Free encryption software other than Truecrypt?

[mattfrog]

Hi all,

I'm looking for recommendations on a free tool to encrypt files and folders on Windows, other than TrueCrypt.

It needs to simply allow selection of files or folders, and condense them into an encrypted file. AES-256 would be desirable.

I've took a look at Sophos Free Encryption, but can find absolutely no information on the algorithm used.

Many thanks in advance!

[kupo]

Axcrypt bro (It's also open source). If you want an easy real-time encryption, you can look at this Filewall Website -hummerstudio.com .

[ichito]

FreeOTFE
http://www.freeotfe.org/
DiskCryptor
http://diskcryptor.net/wiki/Main_Page/en
Blowfish Advanced CS
http://www.lassekolb.info/bfacs.htm

[The Seeker]

7-Zip will do this.

[RADEON0101]

Here is another one...

It's main purpose is to encrypt files and folders (Good for personal use or encryption for cloud services)

Encryption is in AES, and is 100% free

Product is called Cloudfogger

Here is the site:

http://www.cloudfogger.com/en/home/index.aspx

Note: This is one of the new kids on the block, so if that bothers you....Then I would take the advice from a previous response (Use 7-Zip)

[dread]

GnuPG is suppose be secure. With GnuPG you can encrypt and decrypt files in Linux and/or MS Windows. For MS Windows there is Gpg4win, Cryptophane, GnuPG Shell, GPGshell. 7-Zip would be the easiest and would work in Linux and MS Windows. Just not sure how secure 7-Zip is.

[The Seeker]

Quote:

Originally Posted by dread

Just not sure how secure 7-Zip is.

It supports AES-256 encryption, so with a strong password, about as secure as you can get.

[chronomatic]

Quote:

Originally Posted by The Seeker

It supports AES-256 encryption, so with a strong password, about as secure as you can get.

Assuming it is implemented correctly. Crypto systems are never broken due to the algorithm, but *are* broken due to programming errors and other failed implementations. Even people who are experts with PhD's make mistakes in cryptography and it's not even rare, sadly. Crypto is hard. This is why I don't trust any cryto product that is not:

A) open-source

B) well tested over a number of years.

7-zip seems to satisfy both of these requirements, so it's probably OK. Cloudfogger does not adhere to either A or B, so I would never trust it.

[Palancar]

OP,

I would love to hear why you started this thread with "other than TrueCrypt"?

For me part of the allure of TC is how well its put together. I am sure that other programs are amazing too. However; one big thing for me is that there are many legal cases where LE has not been able to crack stuff encrypted using TC. These are major cases where any backdoor or weakness would have been used by now. My opinion.

So in a sense, law enforcements inability to defeat TC speaks volumes as to its solid implementation.

Can anyone here cite/link a significant legal case where any of the other products mentioned on this thread has kept forensic LE from getting in? I have only read legal briefs about TC and PGP. The old PGP was open source and when Zimmerman ran the place I used it exclusively, but not anymore.

I would love to discover other encryption products that are well put together. I'll let LE determine that for me by use of their advanced forensic methods. I am smart enough to study the implementations as well. But lets face the music here - the true acid test might just be LE. Make sense?

If a program is solid enough for what I'll call "bad guys" its definitely OK for my needs as I don't have anything like that going on.


OP - for file and folder only encryption I still use "old style" PGP version(s) 6.5.8 or 7.0 only. 6.5.8 was the last pre-911 version that Zimmerman fully managed/assembled. Its open source and solid as hell. It will take some "rigging" to get it installed on newer OS's but it can be done. I had to rig it to get it on XP Pro but it runs fine on that OS. Nobody is going to break into a 4K encrypted file using this old reliable software. Zimmerman was a genius and damn fine Crypto guy.

[PaulyDefran]

I've run 6.5.8 CKT 09b3 (Imad Faiad's Builds) on Win 7...it's still kicking But GPG4Win is solid. Ah, the good old days...

PD

[chronomatic]

Quote:

Originally Posted by Palancar

The old PGP was open source and when Zimmerman ran the place I used it exclusively, but not anymore.

