Encryption Software

Hi there!

I'm wondering which tools you use for encryption? I don't know if you use them much (perhaps you don't have much sensitive data), but if you have one, which one do you prefer.

I personally have two encryption tools, PGP and DriveCrypt. For me PGP is still the mother of all encryption tools. And not to forget, you can make the strongest encryption keys with it (4096 bit). DriveCrypt is nice, because you can hide your encrypted data in .wav files (so called Steganography).

http://www.pgp.com/index.php
http://www.drivecrypt.com/

What are your experiences with such tools? Anyone uses other tools, which seem to be good and reliable?

Best regards!

Patrice

 

I use Advanced Encryption Package Pro since a long time.

Benefits:

Easy in use

Handy interface (with skins support + 13 skins in standard downloadable package!)

Ability to encrypt text to send it safely via your e-mail or chat program like Outlook Express, Eudora, The Bat, ICQ, AOL Messenger, Microsoft Messenger and etc.

Ability to encrypt files

Ability to send encrypted files via Internet

Statistically impregnable against brute force attacks (at least 1032 billions years for the fastest computer in existence to break the key - the age of the universe is 1018 billions years). For encryption and protection your important documents, AEP2001 uses 17 strong encryption algorithms: DESX, BLOWFISH, RIJNDAEL(AES), CAST,3-DES, RC2, DIAMOND2, TEA, SAFER, 3-WAY, GOST, SHARK, SQUARE, SKIPJACK, TWOFISH, MARS, SERPENT

Full .ZIP support AEP2002 PRO can browse for existing .zip archives, extract its contents and even create new .zip archives!

Built in file shredder - i.e. wiping the contents of the original pre-encrypted file beyond recovery to make sure that not even a trace remains after shredding. (matching and exceeding the specifications of the U.S. Department of Defense) to stop hardware recovery tools.

Built in compression of files to reduce size in transmission

No "back door" in the software - No access possible under any circumstances. If you do not remember the password you cannot access the encrypted contents. There is no special procedure, secret code, or hidden entry method to fall back on.

AEP2002 PRO encrypts every kind of file on every kind of medium, whether floppy disk, removable hard drive, zip drive, tape drive or other

Ability to make self-decrypting files for sending to people who do not have AEP2002 PRO. The program can be used to create self-extracting files. The recipient can unlock the data by just starting the self-extracting file within Windows and entering the combination.

The only requirement for self-extracting files is that the recipients must be running some form of Microsoft Windows. All they need is a key to access the contents i.e. a totally secure system is possible without any modification of existing mail systems using any mail system that supports file attachments.

AEP2001 integrates itself into Windows (TM) Explorer, thus, you can encrypt/decrypt/shred files directly from Windows Explorer window using Explorer's context menu.

More info and trial-download at: http://www.secureaction.com/encryption_pro/

 

Hi Smokey!

Sounds interesting to me. What about the encryption strength? Do you know how strong the keys are?

I have to say, with your tool, you have the same possibilities like PGP. Further testing is needed!

By the way, you're right, that it's almost impossible to crack such a password, but what do you do when you have a keylogger on your system? I once tested such a tool, before I sent it to TDS. Pretty scary!

Greetings!

Patrice

 

Encryption algorithms AEP Pro:

DESX
BLOWFISH
RIJNDAEL or AES
CAST
3DES
RC2
DIAMOND2
TEA
SAFER
3WAY
GOST
SHARK
SQUARE
SKIPJACK
TWOFISH
MARS (developed by IBM)
SERPENT

Encryption keys:

from 80-bit key - 2048-bit key.

You can test the trial-version, but I can assure you it's a great Encryption Software.
The software is safe, no keylogger at all.

 

Hi Smokey!

Thanks for the answer! 2048 bit is half of 4096 bit... That's why I prefer PGP. If I look at the progress of the computer industry, I don't know how long a key of 2048 bit is secure. If I further take into consideration that for example the NSA has supercomputers, which are terribly fast, then I don't know how long it would take for them to crack such a code. Nevertheless, I will have a look!

By the way, a keylogger can always get onto your system. For example simply by opening an email attachment... You are never safe of those!

