Encription Tools FAQ
I have used and tried several encription programs. In this FAQ, I review
them, by giving a short description about the program, how it's used, its
advantiges, disadvantiges and my recommandations. The reader is STRONGLY
urged to try all the programs listed and make his/her choice according to
their indivigual needs. For more information on the products here, visit
their WWW sites and read their FAQs.
I only provide this FAQ as a personal opinion, and NOT a definite guide.
NOTE* an encription program WEAKEST link is YOUR PW
you are using, so make one that
is NOT a word that can be found in the dictionary and sprinkle a few
numbers inside it.
BestCript
from Jetico
It works by creating a "container" where a file or a folder can be "dropped in" -
placed and the "container" then locked by a PW. The size of the container is determined by the user -it can be from 10Kb to as much as 100 MB or more. A whole drive or a zip cartrige can also be encripted. BestCript uses a variety of encription methods-for
algorithms - DES (ha-ha!!!!), BLOWFISH, GOST for key generator -SHA1 or
GOST (BestCript V2-5). Both are 256 bit encription and they haven't been broken-yet.
BestCrypt WAS designed for the secure storage of the bulk data on computers.
Instead of encrypting and decrypting each file individually as with PGP, BestCrypt allows the user to
store files in an encrypted container. When the container has been open (with a password) the user has access to all the files in the container without any further decryption operations. Likewise, any information written to an open container is automatically encrypted and becomes inaccessible when the container is closed.
Its interface is very easy to use and understand and they provide
a wonderfully complete manual on how to use BestCript. BestCript also comes with its famous free utility BestWipe which can be used to wipe clean the free space
and the swap file on your HD. The
product can be initially used for free for one month,
and after that the encripted files can be accessed
in "read only" mode. BestCript is relately cheap and comes from
Finland. For MORE info on BestCrypt, read the Dr Who's FAQ
on ecription at
Dr Who's FAQ
best of all, BestCrypt comes with the freeware
BCWipe utility that will clean your free spave on your HD by writting
over it 7 times and wiping it clean.
You can get BCWipe for FREE from
jetico.sci.fi and you dont even have to buy Bestcrypt.
They also sell a comercial version of a product to clean your HD. Warning! Some people have experianced problems with BCWipe. Seems it's a bit over active and cleans
MORE than just your free space and swap files. So use it at your own risk.
I strongly recommand this program even if you have to shell out the money to buy it, while there are freeware encription programs out there.
Criptext v3.2
from pcug.org
A freeware encription program that comes in an English, French, German, and Spanish language versions. It is the easiest of the lot to set up and use. It takes less than a minute to install and to use it, just right click with your mouse button on a file and choose either "encript" or "decript". It uses a combination of SHA-1 and
RC4 to encrypt files using a strong
160-bit key. There are several things I do NOT like about this programs and they are they are:
1. It allows the use of ONLY ONE default PW for ALL encriptions. Of-course, you CAN change
the PW if you want, but ONCE you have chosen your PW you have to use the same one over and over.
2. The encripted files/folers retain their original names.
3. If you encript a folder with several sub-folders in it, when you try to decriot them all
at once you will get an error message- you MUST decript all one by one which can be a tedious and
annoyingly time consuming chore.
Personaly, I DO NOT recommand this program, even if it's a freeware. I guess the old saying
"You get what you paid for." stands true.
Dir Snoop
is something I am investigating right now, so I dont have much to write about it yet. When I am done evaluating it, i shall write about it here.
F-Secure
from Data Fellows.com
or europe.datafellows
Another encription program from Findland.
With Desktop, you can encrypt/decrypt files, directories, and Windows 95 and NT 4.0 folders automatically during the starting and closing of Windows.
On your Windows 95 and NT 4.0, F-Secure Desktop is integrated with the Windows shell. You can drag and drop files to folders that will be encrypted automatically or you can encrypt/decrypt any object by just clicking the right mouse button on the object and selecting encrypt or decrypt. I have just started testing this program and it shows a great promise for now. One little thing that I do NOt understand is why it has to format/erase all the encripted files though.
PGP
(Pretty Good Privacy)
PGP and BestCrypt have been designed with different purposes in mind: PGP's goal is to support
encrypted e-mail and to encrypt individual files (PGP must be run every time you want to encrypt a file).
PGP is mostly used for 2 way communication- NOT for encription personal files/folder.
It is primarily intended to solve one problem - how to securely send information over insecure communication channels. The RSA encryption built into PGP is used for this purpose.