Yeah, PGP back in the day was good. Then they became incorporated but still allowed the source code to be downloaded. Then Symantec bought it. I checked Symantec's site and did not see anywhere to download source code, nor I did not see any free version whatsoever, only trials. So I assume Symantec has totally closed up the source code?

Quote:

I would love to discover other encryption products that are well put together. I'll let LE determine that for me by use of their advanced forensic methods. I am smart enough to study the implementations as well. But lets face the music here - the true acid test might just be LE. Make sense?

The true litmus test would be NSA. But really they are irrelevant for 99.9% of use cases. If they can routinely break crypto products they would never let that info leak at some trial, so it wouldn't matter anyway. They would only use it for snooping on the "big guys" and wouldn't much care about LEA issues. You would have to be a pretty big fish (say a terrorist plot) for them to bother. And if they are after you, you're done. Even if they can't break it, they would just send you to some friendly Arab nation with no torture laws (rendition). Good luck to you there.

But as for LEA's, yeah, I think it's pretty much certain they can't break TC (or other competent disk encryption products) without the user being incompetent and using weak keys or passphrases. They have also, in at least one case, used hardware keyloggers to capture the encryption passphrase (it was a mafia case -- you can google it). Physical control of the machine is the main security one must take into account with disk encryption. It's a much bigger threat than anyone breaking the crypto itself.

Quote:

OP - for file and folder only encryption I still use "old style" PGP version(s) 6.5.8 or 7.0 only. 6.5.8 was the last pre-911 version that Zimmerman fully managed/assembled. Its open source and solid as hell. It will take some "rigging" to get it installed on newer OS's but it can be done. I had to rig it to get it on XP Pro but it runs fine on that OS. Nobody is going to break into a 4K encrypted file using this old reliable software. Zimmerman was a genius and damn fine Crypto guy.

Well, Zimmerman was a good programmer but he wasn't necessarily the best cryptologist (he would admit that I think). In early versions of PGP he used his own home-brewed cipher (because DES was too weak and there was no AES yet). Some cryptographer reviewed the algorithm and broke it in a few minutes. This cryptographer told him he needed to be using better reviewed and written algorithms. He settled on IDEA, which is still one of the choices in modern PGP/GnuPG. However, AES is now preferred because, well, it is the standard and has had a ton of scrutiny by experts around the world.

[0strodamus]

BCArchive may be what you're looking for.

[hashed]

Quote:

Originally Posted by chronomatic

Yeah, PGP back in the day was good. Then they became incorporated but still allowed the source code to be downloaded. Then Symantec bought it. I checked Symantec's site and did not see anywhere to download source code, nor I did not see any free version whatsoever, only trials. So I assume Symantec has totally closed up the source code?



The true litmus test would be NSA. But really they are irrelevant for 99.9% of use cases. If they can routinely break crypto products they would never let that info leak at some trial, so it wouldn't matter anyway. They would only use it for snooping on the "big guys" and wouldn't much care about LEA issues. You would have to be a pretty big fish (say a terrorist plot) for them to bother. And if they are after you, you're done. Even if they can't break it, they would just send you to some friendly Arab nation with no torture laws (rendition). Good luck to you there.

But as for LEA's, yeah, I think it's pretty much certain they can't break TC (or other competent disk encryption products) without the user being incompetent and using weak keys or passphrases. They have also, in at least one case, used hardware keyloggers to capture the encryption passphrase (it was a mafia case -- you can google it). Physical control of the machine is the main security one must take into account with disk encryption. It's a much bigger threat than anyone breaking the crypto itself.




Well, Zimmerman was a good programmer but he wasn't necessarily the best cryptologist (he would admit that I think). In early versions of PGP he used his own home-brewed cipher (because DES was too weak and there was no AES yet). Some cryptographer reviewed the algorithm and broke it in a few minutes. This cryptographer told him he needed to be using better reviewed and written algorithms. He settled on IDEA, which is still one of the choices in modern PGP/GnuPG. However, AES is now preferred because, well, it is the standard and has had a ton of scrutiny by experts around the world.

Don't worry, if Symantec has it, Anonymous probably does too LOL. There isn't much good to say about a security co that cannot keep their own code secure..

~h

[hashed]

Quote:

Originally Posted by Palancar

OP,

I would love to hear why you started this thread with "other than TrueCrypt"?

