Does anyone have any opinions regarding Rohos' encryption software? It is supposed to be like TrueCrypt, but does not require admin privileges; which makes it very hand for a USB drive.
It's like truecrypt indeed... although : -you can't do full disk encryption (only volume based) -It's closed source -Only AES or Blowfish (wich is nowadays obsolete anyway). Bruce Schneier now recommends against the use of Blowfish. In December 2007, he said, "At this point, though, I'm amazed it's still being used. If people ask, I recommend Twofish instead." Wikipedia -Not downloaded (tested) for 4 million times http://www.truecrypt.org/statistics.php -NOT free to use (time limited) http://www.rohos.com/desktop-security/buy_on-line.htm But hey, it is indeed like Truecrypt.
So, are you saying that Rohos Risk is not recommended to secure a "volume" on a USB disk, or are you saying that just the use of Blowfish is not advisable? What about using Rohos Disk with AES?
I'm not saying that the program is insecure in anyway. I do not have the knowledge to say (confirm) this. I just say that Blowfish is recommended against by its creator, although there aren't any know attacks against a full 448-bit blowfish. http://en.wikipedia.org/wiki/Blowfish_(cipher) It's just that there are better ciphers around now. It's successor Twofish, and offcourse AES (Rijndael).
Saying and confirming that a "closed source" implentation of algorithms is secure or unsecure is almost impossibel. You can't read the code. I must admit that reading the "full" code of a program like truecrypt is also very time consuming The algorithms that are considered secure today, may be considered unsecure tomorrow.