrong. <-QUOTE}
Peter,

Every American should understand this. NO COURT ORDER can supercede the constitution of the United States. Period. None. No court would issue such an order in the United States. Like I said in an earlier post, this was last visited by the courts in the EIGHTIES, that's how clearcut this is. In the nineties, they went after Zimmerman and PGP because they saw it as a threat. The whole thing was dropped because there was just no way around the issue constitutionally. The fifth amendment is alive and well. NOBODY can be forced to give up a password, known only to themselves, in the United States. In the UK? Yep. It's called the RIP laws, I believe. In the US, nobody is forced to incriminate themselves. No "court order" can force you to give up your fifth amendment rights.

{QUOTE-> I use a 80 character random character password that is not on paper, nor stored anywhere. Fact is I don't even know what it is.(no this isn't a joke) If you are curious how I do that send me a private message.
Pete <-QUOTE}

Why a PM? It's no secret. Random generated passkeys stored on removable media have been around for a long time. Keep it on a floppy, USB drive, whatever you want. You also equated learning Windows XP to learning cryptography. Pete, you can't compare the two. One is an operating system and the other is a mathematical science. The IMPLEMENTATION of strong and open cryptography is as important as the algorithm used. Programs using crypto libraries are a dime a dozen. It takes a cryptographer to properly implement strong cryptography. Do you think major corporations use off-the-shelf $49 encryption programs? No, they don't. They hire cryptographers to properly secure their data. The rest use PGP. That's what the statistics tell us. No Fortune 500 company would EVER trust a closed-source, boxed or downloaded program for their security. There's a reason for that.

{QUOTE-> @Gerald. You are absolutely right, but once they obtain a court order you are absolutely wrong.

@infinity. I only keep a couple of things on my puter that I wish to keep from prying eyes. I use Cryptosuite. I suspect more than worrying about the cryptography is worrying about the password. I use a 80 character random character password that is not on paper, nor stored anywhere. Fact is I don't even know what it is.(no this isn't a joke) If you are curious how I do that send me a private message.

Pete <-QUOTE}

peter: you are wrong about the law in the USA. Gerald is right on this. A pass key is nothing special. You haven't used encryption much?

This has been beaten to death. I surrender. ;D

But still, the product is good to me, if not why? they must be good cause they are tested by cryptographers. it is just that some people cannot understand why they do some things others won't do like building a generator for making passwords, and the IP 2 IP password transfer, I checked it with the Port Explorer...only the password it exchanged and IP. so that is OK too...really I dont understand.

good eve;

inf.

{QUOTE-> Hi Gerard

Guess what. I also live in the good ole US of A. And the law I mentioned is alive and well here. If your computer is confiscated under court order(only way it can be) then indeed you would be required to provide passwords to anything on the computer and failure to comply will have you in jail.

<-QUOTE}

I head sometime back about someone who had to do that (kind of a urban internet myth/legend) but he had a setup where if a certain password was used that a gui would pop up give and the appearance is was decrypting the files on the hard drive with a progress bar but was really doing a low level format and then some how ceased the hard drive after the format finished. He gave that password to the arresting authorities they used it, wiped and killed the hard drive and he got off due to lack of evidence.