What Encryption softwares do you use?

I use TrueCrypt, and Keepass. I'm looking for other possible encryption software to try. I would like to hear your opinion on programs for mail encryption since i have not tried very many. I'm interested in hearing about PGP since i have not used it in long time, and it seems to be really popular. If you have a favorite that you have used for a while then what is it, and why did you choose that particular one over the rest?

 

i use (when i can, and recipient is privacy aware) BCtextEncoder and dscrypt. Why? BCTE is freeware, it encrypts pure text with aes256 and can chew huge amount of text. Is portable, relatively small and can decode pgp msg also.
dscrypt is small file encryption app, it has virtual keyboard to fight keyloggers, can work with keyfiles and it overwrites original file after is encrypted. App is portable and freeware.
Hope it helps

 

I use Claws Mail which supports GnuPG/PGP email encryption (with a plugin) as well as being a great Email and Usenet client. It is highly configurable and has lots of other plugins available.

http://www.claws-mail.org/features.php

If you just want a stand alone software for GnuPG/PGP encryption on Windows then GPG4Win:

http://gpg4win.org/

 

GnuPG for email. OTR for IM's. Dm-crypt/LUKS for drive encryption. (GnuPG and OTR can be used on Windows. Dm-crypt is a Linux thing, though there are now Windows clients).

I think any privacy conscious person should encrypt all email with GnuPG/PGP. Do not rely on a provider to do that for you, especially with the new push in the USA for mandated backdoors in service provider's systems. Also, using OTR for IM's is very simple and easy to do. Takes a couple of minutes to setup and you're off.

 

My email favourite in Linux x86 is now Thunderbird+Enigmail (GnuPG add-on). It's not available, AFAIK, for Linux x64, and I found little joy with Evolution. Pidgin+OTR is my favourite for IM/IRC. For disks, it's RAID5+dm-crypt+LVM.

Yes!

 

Well, I use thunderbird/enigmail on 64 bit Ubuntu. Not sure if the actual build is 64 bit or not, but it works fine.

 

Other than TrueCrypt, I've used Hide in Picture before which is an effective steganography tool.

 

Cool. Thanks.

Edit: Canonical's Ubuntu Software Center does in fact have Thunderbird and Enigmail for x64. I'm pretty sure that it didn't a month or so ago. And perhaps I'm misremembering. Glad I mentioned it. And thanks again.

 

I use TrueCrypt for travelers mode. And I use Winrar for any files I need to encrypt outside of the TC container.

 

That sounds pretty cool. I have used AxCrypt inside of a TrueCrypt folder but I have never thought about using winrar.

 

gnupg for win (gpg for windows) for everything. Email and securing the few files I feel the need to lock down.

I've tried quite a few different encryption softwares. PGP or Gpg gives me email and file ncryption all in one, rather than needing a program for email and another for files.

 

I use XXXXXX FDE for outer protection and Bestcrypt for inner volume.

7zip & Winrar, then hide the files inside gif images and movies.

VPN, proxy tunneling, and SOCKS for top secret communication.

 

Main one is LastPass. Moved to it from KeePass because I needed my passwords everywhere and KeePass couldn't do it.

AxCrypt is my other main app. Very handy and reliable.

For container encryption, I use Free OTFE. In a pinch, you can access a container when not running as an administrator. TrueCrypt can't.

Beyond that, I use 7-Zip and it's 7z/AES encryption routine. Works quite well...

 

Winrar is solid and uses 256 AES. Nobody can crack and break that, when you using a good password.

 

That's not exactly a glowing endorsement. Would any y'all familiar with the literature like to comment? A link would be cool too.

Also, FWIW, I'm reminded of recent comments critical of TrueCrypt's "integration of multiple cryptographic primitives". Are concerns re TrueCrypt less serious than those discussed in this paper?

 

I have encrypted a rar file. Where can I send it so you can crack it and show everyone how easy it is to crack a Winrar encrypted file.

