Best FILE encryption software

I thought Truecrypt was doing this job, but I was wrong. I need to encrypt individual files, not volumes/entire discs.

What's the best file encryption software today? I need to encrypt several files from my system and some directories, saving them in my DVD-R disc. I tried AxCrypt but some errors were showed. Besides that program (and Cryptosuite), are there any good options out there? Free or paid.

I am looking the Secure It from Cypherix, but I don't know if it's reliable or not.

Of course, it needs to be fully compatible with Vista/XP SP3, and if it's possible, with the ability to decrypt the files without installing the program. I believe SecureIT or one of those programs are doing that.

At least 8 or more GB of data needs to be encrypted at the same time.

EDIT: I have tested Secure It. While you can't decrypt without knowing the password, the program will at least list the name of your files/directories, all of them (I had 21.000 from programs). If you think this alone is not good, then place all of them in RAR files.

And there's a limitation: you can't create auto-extracting files with more than 100 MB. Buy you are able to create a file of any size, encrypted, with all your files.

 

Maybe take a look at Androsasoft FileProtector. I have heard good things about it but not used it myself as whole-disk encryption and containers suit my usage more.

 

Cypherix, AxCrypt, and such.

I'm not too optimistic about Cypherix. They make claims for their products, such as, "maintains legitimacy and integrity of data." However, only encryption is mentioned, which maintains neither of those -- only authentication (i.e., a MAC) does. To be fair, I sent to them a rather lengthy e-mail, only moments ago, detailing my concerns. When and if they reply, I'll share it here. While my cryptographic conclusions aren't in concrete just yet, their presentation is incredibly lacking.

As for AxCrypt, it's unfortunate that you're experiencing errors (solvable, perhaps?), as it's the only file encryption software I'm aware of that actually provides a proper mechanism for integrity; it HMAC-SHA-1s the ciphertext of AES-CBC-encrypted plaintext, so if the implementation is correct and secure, then the resulting encrypt-then-authenticate composition should be IND-CCA2 /\ INT-CTXT secure -- as good as it gets for confidentiality and integrity.

I'm actively looking into some other solutions that may provide this level of security, but as a whole, the landscape is pretty bare.

 

File Encryption Software!

I trust 7zip myself, its opensource and encrypts files using AES 256 bit encryption! Just make sure your passwords are strong if your paranoid!

As for $paid$ software you can take a look at

PGP Desktop
Jetico - BestCrypt
DriveCrypt
Advanced Encryption Package
WinRar
WinZip

All of these listed will encrypt single/multiple files!

I personally trust all of them, but I guess everyone will always have their own oppinions when it comes to Encryption Software!

 

PGP also has a considerably disabled freeware version.

The free version still contains working PGPzip, a shredder, email encrypting, signing and other features, and folder/file encryption(but NOT full disk). If you're on XP, you can find the very nice and preferred by many PGP v8.0 on the Internet, or download the larger but latest PGP 9.x. I looked at a lot of them in the past couple of months, and now have 8.1 on my XP machine and 9.9 on the laptop only because 8.1 won't work on Vista.

*edit* Also available, free, is gpg4win http://www.gpg4win.org/
It comes with Windows installer (.exe), meaning normal people can install it. It's pgp, the keys are interchangeable, and it's just as safe. It does the same things as pgp free, works on Win xp and Vista and only takes up about 10-12MB and, like pgp, uses almost no RAM.

 

Some thoughts.

It would probably be useful to link to this recent thread. (My comments being here, here, and here.) Also, in the past, I've linked to cryptanalysis of WinRAR and WinZip. I recommend that you take a look through all of my posts, as I've taken part in many threads regarding encryption software and hardware, full of great questions and commentary by other members here.

I don't see anything on 7-zip.org about the use of authentication (i.e., integrity preservation via MAC). Although both had security issues, WinRAR and WinZip took this into account. Classic examples of good cryptography gone wrong due to subtle insecurities. Regardless, I'm generally cautious when it comes to the cryptographic features of non-cryptography software. That is, do I trust the cryptographic maturity of software where security is a secondary, tacked-on feature? I'm not sure the risk is well-founded.

 

The website points to Wikipedia and it has something on 7-zip's encryption.
http://en.wikipedia.org/wiki/7z
http://en.wikipedia.org/wiki/7-Zip
Hopefully the information is correct.

 

I dont really understand what the authentication thing you are talking about is Are you talking about passwords?

http://www.7-zip.org/

But Here is a 7zip file, have your go, I challenge anyone to crack it!
7zip archive

Code:

http://www.filesend.net/download.php?
f=dd2c2e38649566c20d15e0a0e3b1a35f

If you crack it post the pic inside as proof that you cracked it!

+ I have yet to read an article where anyone has cracked it, "with the use of a strong password as with any Encryption software of cource!"

I dont like AxCrypt either!

Thank you very much for the links and info! Here is a link to the free PGP v8.0 for those who are interested!

http://www.pgpi.org/products/pgp/versions/freeware/winxp/8.0/

 

This is what authentication is.