For me part of the allure of TC is how well its put together. I am sure that other programs are amazing too. However; one big thing for me is that there are many legal cases where LE has not been able to crack stuff encrypted using TC. These are major cases where any backdoor or weakness would have been used by now. My opinion.

So in a sense, law enforcements inability to defeat TC speaks volumes as to its solid implementation.

Can anyone here cite/link a significant legal case where any of the other products mentioned on this thread has kept forensic LE from getting in? I have only read legal briefs about TC and PGP. The old PGP was open source and when Zimmerman ran the place I used it exclusively, but not anymore.

I would love to discover other encryption products that are well put together. I'll let LE determine that for me by use of their advanced forensic methods. I am smart enough to study the implementations as well. But lets face the music here - the true acid test might just be LE. Make sense?

If a program is solid enough for what I'll call "bad guys" its definitely OK for my needs as I don't have anything like that going on.


OP - for file and folder only encryption I still use "old style" PGP version(s) 6.5.8 or 7.0 only. 6.5.8 was the last pre-911 version that Zimmerman fully managed/assembled. Its open source and solid as hell. It will take some "rigging" to get it installed on newer OS's but it can be done. I had to rig it to get it on XP Pro but it runs fine on that OS. Nobody is going to break into a 4K encrypted file using this old reliable software. Zimmerman was a genius and damn fine Crypto guy.

Ditto for me on TrueCrypt..this is one well put together product

[jitte]

Quote:

Originally Posted by Palancar

OP,

I would love to hear why you started this thread with "other than TrueCrypt"?

For me part of the allure of TC is how well its put together. I am sure that other programs are amazing too. However; one big thing for me is that there are many legal cases where LE has not been able to crack stuff encrypted using TC. These are major cases where any backdoor or weakness would have been used by now. My opinion.

So in a sense, law enforcements inability to defeat TC speaks volumes as to its solid implementation.

Or to them not having heard of TrueCrack:

Quote:

TrueCrack is a brute-force password cracker for TrueCrypt (Copyrigth) volume files. It works on Linux and it is optimized with Nvidia Cuda technology.
It works with cripted volumes with the following algorithms:

PBKDF2 (defined in PKCS5 v2.0) based on RIPEMD160 Key derivation function.
XTS block cipher mode of operation used for hard disk encryption based on AES.

TrueCrack can work in two different modes of use:

Dictionary attack: read the passwords from a file of words (one password for line).
Charset attack: generate the passwords from a charset of symbols defined by the user (for example: all possible strings of n characters from the charset "abc" ).

PERFORMANCE

Total execution time for a dictionary attack of 10,000 words with average length of word: 10 characters.
CPU mode

System: Intel Core-i7 920, 2,67GHz
Total time: 11m 01,1s

GPU mode

Board: nVidia GeForce GTX470
Total time: 0m 30,425s

Quote:

I'll let LE determine that for me by use of their advanced forensic methods. I am smart enough to study the implementations as well. But lets face the music here - the true acid test might just be LE. Make sense?

Not really.

[noone_particular]

Quote:

I've run 6.5.8 CKT 09b3 (Imad Faiad's Builds) on Win 7...it's still kicking

Good choice. I've used 6.5.8CKT08 for many years.

[Cutting_Edgetech]

DiskCryptor, open source full disk encryption. I have used it, and its probably one of your best alternatives to TrueCrypt -http://diskcryptor.net/wiki/Main_Page/en

[chronomatic]

Quote:

Originally Posted by jitte

Or to them not having heard of TrueCrack:

Trucecrack is going to be worthless against a good password. And as the TC documentation says over and over again, you need at least a 20 char *random* password for real security. And throw in a 256 bit random keyfile, and password cracking will be utterly futile.

[hashed]

Quote:

Originally Posted by chronomatic

Trucecrack is going to be worthless against a good password. And as the TC documentation says over and over again, you need at least a 20 char *random* password for real security. And throw in a 256 bit random keyfile, and password cracking will be utterly futile.

Agreed, keyfile(s) really make this about as bullet proof as you could hope to get!

~h

[PaulyDefran]

Half of your 64 character pass phrase on a Yubikey...in addition to the key file, works well too.

PD