Best regards!

Patrice

 

I think the major difference is that drivecrypt offers full disk encryption rather than virtual disk encryption (the kind that you will find with PGP). I like drivecrypt's pre boot authentication and how it uses a key store and password for authentication. With the pre boot authentication feature I imagine it will be a lot harder for software keyloggers to get pass. On the other hand PGP also includes mail support (though I never used it). So I guess it depends a lil on what you decide to use it for.

DCPP uses a 256 bit AES algorithm and from the AES fact sheet they try to explain how hard it is to crack...

"Assuming that one could build a machine that could recover a DES key in a second (i.e., try 255 keys per second), then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old."

http://csrc.nist.gov/CryptoToolkit/aes/aesfact.html

Hope that helps a little.

 

2048-bit key encryption is more than enough, and in fact already overkill, IMO it's impossible to crack it.

To avoid keyloggers penetrating your system there are several pretty good anti-monitoring programs to solve the problem...

 

Hi I_lack_commonsense!

I'm using DriveCrypt 3.03a, not the DriveCrypt Plus Pack. Are you using it? Let me know what you think about it! Is it worth buying? I was considering it, because I think it's a good idea to encrypt the whole operating system and its pre-boot authentication. But then I didn't do it...

Can you convince me?

Best regards!

Patrice

 

I am not a very good salesman

But I do think DCPP is a very high quality windows encryption program, and I personally have had no problems using it thus far. I dont know much about the 3.03 version except that it uses different algorithms and it does't offer the pre boot authentication feature. Not sure if it offers the full disk encryption.

Keep in mind though, some may not even feel there is a need for full disk encryption; privacy not being as big of a concern with "system and program files" and perhaps relying more on backups if something bad were to occur. If you are one of these people, then you might just feel container type encryption methods are fine for protecting sensitive data files.

I just figured that not too many other windows encryption programs (if any) offer the kinds of features DCPP does. And that it would be one of those few (security) programs that you wouldn't have to worry about shelling out additional money for updates, upgrades, etc.

That was pretty much my logic for my purchase...
I hope you weren't expecting a technical answer from me!

 

Hi I_lack_commonsense!

No you did a great job! I was just wondering about your experiences. Because I already thought about buying it. I have some data which is really sensitive, that's why I thought about encrypting the whole harddisk.

I have a laptop and even though I have very strong passwords (BIOS -quite easy to hack; Windows -more than 14 characters) it's quite simple to hack Windows if someone steals my computer. Then he would be able to see my files (except those who are encrypted of course). The only thing the thief would have to do is installing a second os on the computer (what they normally do) with a NTFS partition. Then he would be able to see all the files on my harddisk...

Thanks for your answer! I really appreciated it!

Best regards!

Patrice

 

Hi I_lack_commonsense!

I was just informing myself about DriveCrypt Plus Packet. Well, first of all it costs 149$! Quite a lot of money.

And besides this, there are several negative aspects as well:

Q: Does one lose any OS or PC functionality by using DCPP ?
A: Hibernate will not work when using DCPP.

I'm using a laptop... Quite handy this hibernation mode.

Q: Can one use any DOS based tools on the DCPP disk ?
A: Yes. But in read only mode

Mhhh... Could be a problem!

Q: Can one use partitioning tools like Partition Magic with DCPP ?
A: No. DCPP encrypts the whole partitions and partitioning tools are not able to understand the DCPP format.

O.K., I think I could live with that.

Q: Can one use the WinXP recovery console if needed?
A: No, not if the boot disk is encrypted

Ohhh... That's not nice!

Q: What happens if WinXP or other software crashes?
A: Data can be lost this way if WinXP crashes and will not boot and the boot disk is encrypted, the way to recover from this situation is to install the WinXP software on a new disk, or a new partition and decrypt the original boot disk, then the normal WinXP recovery tool can be used

Wow, sounds really bad!

Q: How much performance penalty is there when running WinXP under DCPP?
A: Usually the user will not notice any loss of performance, however it may be possible to measure a loss of 5-30%. This numbers are very system specific.

O.K., if security is that important I could live with that.