Folks often think that encryption is all that's necessary; they only consider the goal of confidentiality. They forget, however, the other goal -- integrity. Just as encryption is to confidentiality, authentication is to integrity, and this is achieved via a MAC, or Message Authentication Code. To help get the point across, here's a diagram I typesetted in LaTeX:

​

If you read the cryptanalytical papers I've linked to here, regarding WinRAR and WinZip, this may shed some light on how intricate and subtle details can be, when it comes implementing seemingly good encryption and authentication compositions. Both WinRAR and WinZip were on the right path, but still tripped; software that isn't even on the right path worries me, and if 7-Zip doesn't use a MAC, I'm afraid that my worries are warranted.

It's not hard to realize scenarios in which the loss of integrity is even worse than the loss of confidentiality; in fact, the lack of the former can lead to a loss of the latter. Ciphertext can be manipulated, and often in a controlled way that's useful to an adversary. That's why any competent design takes this into account, and I question those that don't. If you read the paper by Kohno, especially, you'll see why.

Thanks for the links. I actually read the first one before, but upon reading the other, I've yet to see anything about authentication.

 

I would check out omziff. Found here:

http://www.xtort.net/xtort-software/omziff/

I keep it on my thumb drive. I think you can even use it without admin rights.

Here is a description taken from within the file:

Omziff is a straightforward encryption utility that uses various cryptographic
algorithms to encrypt and decrypt textual files. These algorithms include:
Blowfish, Cast128, Gost, IDEA, Misty1, AES/Rijndael, and Twofish.

Omziff also generates random passwords, splits files, and does simple file
shredding according to DOD Standards. It is freeware, comes in a
standalone executable file with no dependencies and is completely USB
compatible!

 

Justin Troutman I don't really get all the technical stuff?

Are you trying to say the encryption method is inconsistent?

I guess you can say I have a biased mind, I still have yet to find anyone who can crack my 7zip file or anyone who has cracked any 7zip file and I have never had any problems with data loss wile using 7zip, so it still has my vote 100% no matter what theory their is about the authentication in the code!

 

Whenever these discussions come up, there is a lot of talk about "liking" one program or another. I aways wonder what criteria is used to determine whether one "likes" an encryption product or not. User interface? lots of color? Marketing hype? The fact is, AxCrypt is the only single-file encryption program I know of that uses authentication methods as Justin described above. Therefore, I consider it far superior to all these other "well-liked" programs that offer less security. As for "errors" with the program, that's new to me as I've never heard of anyone having trouble with the application before. So that's a new one.

Uploading little tests of files to crack is of no value. I could upload a simple password protected file and chances are, nobody here would be able to access the file. Threat models are all different and it's a silly exercise. The Zip programs are primarily to compress files into a single archive. That's just a fact. Encryption of the file is a secondary add-on. If I want solid security with solid cryptography, I'm going to use a program where encryption is the primary purpose. To me, that's basic.

 

Which explains why you use a zipping program as your primary method of encrypting files. If you don't understand, educate yourself and you'll see that Justin is correct. Why argue with a professional (which Justin is) while admitting you don't understand what you're talking about? That, my friend, makes no sense whatsoever.

 

If its just a silly little test, then why cant you crack it? you cant crack it but your dissing it, now that my friend, doesn't make any sense to me! plus your not the only one here, maby someone with cracking abilities will come along and decipher the code to prove me wrong, until then all these theories are null to me

zipping program? its a form of encryption software because it Encrypts the data using AES-256 encryption!

People act like their Encrypting Super Classified Military files, or Terrorist instructions here, its basic encryption that works, and nobody can crack it fellas!

PS please don't get mad anyone, I always seem to come off hard in some way, but im just trying to have a peacefull conversation here

Somewhat Off topic but everyone else has their theories, so I'm gonna throw in one to explain my way of thinking

 

encryption does not exist in a vacuum and the best way around a cipher is never cryptanalysis.

integrity and validation of encrypted content is critical but technically outside the scope of a properly keyed and implemented block cipher.


on another tangent, regarding the question of "what criteria is used to determine whether one "likes" an encryption product or not", checking against Schneier's doghouse list is always a good idea

[ http://www.google.com/search?domains=www.schneier.com&q=doghouse&sitesearch=www.schneier.com/blog ]

 

Re: Cypherix, AxCrypt, and such.

i'm waiting for a good Galois/counter mode extension to gpg; then i'd be happy for the forseeable future...

[at least, once the hardware crypto engines added it to their repertoire, that is the one argument for a traditional AES-CBC+SHA1 construction - padlock cores can make it transparently quick!]

 

I'm interested in hearing Justin Troutman's conclusion about the omziff program that I mentioned above. I respect your obvious expertise.

