Results 1 to 9 of 9

Thread: Well-regarded file encryption software?

  1. #1
    Senior Member watercooled's Avatar
    Join Date
    Jan 2009
    Posts
    11,459
    Thanks
    1,539
    Thanked
    1,022 times in 868 posts

    Well-regarded file encryption software?

    Does anyone know of any file encryption software which is as well regarded as Truecrypt is for disk encryption? I'm currently using 7-zip for most file encryption but I don't have a clue how well it's implemented. Something lightweight, trustworthy, open-source and well thought out is what I'm after really - it's a pity TC doesn't have a file encryption explorer option or something! Oh and it's for Windows, I can think of a few programs that fit that description on Linux but most encryption freeware on Windows looks about as trustworthy as an email from a royal family asking for your details...

  2. #2
    The late but legendary peterb - Onward and Upward peterb's Avatar
    Join Date
    Aug 2005
    Location
    Looking down & checking on swearing
    Posts
    19,378
    Thanks
    2,892
    Thanked
    3,403 times in 2,693 posts

    Re: Well-regarded file encryption software?

    GPG allows strong encryption for files (although the windows interface is 'clunky' to say the least)

    You can use truecrypt as a file encryptor (indirectly) by creating an encrypted container and putting stabdard file into it, so it appears as a logical drive.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  3. Received thanks from:

    watercooled (03-12-2010)

  4. #3
    Senior Member
    Join Date
    Aug 2008
    Posts
    492
    Thanks
    8
    Thanked
    106 times in 80 posts

    Re: Well-regarded file encryption software?

    7-zip uses AES-256 and is open source (therefore open to peer review), so assuming a decent passphrase is used it could be considered unbreakable for any practical purposes.

    The trouble is though, if you regularly encrypt/decrypt data on a per-file basis, you can never be entirely sure where Windows is going to splatter bits of it unencrypted on the HDD, simply by virtue of the way it works, and you could end up lulling yourself into a false sense of security. It would probably be beyond most people's ability to recover, but if you feel you need industrial-strength encryption in the first place, I guess you need to look at a worst-case scenario.

    I expect you already know that Truecrypt can encrypt an entire system with pre-boot authentication - I think that's the way to go, then you can relax knowing that you're pretty much bomb-proof whatever happens (unless someone tickles you until you give up the passphrase).

  5. Received thanks from:

    watercooled (03-12-2010)

  6. #4
    unapologetic apologist
    Join Date
    Nov 2005
    Location
    UK
    Posts
    1,954
    Thanks
    363
    Thanked
    275 times in 146 posts

    Re: Well-regarded file encryption software?

    axcrypt

    insanely strong
    One can never stop saying Thank You

  7. Received thanks from:

    watercooled (03-12-2010)

  8. #5
    Senior Member watercooled's Avatar
    Join Date
    Jan 2009
    Posts
    11,459
    Thanks
    1,539
    Thanked
    1,022 times in 868 posts

    Re: Well-regarded file encryption software?

    I have used TC from time to time to encrypt files but it is a pain having to create a file container every time and often find you've made it too small. I know lots of the fundamentals of encryption and such, that was an area of interest for quite a while (and still is to a slightly lesser extent). Just because something uses AES-256 doesn't mean it's strong, implementation is everything and for all I know 7-zip might only do a simple password check but use the same key for everything - I know something like that is unlikely as it's open-source and widely used but it's probably not been checked to the extent of dedicated encryption software (and I don't have the programming experience to do so myself). I'm not in the position of needing to use full-disk encryption (I would on a laptop though), just I like to be sure only the recipient gets to see a file after I've sent it over an untrusted network. Most people don't enjoy me walking them through setting up an VPN tunnel or something! Anything I was afraid of anyone else seeing I probably wouldn't be sending it to anyone who accepted without questioning how I would send it anyway as they probably wouldn't take care of it on their end.

    GPG and Axcrypt both look interesting though, although you're right about the GPG interface on Windows. Axcrypt sounds familiar, I'll give it a go!

    Thanks!

  9. #6
    unapologetic apologist
    Join Date
    Nov 2005
    Location
    UK
    Posts
    1,954
    Thanks
    363
    Thanked
    275 times in 146 posts

    Re: Well-regarded file encryption software?

    Axcrypt works straight off the right-click - simples!
    One can never stop saying Thank You

  10. Received thanks from:

    watercooled (04-12-2010)

  11. #7
    Get in the van. Fraz's Avatar
    Join Date
    Aug 2007
    Location
    Bristol
    Posts
    2,919
    Thanks
    284
    Thanked
    397 times in 231 posts
    • Fraz's system
      • Motherboard:
      • Gigabyte X58A-UD5
      • CPU:
      • Watercooled i7-980X @ 4.2 GHz
      • Memory:
      • 24GB Crucial DDR3-1333
      • Storage:
      • 240 GB Vertex2E + 2 TB of Disk
      • Graphics card(s):
      • Water-cooled Sapphire 7970 @ 1175/1625
      • PSU:
      • Enermax Modu87+
      • Case:
      • Corsair 700D
      • Operating System:
      • Linux Mint 12 / Windows 7
      • Monitor(s):
      • Dell 30" 3008WFP and two Dell 24" 2412M
      • Internet:
      • Virgin Media 60 Mbps

    Re: Well-regarded file encryption software?