Allover quite a few minus points to this encryption software. And there's this price... I think I have to think it over again.

Any additional information about these points?

Regards!

Patrice

 

Just a side note but isn't that multi-thousand (2048 bits) bit key for PGP just for asymmetrical, public key use, ie. pgp email (RSA)? I think PGP much smaller bit keys and algorithms for its pgp disk, their largest i think is now (with pgp 8.02) AES 256. Drive crypt has the ability to make Virtual disks with triple Blowfish, over 1344 bits!!!! All in all, i wouldn't be so concernd with the bits of the keys and more concerned with you passwords and keys. Neither PGP or drive Crypt 3.03 (a or b) encrypts the swap file, some that Best Crypt does do! And as long as you don't choose single DES as the algorithm you should be ok.

Best of luck and enjoy your software!
peace,
jonas

 

Hi Jonas!

You are right, PGPdisk encrypts with 128bits or 256bits. Only the public key can be of 4096bits. Nevertheless you can encrypt files with that key as well.

To BestCrypt:
The swap file encryption isn't necessary anymore. This was a selling argument some months (years) ago. Now the swap file is deleted everytime you shut down Windows. Secondly the encryption is the same as for PGP, 256bits.

If you imagine that a French guy cracked the 128bit code of Credit Cards some years ago, what do you think security services like the NSA, etc. are able to do... The only thing about this is, that we know nothing at all. And they won't tell us what they are able to do.

Best regards!

Patrice

 

Oops forgot to check back on this thread.

I will try to respond to the best of my knowledge to your concerns.

For price, it is an issue. But like I mentioned it offers features that I have not seen in any other reputable windows encryption distrubutor. I also felt that it would be a more of a one payment type thing. After paying the one time price, I would not be paying extra to continue using it or for updates and upgrades etc (unless I wished to). And your data will be protected by 256 bit AES all the while .

As far as hibernate, I never really use it. Maybe standby could be used as an alternative?

Yes not being able to use DOS based tools on a DCPP encrypted disk can be a disadvantage. On the other hand it could also be seen as a vulnerability. How good of an encryption program would DCPP be if files could be readily accessed in DOS.

The partitioning thing like you mentioned is not a big problem. You can decrypt and then encrypt again.

I haven't used the recovery console for troubleshooting in awhile. -1 here I guess if you use it a lot.

Software crashes that has corrupted data for me and that completely renders my system unbootable is a rarity for me. And it isnt because my system is 100% stable... I had problems with random freezes A LOT, until this current install of XP on my computer. Software crashes and data loss... well that can pretty much be expected, even without DCPP installed. But I can see how you see it as a concern, if I run into a problem like this, I will let you know and explain the techniques I used for recovery, if I can find one .

5-30% performance degredation is an exaggeration. At startup there may be a small hit, but it is not noticable at all when performing regular taks. Here is how it is explained in its help file

"As data is read from the hard disk, DCPP automatically decrypts the data before it is loaded into memory. When data is written back to the hard disk, it is automatically re-encrypted. This process is completely transparent to the user or any application programs, the data is caught "on the fly" as it transfers back and forth between the hard disk and memory. Consequently, users don't need to remember to decrypt or re-encrypt their data, or change the normal operation of their PC. In addition, only individual sectors are decrypted at any one time, not the whole hard disk. Other products that claim to be "on the fly" decrypt an entire file and load it into memory, creating significant security risks. DCPP is smarter and more secure because it decrypts only the specific sectors of a file that are in use. Unprotected data never resides on a DCPP encrypted disk."

Transparent is probably the key word. I honestly dont even notice it running and does not run as a process in the background. Maybe it is more noticable depending on system specs.

Just my experience so far.


If these are serious concerns for you, by all means look around for another product. For me and for my needs I just feel this is a great security addition.

More Edits... geez will I ever post without the need for modifying

 

What do you use to deleate the swap file? Windows doesn't do it automatically does it? Also, what confidence to you have that the information deleated in the swap file is unrecoverable?

As for DPCC i have version 2 myself and the only complaint i have is that windows now hangs up when shutting down or rebooting, anybody else having a problem with this or know how to fix it.

