What Encryption softwares do you use?

Discussion in 'privacy technology' started by Cutting_Edgetech, Oct 1, 2010.

Thread Status:
Not open for further replies.
  1. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    I use TrueCrypt, and Keepass. I'm looking for other possible encryption software to try. I would like to hear your opinion on programs for mail encryption since i have not tried very many. I'm interested in hearing about PGP since i have not used it in long time, and it seems to be really popular. If you have a favorite that you have used for a while then what is it, and why did you choose that particular one over the rest?
     
  2. hugsy

    hugsy Registered Member

    Joined:
    May 22, 2010
    Posts:
    167
    i use (when i can, and recipient is privacy aware) BCtextEncoder and dscrypt. Why? BCTE is freeware, it encrypts pure text with aes256 and can chew huge amount of text. Is portable, relatively small and can decode pgp msg also.
    dscrypt is small file encryption app, it has virtual keyboard to fight keyloggers, can work with keyfiles and it overwrites original file after is encrypted. App is portable and freeware.
    Hope it helps :)
     
  3. box750

    box750 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    260
    I use Claws Mail which supports GnuPG/PGP email encryption (with a plugin) as well as being a great Email and Usenet client. It is highly configurable and has lots of other plugins available.

    http://www.claws-mail.org/features.php

    If you just want a stand alone software for GnuPG/PGP encryption on Windows then GPG4Win:

    http://gpg4win.org/
     
  4. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    GnuPG for email. OTR for IM's. Dm-crypt/LUKS for drive encryption. (GnuPG and OTR can be used on Windows. Dm-crypt is a Linux thing, though there are now Windows clients).

    I think any privacy conscious person should encrypt all email with GnuPG/PGP. Do not rely on a provider to do that for you, especially with the new push in the USA for mandated backdoors in service provider's systems. Also, using OTR for IM's is very simple and easy to do. Takes a couple of minutes to setup and you're off.
     
  5. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    My email favourite in Linux x86 is now Thunderbird+Enigmail (GnuPG add-on). It's not available, AFAIK, for Linux x64, and I found little joy with Evolution. Pidgin+OTR is my favourite for IM/IRC. For disks, it's RAID5+dm-crypt+LVM.

    Yes!
     
  6. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Well, I use thunderbird/enigmail on 64 bit Ubuntu. Not sure if the actual build is 64 bit or not, but it works fine.
     
  7. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Other than TrueCrypt, I've used Hide in Picture before which is an effective steganography tool.
     
  8. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    Cool. Thanks.

    Edit: Canonical's Ubuntu Software Center does in fact have Thunderbird and Enigmail for x64. I'm pretty sure that it didn't a month or so ago. And perhaps I'm misremembering. Glad I mentioned it. And thanks again.
     
    Last edited: Oct 2, 2010
  9. TheMozart

    TheMozart Former Poster

    Joined:
    Jan 6, 2010
    Posts:
    1,486
    I use TrueCrypt for travelers mode. And I use Winrar for any files I need to encrypt outside of the TC container.
     
  10. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    That sounds pretty cool. I have used AxCrypt inside of a TrueCrypt folder but I have never thought about using winrar.
     
  11. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    gnupg for win (gpg for windows) for everything. Email and securing the few files I feel the need to lock down.

    I've tried quite a few different encryption softwares. PGP or Gpg gives me email and file ncryption all in one, rather than needing a program for email and another for files.
     
  12. redcell

    redcell Registered Member

    Joined:
    Sep 27, 2010
    Posts:
    126
    I use XXXXXX FDE for outer protection and Bestcrypt for inner volume.

    7zip & Winrar, then hide the files inside gif images and movies.

    VPN, proxy tunneling, and SOCKS for top secret communication.
     
  13. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    Main one is LastPass. Moved to it from KeePass because I needed my passwords everywhere and KeePass couldn't do it.

    AxCrypt is my other main app. Very handy and reliable.

    For container encryption, I use Free OTFE. In a pinch, you can access a container when not running as an administrator. TrueCrypt can't.

    Beyond that, I use 7-Zip and it's 7z/AES encryption routine. Works quite well...
     
  14. TheMozart

    TheMozart Former Poster

    Joined:
    Jan 6, 2010
    Posts:
    1,486
    Winrar is solid and uses 256 AES. Nobody can crack and break that, when you using a good password.
     
  15. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    That's not exactly a glowing endorsement. Would any y'all familiar with the literature like to comment? A link would be cool too.

    Also, FWIW, I'm reminded of recent comments critical of TrueCrypt's "integration of multiple cryptographic primitives". Are concerns re TrueCrypt less serious than those discussed in this paper?
     
  16. TheMozart

    TheMozart Former Poster

    Joined:
    Jan 6, 2010
    Posts:
    1,486
    I have encrypted a rar file. Where can I send it so you can crack it and show everyone how easy it is to crack a Winrar encrypted file.