 

OK I'm going to be honest with you guys, its been a long time sense I used AxCrypt, and it was when I was first starting out with encryption software, I think I basically forgot about it after a total reformat of my drive, and I think it was someone that told me Axcrypt sucked, and couldn't be trusted, something like that, was the reason I never installed it again!

So I went to the AxCrypt site and downloaded it to take another look, and I'm going to have to say I like the integration of the product in the context menu, and the simplicity of it, and also being a well trusted Encryption software, I know Justin Troutman has proven his expertise in this matter, I still like 7zip though, because it compresses files more effectively than winrar and winzip, which in turn saves me more disk space for files I don't really care are Encrypted or not on my open slave drives, I don't really have a primary method of encrypting single files, I just use Containers, and whole disk encryption, so I'm not really concerned to much about single file encryption as much as others are, as it annoys me to sit and decrypt single files every 5 minutes when I want to access them, I have used 7zip for a long time though for my file sharing needs, and it has proven itself to be effective for that particular need and purpose, plus it saves on upload times because it creates smaller files than the other compression software's do, + I have searched everywhere and still have yet to find anyone who has actually cracked a 7zip file?

So all in all, it all depends on the file the user is encrypting, he needs to take into consideration what he feels would be the best security method for the particular file he doesn't want others to get their hands on, some people need super encryption wile others feel secure using basic methods like 7zip which still has yet to be cracked by anyone!

 

To ensure that readers of this thread are clear and current, the referenced concern about WinZip’s “Zip 2.0” encryption was addressed many years ago by implementing AES encryption in the utility. It would be inapprorpriate for readers to think that WinZip has an “encryption problem.”

Interested readers may also wish to consider the use of PGP Zip, which encrypts and signs its archives, thereby addressing the integrity consideration and providing non-repudiation.

My understanding is that the AES encryption algorithm is non-malleable, and thus not subject to this issue. Please correct me, if my viewpoint is inaccurate.

 

I use a TrueCrypt folder to put personal stuff in. But I did encrypt a file with axcrypt the other night and put it on a USB stick. I had almost forgotten about it too. I love it except I wish it would allow me to copy and paste the password.

I didn't know that you could encrypt single files with PGP. So what if you encrypted a file with Cryptosuite, and then PGP, and then Axcrypt, and then put it in a TrueCrypt folder??....LOL!

 

Your "challenge" is unrealistic. We (that is, most of us) can't crack it because we don't have roomfuls, or even mountainfuls, of high-speed computers and a staff of skilled cryptologists at our disposal. However, such facilities do exist, and depending on the circumstances they can be made available to law enforcement and other agencies. Just because nobody on this board can (or will) crack your file doesn't mean anything. I assure you that if you were suspected of high crimes and your computer were seized then your encrypted files would undergo a much more rigorous analysis than anything we can provide here.

 

Exactly...and very well stated.

Also, my point, along with Justin and others, is that these archiving programs may, or may not, be secure. Just because something uses AES encryption does not mean the implementation of the cryptography into the product was done correctly. After all, these products are archiving programs first with encryption abilities added on. A program that was designed from the ground up as an encryption application (like AxCrypt) is going to be more credible (for me anyway).

 

A good point. However, for more information on encryption as implemented by WinZip, see AES Encryption Information. WinZip has earned FIPS-197 certification for its encryption, and thus the user of WinZip should be able to be confident that the AES implementation was done correctly.

 

You said it yourself, my challenge is unrealistic, why do you think I trust 7-zip for basic needs? am I talking to myself here?

Exactly, you just pointed out THE POINT I'm making, Nobody here can crack it, and don't have the resources to try to crack it either! why do you think I challenged you to try, it was to prove you cant, I don't even care if you had a super computer, your not going to crack the password I used unless you found some kind of weakness in the Encryption, and NO it has never been accomplished before ever on a 7zip file!

"NOPE" I'm not suspected of High Crimes, therefore I'm not worried about the law coming and kicking in my door to confiscate my machine. and analyze my encrypted files!

What the heck are you guys encrypting? you act like its top secret military/terrorist files? No I don't think that is the case here, but to be so paranoid about the law, my bet is child porn, or loads of other people personal information that was hacked, I mean why else would someone be so paranoid about Law Enforcement agencies cracking their encrypted files? but by no means am accusing anyone here, No I'm not accusing anyone of illegal activities, so please don't take it the wrong way!

Nobody has the resources to crack my 7zip file, so in my eyes its safe enough to use, I'm not worried about the government knocking on my door, and no one has ever cracked it before, nor has the resources to try, even if they did I don't think their going to crack it any time soon if ever!

Therefore I have nothing to worry about now do I? Nope!

So keep on talking all your stuff about 7-zip but when it really comes down to the POINT, you have no proof of your accusations, you have no proof that it is as weak as your saying it is, so I suggest you find your proof before you keep on replying with your endless theory's and null information, because none of it will prove anything about 7-zip!

I guess you can say Ive been getting a little to carried away with my posts on the paranoia thing, I'm not so paranoid after all, now that I really think about it!

Have a nice day!