I love Encryption threads, thanks for making this enjoyable.

P.S. Anybody seen "I Love to Be Secure"

Peace,
Jonas

 

Hi Jonas!

As far as I know, it's a setting in Windows you can set, so that the swap file is deleted everytime you shut down Windows. But it might be, that this is a registry setting you have to change. I'm not sure anymore, it has been quite a while since I did it... Otherwise you can use XP-Antispy, which is doing this automatically. If you really wanna know more about this issue, I can go and check. Let me know!

Why I have confidence, that the information deleted in the swap file is unrecoverable? Well, quite easy, because you rewrite the same place with new data as soon as you start up Windows again. You certainly know how wiping tools work -they overwrite the data with 0 and 1. It's quite the same. Ever tried recovering lost data, when you have overwritten the place with other data already? You get stucked soon...

To I_lack_commonsense:

Thanks for your information, if I have further questions I will let you know! Now I have to wait for my wage to arrive...

Best regards!

Patrice

 

For clearing the page file at shutdown, http://www.winguides.com/registry/display.php/244/

I know there's a way to do it for 9x/ ME, but I can't find it

 

Hello everyone - I have explained my absence in Ten Forward. I have missed so many of you.

Note to Jonas: email me at new email - it's now in my profile.

The subject at hand -- A lot of good points made by all who have posted here on this topic. I do have a couple of thoughts.

Patrice, I am from the school of thought that newer encryption packages that advertise ridiculously long encryption keys with bit lengths of 4,000+ is pure marketing hype. There's a good Schneier paper on this topic. Basically, with a bit length of just 1,344 as does my DriveCrypt; do you realize how long your passkeyphrasewhatever would have to be to actually take advantage of that kind of bit length? Looonnngggg.

By the way, you said you were using 3.03A - what OS are you using? I have found 3.03B to be MUCH more stable.

As for DCPP - I am a believer. I use it and have had no problems at all. I'll have to go back and read the post that had the questions about it with a wary eye (actually good questions) and write about them. One, I remember, concerned DOS tools. Yes, there is a way, using the DCPP emergency rescue disk (unique to your key).....but keep it away from the computer. It is really meant to fix any problems with the MBR.

The encryption is transparent and is decrypted on-the-fly and is not even noticed by the end user. I, frankly, using a 2.4GHz Pentium processor with 512MB RAM have never noticed a performance hit. I, too, am curious about DCPP on slower speed computers.

The 128-bit key broken in the credit card case (if we are talking about the same one) turned out NOT to be a cracked key - but rather end-user (owner) error. Which, is the #1 problem with all encryption. When you hear of other encryption cracks - don't be surprised. There are many "encrypted" products hacked and cracked and many times it is because snake-oil ("secret" "proprietary" algorithms) was used. But 128-bit AES, Blowfish, Twofish, Triple-DES? It's just as safe as a 1,344 bit key - mainly because nobody is going to use (or even have a program that would allow) a passkey long enough to make it truly secure utilizing that kind of "strength"....

Oh! NSA, CIA....do they have the capability to crack these things? There is certainly no evidence that they do - but plenty of encrypted containers supposedly sitting on their "shelves" gathering dust. Even using "supercomputers" we're talking about YEARS of work to crack a well-prepared encrypted message and/or container/partition, etc.

Great thread!

John
Luv2BSecure

 

Hi luv2bsecure!

Thanks for your answer, I really appreciated it! Yeah, you are definitely right about the long encryption keys, most time it's a marketing hype! But nevertheless I don't think so for PGP. If you know something about encryption (as you certainly do) then you know PGP, the mother of all encryption software. I'm using this product for more than six years now and I would never ever let my hands of it!!

Now I'm using DriveCrypt 3.03B as well, I wasn't aware until yesterday that it existed... But I never had stability problems with DriveCrypt 3.03A. I'm using Windows XP Pro as my principal OS.

I'm really considering to buy DCPP, I've sent a question to the support of the company. Let's see if they answer me.

If you look for another good thread look here as well:

https://www.wilderssecurity.com/showthread.php?t=8697

Best regards!

Patrice