The process involves enciphering(encrypting) and deciphering(decrypting) messages in secret code.
A common method is to use a pair of keys - a public key and a
private key to encode data so that only the person who is intended to see it can read it. IF person A sends a message to B, he/she encodes the mesage with B's public key . B then decodes the message using his/her private key.
Only B's private key will decode the message. C CANNOT peek at what A
and B are talking about. Neat eh?...;-))
Encription key
The encription key is the essential piece of info- a word or number or COMBINATION of BOTH (best way- and dont make it a word that can be found in the dictionary...;-^) -used in encrypting and decrypting
the message, but its not the algorith(process) used for encription.
To encrypt a file, PGP generates a random encryption key for the conventional IDEA encryption algorithm. This key is 128 bits long.
You can get the freeware version of PGP from
MIT and learn how
to use it. It is supposed to be the best but just recently I heard the code for PGP had be broken.
You CAN use encription to encrip YOUR files on the HD, but I personally dont recommand it.
here is PGP's FAQ slightly modified:
PGP FAQ
and some MORE PGP links
- International PGP
- Japan PGP
homepage.htm
- PGP Japan
FTP
- Public Key Server
- The comp.security.pgp
FAQ
- where-to-get-pgp.html
- Encryption Software to Avoid
ScramDisc
from hertreg.ac.uk
SCramdisc also uses the "container concept". A container file is placed on an existing HD which is secured with a specific password. This container can then be mounted by the Scramdisk software which creates a new drive letter to represent the drive.
The virtual drive can then only be accessed with the correct passphrase. Without the correct passphrase the files on the virtual drive are totally inaccessible.
Scramdisk can create virtual disks with a choice of a number of 'industry standard'
encryption algorithms: Triple-DES, IDEA, MISTY1, Blowfish, TEA (either 16 & 32 rounds), and
Square. It also includes a proprietary and very fast algorithm 'Summer' which is provided for
minimal security applications and for compatibility with older versions of ScramDisk.
Algorithms used by Scramdisk:
3DES (EDE) 64 168
Blowfish 64 256
DES 64 56
IDEA 64 128
MISTY1 64 128
Square 128 128
Summer (Stream)n/a 128
TEA (16 Rounds) 64 128
TEA (32 Rounds) 64 28
A little grape-scamdisc interface is a bit difficult to comprehend.
There are several folders there named "unused" - I think they are for each of the indivigual Drives and no other explanation is given to what they are or how are they to be used.
There are many access control and security packages on the market, but none of them is so easy to use that your people would trust it and install it on their computers. F-Secure Desktop removes the complexity and provides an easy,
flexible and FREE, but strong-encryption solution that will effectively protect your company's information assets. With Desktop, you can encrypt/decrypt files, directories, and Windows 95 and NT 4.0 folders automatically during the
starting and closing of Windows. Desktop is by far the easiest and strongest way to
protect the sensitive information on your laptops and PCs.
Conclusions:
The info on encription here is of a begginers nature. A LOT of the research and development on
computer security takes place all over the world. World wide encription capabilities could be improved and made consistent, but the
US goverment won't allow the best US designed encription systems to be exported beyond North America. Thats
OK though, 'cuz USA is NOT the only country in ther world with strong encription software. But I will talk about that bellow.
For now let's say that products that use keys with more than 40 bits are considered weapons. Maybe its national ego or paranoia left over from the cold war.
The US goverment even wants to have a "back door" to every key so they can look up info with out the user's knowledge. Yeah, right!
Other countries have their own initiatives and import or export controls. For example, France wont allow
strong encription systems to be imported either. This causes some vndors to create two or even three versions of a product.
The North American version of Netscape Commerce Server for example uses keys 128 bits long. The more bits there are the harder
it is to break the code. The international version also has encription, but it only uses 40-bit keys.
If you wanna get international encription products, a good place to start looking at is at CERN
,the European labrotory for particle physics and the birthplace of World Wide Web(WWW). CERN has a low
ewnd security scheme called CERN Access Authorization Protocol. You should also keep your eyes on the Russian company
Electronic Computing Information Systems
, also known as ELVIS+ Corporation. using specifications released by Sun Microsystems, the scientists at ELVIS+ have created a
VERY strong encription system that's beyond the reach of the U.S.
goverment's export controls. Of-course, France can still block it from coming in...but we KNOW how the french are...JUST KIDDING!!!!
final note-this FAQ is NOT finished yet. I am STILL testing and evaluating more encription programs.