(I bet my house that you run away and hide from putting your money where your big mouth is. It always amuses me when people and even companies claim there are weaknesses and security concerns in Winrar encryption, but whenever I send them an encrypted Winrar file and ask them to crack it for me, they always run and hide and go silent. I wonder why LOL

 

Hey, I'm not saying that I could crack your RAR! In any case, given that I'm not skilled in cracking encrypted files, my failure would be meaningless. I was just pointing to an article, and asking for comment. "Crack my RAR, or you're chicken" is not a useful comment, IMHO. Peace out.

 

Bear this in mind: It's paramount that we question security; nowhere is it more important than when we are dealing with real-world implementations of security, and Dr. Tadayoshi Kohno demonstrated this with his attacks against WinZip, which looked rather secure on the surface, since it employed strong cryptographic primitives in the encrypt-then-authenticate generic composition; in other words, it followed best practice.

I haven't yet read Yeo and Phan's work on WinRAR, but it appears that they're familiar with Kohno's work on WinZip, and conclude that WinRAR provides "slightly" better security than WinZip -- at least for the versions that were analyzed at that time. These attacks may not be as simple as attacking a given file, but may require a communication model, where Alice is communicating with Bob (e.g., Kohno's work on WinZip).

Challenges like yours usually fall on deaf ears, because they fail to exhibit an understanding of real-world cryptographic product analysis -- that is, a cryptographic product must be analyzed as an entire product. History rings loud and clear the subtleties of cryptographic design and how despite incorporating the best cryptography, a product can be holier than Swiss cheese and have the information leakage to match. Please understand the attacks, first.

I hope you take this with the sincerity I intended.

 

People are always making comments and/or pointing to websites that claim Winrar encryption is weak or able to be cracked, but whenever I ask a single person or company to crack my winrar encrypted file, everyone goes into hiding.

I believe in ACTION more than WORDS, and that's all I get is words... no action!

Anyone willing to show me and crack my winrar file?

 

First of all, it was rude, imo, to ignore a sincere post by Justin who was trying to explain why your public "challenge" is not viable. Was his post simply over your head?

Secondly, repeated posts saying the same thing over and over and over (this silly challenge to crack your WinRar file) is quickly going from merely obnoxious to forum disruption.

I would refer you back to Justin Troutman's post.

 

I disagree, because imo, it's rude and ridiculous of people claiming and indicating that there is a flaw or weakness in winrar encryption, and when asked to prove it and crack my winrar file, they run and go into hiding.

Enough of words....enough of reading articles...where is the proof? Who is willing to crack my winrar file? Put your money where your mouth is.. walk your talk...anyone?

 

I just finished reading most of Yeo and Phan's paper, and thought I'd try to answer your question, based on what I read. I'm more inclined to think it's less serious in the case of TrueCrypt, because cascading primitives is a bit more straightforward and obvious than the less straightforward and subtle stuff that goes on within WinRAR -- which, similarly to WinZip, is exploitable (i.e., chosen-protocol attack) due to the non-integrated (independent) interaction of compression and encryption.

Does this mean I can break a given compressed filed? No. Does this mean said file can be broken under the right circumstances? Yes. Again, it's all about understanding attacks; blind defensiveness about a security product is the way of the lemmings.

 

Thanks, Justin.

Googling "chosen-protocol attack", I find Kelsey et al. (199. Skimming that, I find myself thinking "well, what would I actually DO?" -- and that's probably not too useful here.

Anyway, what I take from this is that it's wisest to archive/compress and then encrypt, rather than saving a little time by using an integrated product. Yes?

 

I think what that means is that with products like WinZip and WinRAR, you have to solve the problem of compression and encryption being independent in such a way that an adversary can mess with the compression component without affecting the encryption component, which makes these attacks possible; in other words, this independence allows undetected manipulation. I haven't yet looked to see if WinZip and WinRAR have fixed this.

 

If these attacks are possible as you suggest, then how come you cannot crack my Winrar encrypted file?