    (I bet my house that you run away and hide from putting your money where your big mouth is. It always amuses me when people and even companies claim there are weaknesses and security concerns in Winrar encryption, but whenever I send them an encrypted Winrar file and ask them to crack it for me, they always run and hide and go silent. I wonder why LOL :)
     
  17. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    Hey, I'm not saying that I could crack your RAR! In any case, given that I'm not skilled in cracking encrypted files, my failure would be meaningless. I was just pointing to an article, and asking for comment. "Crack my RAR, or you're chicken" is not a useful comment, IMHO. Peace out.
     
  18. Justin Troutman

    Justin Troutman Cryptography Expert

    Joined:
    Dec 23, 2007
    Posts:
    226
    Location:
    North Carolina, USA / Minas Gerais, BR
    Bear this in mind: It's paramount that we question security; nowhere is it more important than when we are dealing with real-world implementations of security, and Dr. Tadayoshi Kohno demonstrated this with his attacks against WinZip, which looked rather secure on the surface, since it employed strong cryptographic primitives in the encrypt-then-authenticate generic composition; in other words, it followed best practice.

    I haven't yet read Yeo and Phan's work on WinRAR, but it appears that they're familiar with Kohno's work on WinZip, and conclude that WinRAR provides "slightly" better security than WinZip -- at least for the versions that were analyzed at that time. These attacks may not be as simple as attacking a given file, but may require a communication model, where Alice is communicating with Bob (e.g., Kohno's work on WinZip).

    Challenges like yours usually fall on deaf ears, because they fail to exhibit an understanding of real-world cryptographic product analysis -- that is, a cryptographic product must be analyzed as an entire product. History rings loud and clear the subtleties of cryptographic design and how despite incorporating the best cryptography, a product can be holier than Swiss cheese and have the information leakage to match. Please understand the attacks, first.

    I hope you take this with the sincerity I intended.
     
  19. TheMozart

    TheMozart Former Poster

    Joined:
    Jan 6, 2010
    Posts:
    1,486
    People are always making comments and/or pointing to websites that claim Winrar encryption is weak or able to be cracked, but whenever I ask a single person or company to crack my winrar encrypted file, everyone goes into hiding.

    I believe in ACTION more than WORDS, and that's all I get is words... no action!

    Anyone willing to show me and crack my winrar file?
     
  20. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    First of all, it was rude, imo, to ignore a sincere post by Justin who was trying to explain why your public "challenge" is not viable. Was his post simply over your head?

    Secondly, repeated posts saying the same thing over and over and over (this silly challenge to crack your WinRar file) is quickly going from merely obnoxious to forum disruption.

    I would refer you back to Justin Troutman's post.
     
  21. TheMozart

    TheMozart Former Poster

    Joined:
    Jan 6, 2010
    Posts:
    1,486
    I disagree, because imo, it's rude and ridiculous of people claiming and indicating that there is a flaw or weakness in winrar encryption, and when asked to prove it and crack my winrar file, they run and go into hiding.

    Enough of words....enough of reading articles...where is the proof? Who is willing to crack my winrar file? Put your money where your mouth is.. walk your talk...anyone?
     
  22. Justin Troutman

    Justin Troutman Cryptography Expert

    Joined:
    Dec 23, 2007
    Posts:
    226
    Location:
    North Carolina, USA / Minas Gerais, BR
    I just finished reading most of Yeo and Phan's paper, and thought I'd try to answer your question, based on what I read. I'm more inclined to think it's less serious in the case of TrueCrypt, because cascading primitives is a bit more straightforward and obvious than the less straightforward and subtle stuff that goes on within WinRAR -- which, similarly to WinZip, is exploitable (i.e., chosen-protocol attack) due to the non-integrated (independent) interaction of compression and encryption.

    Does this mean I can break a given compressed filed? No. Does this mean said file can be broken under the right circumstances? Yes. Again, it's all about understanding attacks; blind defensiveness about a security product is the way of the lemmings.
     
  23. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    Thanks, Justin.

    Googling "chosen-protocol attack", I find Kelsey et al. (199:cool:. Skimming that, I find myself thinking "well, what would I actually DO?" -- and that's probably not too useful here.

    Anyway, what I take from this is that it's wisest to archive/compress and then encrypt, rather than saving a little time by using an integrated product. Yes?
     
  24. Justin Troutman

    Justin Troutman Cryptography Expert

    Joined:
    Dec 23, 2007
    Posts:
    226
    Location:
    North Carolina, USA / Minas Gerais, BR
    I think what that means is that with products like WinZip and WinRAR, you have to solve the problem of compression and encryption being independent in such a way that an adversary can mess with the compression component without affecting the encryption component, which makes these attacks possible; in other words, this independence allows undetected manipulation. I haven't yet looked to see if WinZip and WinRAR have fixed this.
     
  25. TheMozart

    TheMozart Former Poster

    Joined:
    Jan 6, 2010
    Posts:
    1,486
    If these attacks are possible as you suggest, then how come you cannot crack my Winrar encrypted file?
     
Loading...
Thread Status:
Not open for further replies.