    Quote Originally Posted by fuddam View Post
    axcrypt

    insanely strong
    Seconded. Worked well for me in the past. Not used it recently though.

  12. Received thanks from:

    watercooled (04-12-2010)

  13. #8
    The late but legendary peterb - Onward and Upward peterb's Avatar
    Join Date
    Aug 2005
    Location
    Looking down & checking on swearing
    Posts
    19,378
    Thanks
    2,892
    Thanked
    3,403 times in 2,693 posts

    Re: Well-regarded file encryption software?

    Captain Crash has hit the nail on the head. It isn't just the encryption algorithm, it is the implementation of that algorithm that is important. AES 256 is probably as good as it gets in open source, but the implementation is all. As he says, what artefacts will the implementation algorithm leave behind? And that is very very difficult to assess.

    Even Truecrypt can leave some artefacts behind, which while not revealing the contents of a file, can give clues about the directory structure that file might belong to. Hard to find, and TC is (IMHO) one of the best OS encryption applications there is (especially as a disk/partition encryptor for protecting data at rest)

    But the application chosen will depend on the protection required. If it is transmission security, (protecting a file from being read through interception across a public network) then s-mime, GPG, PGP, will do that job without any difficulty. If it protecting a traffic stream, then SSL is good enough, and there are there are also software end-to-end encryption systems,. (I'm ignoring hardware encryption systems)

    If it is protecting data-at-rest on a laptop (if it gets nicked) then probably TrueCrypt or BeCrypt or something like Flagstone is as good as anything. Protecting individual files while a laptop or computer is powered up (and therefore everything is decrypted on the fly, is a harder problem, and if the data is really sensitive, then you really need to assess and understand the risks to that data and the appropriate mitigation techniques to reduce them.

    And the other issue is key management. An encryption system is not just an algorithm, or an implementation, but there is also the question of key management and key protection. An encryption system fails if the key or password or key protection system fails. Again GPG (and PGP) also provide some element of key management, as does open SSL. (and most other commercial and open source systems)

    You can maike the task as complex or as simple as you like, so long as you understand the risks, and apply measures commensurate with the sensitivity of the data and the impact of its compromise.
    Last edited by peterb; 04-12-2010 at 05:13 PM.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  14. #9
    Senior Member watercooled's Avatar
    Join Date
    Jan 2009
    Posts
    11,459
    Thanks
    1,539
    Thanked
    1,022 times in 868 posts

    Re: Well-regarded file encryption software?

    AES-256 is actually considered less secure than AES-128 especially when used as a stream cipher due to the simple algebraic description of the cipher, the attack effectively reduces the security of AES-256 to a security of 2^99.5 bits and it affects the 192 cipher to a lesser extent. The 128 key cipher is unaffected. It's 'only' a related key attack so I doubt it's something that would allow an attacker to ever read encrypted data, even if bruteforcing 99.5 bits was feasible. Concerns of flaws like this in the Rijndael cipher were actually brought to the attention of the AES crowd during selection due to the simplicity of the cipher, especially those with the longer key sizes. There's still a big security margin on the cipher but other AES competitors like Twofish and Serpent (both available in TC) are more complex and secure than Rijndael, but slower. I think it's time the AES standard is reviewed myself, computing power is much cheaper than it was and even a cascade cipher of all three isn't much effort for a modern system. Even the people who picked Rijndael for AES agreed it was less secure than others but at the time the speed was also important as it was to be used on embedded computers for example.
    But again, implementation is crucial, very well thought-out software like TC using a good block cipher mode of operation overcomes many potential flaws in ciphers. An example of a flaw is SSL - if you keep up-to-date with security news you'll have heard about the man-in-the-middle attack which affects it. It only takes a simple server-side fix to sort it but it goes to show you can have all the encryption in the world but it can still be useless if there's a problem in the implementation. A funny (to me at least) analogy is, when I was at school there was a 'safe room' they used to keep all the expensive stuff in, it had a huge thick plate steel door on the front but it was screwed into place from the outside...
    DES is actually a very strong cipher, I can't think of any significant attacks/breaks that reduce the effective security of the cipher, of course though the key length is too short for it to be an effective means of securing data. Triple-DES is a strong cipher but it's painfully slow compared to more modern ciphers offering a similar complexity.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Looking Through Windows
    By Paul Adams in forum Software
    Replies: 16
    Last Post: 19-10-2018, 09:07 AM
  2. LaTeX2html problem...
    By bsodmike in forum General Discussion
    Replies: 4
    Last Post: 15-12-2010, 03:51 PM
  3. Nero or Burner ?
    By Foxile in forum Help! Quick Relief From Tech Headaches
    Replies: 30
    Last Post: 04-04-2005, 07:31 AM
  4. What Pocket PC encryption software
    By ed^chigliak in forum PC Hardware and Components
    Replies: 3
    Last Post: 01-06-2004, 08:35 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •