A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows 7 » Windows 7 Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

encrypt folder, recommendations?



 
 
Thread Tools Rate Thread Display Modes
  #1  
Old April 21st 18, 02:26 AM posted to alt.windows7.general
Mike S[_4_]
external usenet poster
 
Posts: 496
Default encrypt folder, recommendations?

I am going to install a crypto wallet on my w7 ult, and want to encrypt
the folder it lives in. Are there any open source encryption packages
that will let me encrypt individual folders, or even individual files,
that anyone can recommend?
Ads
  #2  
Old April 21st 18, 05:57 AM posted to alt.windows7.general
masonc
external usenet poster
 
Posts: 152
Default encrypt folder, recommendations?

On Fri, 20 Apr 2018 18:26:12 -0700, Mike S wrote:

I am going to install a crypto wallet on my w7 ult, and want to encrypt
the folder it lives in. Are there any open source encryption packages
that will let me encrypt individual folders, or even individual files,
that anyone can recommend?


"Magic Folders"
  #3  
Old April 21st 18, 03:38 PM posted to alt.windows7.general
VanguardLH[_2_]
external usenet poster
 
Posts: 10,881
Default encrypt folder, recommendations?

Mike S wrote:

I am going to install a crypto wallet on my w7 ult, and want to encrypt
the folder it lives in. Are there any open source encryption packages
that will let me encrypt individual folders, or even individual files,
that anyone can recommend?


Windows 7 Ultimate
should have
EFS = Encrypted File System (requires using NTFS)

If you use EFS, make damn sure you setup a recovery agent. There is no
backdoor, so if you forget the password (your Windows login) then the
data is lost forever. Obviously you must have a non-blank Windows login
for EFS to have something with which to encrypt.

https://www.tomsguide.com/us/encrypt...ews-18314.html

I've lost data because of having to rescue or replace a failed HDD,
installed a fresh copy of Windows, but lost access to the EFS-encrypted
files on another HDD. The same login doesn't work. A secure hash is
saved in a protected section of the registry (cryptohive) and it is
unique to the instance of Windows under which it was created. That's
why you need to assign a recovery agent. I didn't so I lost the EFS
files.

I later moved to TrueCrypt. While it can be used for whole-disk
encryption (but only in BIOS/MBR setups, not with UEFI/GPT - although
the Veracrypt variant is supposed to support UEFI), I only use it to
create encrypted containers. What folder hierarchy you create in the TC
container is your choice, just like however you create folders and
subfolders in the regular file system. You use TC to mount the
container. You are prompted for the password. After mounting, access
no longer requires a password until the volume gets unmounted.

If you get TrueCrypt, do NOT get it from the old Sourceforge site. When
the authors abandoned the program (or were forced to leave after
deciding not to get forced into adding a backdoor by the US gov't), they
crippled TC so it was read-only. You could used the last version to
mount and read previously created TC containers but not created new
ones. The last full-featured version of Truecrypt was 7.1a. There are
newer variants of Truecrypt, like Veracrypt (also free). As I recall,
Bestcrypt Traveller (and only that edition) is also free.

Since you are creating an encrypted archive file using TC, it is
portable. Move it anywhere and use TrueCrypt there to mount and access
that encrypted container. You aren't stuck into a particular instance
of Windows which is what happens when using EFS.
  #4  
Old April 21st 18, 04:11 PM posted to alt.windows7.general
Zaidy036[_6_]
external usenet poster
 
Posts: 79
Default encrypt folder, recommendations?

Mike S wrote:
I am going to install a crypto wallet on my w7 ult, and want to encrypt
the folder it lives in. Are there any open source encryption packages
that will let me encrypt individual folders, or even individual files,
that anyone can recommend?


If you have an image program like Acronis then image the folder with a
password and then delete the original. Restore from image when you need it.

--
Zaidy036
  #5  
Old April 21st 18, 04:46 PM posted to alt.windows7.general
No_Name
external usenet poster
 
Posts: 3
Default encrypt folder, recommendations?

On Fri, 20 Apr 2018 18:26:12 -0700, Mike S wrote:

I am going to install a crypto wallet on my w7 ult, and want to encrypt
the folder it lives in. Are there any open source encryption packages
that will let me encrypt individual folders, or even individual files,
that anyone can recommend?


My opinion is to use simple, safe and proven TrueCrypt to create an
encrypted volume which your machine treats as another drive. It
eliminates having to have untrusted and separate programs for files
and folder encryption. As far as I'm concerned, I trust none of the
newer encryption methods.

TC is proven. Period.

TC will NOT work with UEFI bios. I learned that the hard way by
blowing my Windows 7 Ultimate machine by trying it. Luckily I had
everything backed up with the Windows 7 backup utility plus a repair
disk. I regained everything through foresight.

Why didn't I use Redmond's BitLocker? You're kidding, right?

Everything I've read so far says VeraCrypt does not work with UEFI. I
could be wrong. But VeraCrypt is much too new to be trusted. It hasn't
been through the government wars yet, as has TC. I also read of multi
problems in the forums.

Go with a TC volume. Full disk encryption is much better, but it's a
pain in the butt to keep your drive backed up. That's for more
knowledgeable users.

Just my opinion after years of using TC on my older Windows machines.
  #6  
Old April 21st 18, 05:06 PM posted to alt.windows7.general
No_Name
external usenet poster
 
Posts: 3
Default encrypt folder, recommendations?

On Sat, 21 Apr 2018 15:11:54 -0000 (UTC), Zaidy036 wrote:

Mike S wrote:
I am going to install a crypto wallet on my w7 ult, and want to encrypt
the folder it lives in. Are there any open source encryption packages
that will let me encrypt individual folders, or even individual files,
that anyone can recommend?


If you have an image program like Acronis then image the folder with a
password and then delete the original. Restore from image when you need it.

--
Zaidy036


I would never trust a program that has encryption simply as an add-on.
Acronis has had many problems in recent years. Many complaints in the
forums. That's why I still use a much older version. Just because an
outfit says their program contains encryption is no guarantee of how
well that encryption has been implemented. Simply using some AES,or
whatever encryption template code means little. Many so-called
encrypted proggies have been broken because of poor implementation.

In encryption, reputation - gained over a good deal of time, and
battles with hackers, private and government ones, are to me the sole
criterion by which an encryption program can be trusted.

However, how much security you really need is really dependant on the
importance of what info you are trying to protect. That's your call.
  #7  
Old April 21st 18, 07:57 PM posted to alt.windows7.general
Stan Brown
external usenet poster
 
Posts: 2,904
Default encrypt folder, recommendations?

On Sat, 21 Apr 2018 09:38:01 -0500, VanguardLH wrote:
If you get TrueCrypt, do NOT get it from the old Sourceforge site. When
the authors abandoned the program (or were forced to leave after
deciding not to get forced into adding a backdoor by the US gov't), they
crippled TC so it was read-only. You could used the last version to
mount and read previously created TC containers but not created new
ones. The last full-featured version of Truecrypt was 7.1a. There are
newer variants of Truecrypt, like Veracrypt (also free).


I've been using VeraCrypt for several years, and I recommend it. It
can read and write TrueCrypt volumes, but it can't create TrueCrypt
volumes. I don't know the technical details of the differences
between a TrueCrypt volume and a VeraCrypt volume, but I imagine they
include a fix for the security hole that was found in TrueCrypt when
its code was audited.

Wikipedia seems to disagree with my memory about a security hole
being found in audit:
https://en.wikipedia.org/wiki/Truecrypt
Probably Wikipedia is right and I'm wrong. Maybe I have a distorted
memory of the anonymous TrueCrypt authors' claim that TrueCrypt
contained security problems.

Anyway, VeraCrypt works like TrueCrypt, and it's free.

--
Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://BrownMath.com/
http://OakRoadSystems.com/
Shikata ga nai...
  #8  
Old April 21st 18, 07:58 PM posted to alt.windows7.general
Stan Brown
external usenet poster
 
Posts: 2,904
Default encrypt folder, recommendations?

On Fri, 20 Apr 2018 18:26:12 -0700, Mike S wrote:

I am going to install a crypto wallet on my w7 ult, and want to encrypt
the folder it lives in. Are there any open source encryption packages
that will let me encrypt individual folders, or even individual files,
that anyone can recommend?


Isn't the "crypto wallet" already encrypted?

--
Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://BrownMath.com/
http://OakRoadSystems.com/
Shikata ga nai...
  #9  
Old April 21st 18, 07:58 PM posted to alt.windows7.general
Stan Brown
external usenet poster
 
Posts: 2,904
Default encrypt folder, recommendations?

On Sat, 21 Apr 2018 10:46:44 -0500, wrote:
My opinion is to use simple, safe and proven TrueCrypt


VeraCrypt, you mean.

https://en.wikipedia.org/wiki/Truecrypt


--
Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://BrownMath.com/
http://OakRoadSystems.com/
Shikata ga nai...
  #11  
Old April 21st 18, 09:20 PM posted to alt.windows7.general
No_Name
external usenet poster
 
Posts: 3
Default encrypt folder, recommendations?

On Sat, 21 Apr 2018 14:57:03 -0400, Stan Brown wrote:

On Sat, 21 Apr 2018 09:38:01 -0500, VanguardLH wrote:
If you get TrueCrypt, do NOT get it from the old Sourceforge site. When
the authors abandoned the program (or were forced to leave after
deciding not to get forced into adding a backdoor by the US gov't), they
crippled TC so it was read-only. You could used the last version to
mount and read previously created TC containers but not created new
ones. The last full-featured version of Truecrypt was 7.1a. There are
newer variants of Truecrypt, like Veracrypt (also free).


Edited Out

Wikipedia seems to disagree with my memory about a security hole
being found in audit:
https://en.wikipedia.org/wiki/Truecrypt
Probably Wikipedia is right and I'm wrong. Maybe I have a distorted
memory of the anonymous TrueCrypt authors' claim that TrueCrypt
contained security problems.


The so called security hole found in TrueCrypt was of no consequence.
Read the report. The CIA, FBI, and local police have had to go to
court to open up someone's TrueCrypt disk. One time, an ex-husband
supplied the password to his ex-wife's encrypted drive. That's the
only way the feds broke it. TrueCrypt has not ever been hacked -
unless your password might be the name of the family pooch. Some
people are that stupid. Use a passphrase created with Diceware and you
won't have to worry about TC being hacked.

The real question oncemore is simply how important is your info, and
how many people would really give a dang about trying to get it?
That'll determine how absolutely sure you have to be about it being
safe. However, TC volumes are so easily created and backed up, it's a
no-brainer as far as I'm concerned, even for simple non-important
"secret info".

Just an opinion.

--
Stan Brown, Oak Road Systems, Tompkins County, New York, USA

  #12  
Old April 22nd 18, 12:07 AM posted to alt.windows7.general
Mike S[_4_]
external usenet poster
 
Posts: 496
Default encrypt folder, recommendations?

On 4/21/2018 1:20 PM, wrote:
On Sat, 21 Apr 2018 14:57:03 -0400, Stan Brown wrote:

On Sat, 21 Apr 2018 09:38:01 -0500, VanguardLH wrote:
If you get TrueCrypt, do NOT get it from the old Sourceforge site. When
the authors abandoned the program (or were forced to leave after
deciding not to get forced into adding a backdoor by the US gov't), they
crippled TC so it was read-only. You could used the last version to
mount and read previously created TC containers but not created new
ones. The last full-featured version of Truecrypt was 7.1a. There are
newer variants of Truecrypt, like Veracrypt (also free).


Edited Out

Wikipedia seems to disagree with my memory about a security hole
being found in audit:
https://en.wikipedia.org/wiki/Truecrypt
Probably Wikipedia is right and I'm wrong. Maybe I have a distorted
memory of the anonymous TrueCrypt authors' claim that TrueCrypt
contained security problems.


The so called security hole found in TrueCrypt was of no consequence.
Read the report. The CIA, FBI, and local police have had to go to
court to open up someone's TrueCrypt disk. One time, an ex-husband
supplied the password to his ex-wife's encrypted drive. That's the
only way the feds broke it. TrueCrypt has not ever been hacked -
unless your password might be the name of the family pooch. Some
people are that stupid. Use a passphrase created with Diceware and you
won't have to worry about TC being hacked.

The real question oncemore is simply how important is your info, and
how many people would really give a dang about trying to get it?
That'll determine how absolutely sure you have to be about it being
safe. However, TC volumes are so easily created and backed up, it's a
no-brainer as far as I'm concerned, even for simple non-important
"secret info".

Just an opinion.

--
Stan Brown, Oak Road Systems, Tompkins County, New York, USA


Thanks to everyone who replied, I now have research to do on some really
good looking approaches.
  #13  
Old April 22nd 18, 12:12 AM posted to alt.windows7.general
Mike S[_4_]
external usenet poster
 
Posts: 496
Default encrypt folder, recommendations?

On 4/21/2018 11:58 AM, Stan Brown wrote:
On Fri, 20 Apr 2018 18:26:12 -0700, Mike S wrote:

I am going to install a crypto wallet on my w7 ult, and want to encrypt
the folder it lives in. Are there any open source encryption packages
that will let me encrypt individual folders, or even individual files,
that anyone can recommend?


Isn't the "crypto wallet" already encrypted?


I want another layer.
  #14  
Old April 22nd 18, 02:37 AM posted to alt.windows7.general
VanguardLH[_2_]
external usenet poster
 
Posts: 10,881
Default encrypt folder, recommendations?

mel wrote:

TC will NOT work with UEFI bios. I learned that the hard way by
blowing my Windows 7 Ultimate machine by trying it. Luckily I had
everything backed up with the Windows 7 backup utility plus a repair
disk. I regained everything through foresight.


To be accurate, Truecrypt won't work when used for whole-disk encryption
on a UEFI computer. It still does work when creating .tc containers
holding the encrypted files.

Why didn't I use Redmond's BitLocker? You're kidding, right?


Again, whole-disk encryption. The OP only wanted to protect the
contents of a folder, not the whole disk.

As I recall, the vulnerability in Bitlocker wasn't in the program but in
the TPM chip in the computer. So I did a search to check.

https://www.softcat.com/news/tpm-vul...tion-impacted/
https://support.microsoft.com/en-us/...ability-in-tpm

Everything I've read so far says VeraCrypt does not work with UEFI. I
could be wrong.


Yep, you're wrong. It's Truecrypt that won't work with UEFI but only if
you use TrueCrypt for whole-disk encryption.

But VeraCrypt is much too new to be trusted.


It started with the TrueCrypt code (because it was open source). The
audits found some weaknesses or deficiencies. As I recall Veracrypt
only addressed some of them, like 6 out of 22. One was to support UEFI.

How long was it before TrueCrypt got any auditing? 11 years. How many
open source programs ever get audited? Being open source means they are
open to inspection but they rarely get inspected by an independent 3rd
party plus you have to assume the compiled executable used the open
source code that could be reviewed. Veracrypt got audited 3 years after
they adapted TC; see:

https://www.zdnet.com/article/veracr...ritical-flaws/
"VeraCrypt 1.8 and its bootloaders contained a total of eight critical
vulnerabilities, three medium flaws and 15 additional bugs of low
importance."
"The majority of these problems have been fixed in VeraCrypt 1.19"
"The remaining problems present have all come from the days of
TrueCrypt, and fixing them at the moment could cause issues with
backward compatibility."

Unlike the TC authors who remained anonymous and were slow to make
changes and disappeared after the first audit and weren't around after
abandoning TC (and made it read-only) before the 2nd audit, Veracrypt is
a lot more responsive to fixing their product. IDRIX inherited the
problems found in TC.

Go with a TC volume. Full disk encryption is much better, but it's a
pain in the butt to keep your drive backed up. That's for more
knowledgeable users.


Unless you are programming new software that needs to be protected, why
do you need whole-disk encryption for programs that aren't yours and
that anyone can get?

Just my opinion after years of using TC on my older Windows machines.


The problem with TC, BestCrypt, VeraCrypt, and other tools creating
container files with encrypted data is that they possess static
protection. While the files are inside, they are very secure. When you
mount the container and open any files therein is when you lose security
due to buffers in memory, pagefile, and other artifacts in opening and
accessing the contents of files. In situ, the files are safe. In use,
they aren't so secure anymore. That's probably why some users go to
using whole-disk encryption; however, memory gets reallocated, pagefile
can be wiped on shutdown, and so on to placate the paranoids of which
most don't have anything they really need to secrete from a gov't but
perhaps from a business competitor.
  #15  
Old April 22nd 18, 10:23 AM posted to alt.windows7.general
J. P. Gilliver (John)[_4_]
external usenet poster
 
Posts: 2,679
Default encrypt folder, recommendations?

In message , Zaidy036
writes:
Mike S wrote:
I am going to install a crypto wallet on my w7 ult, and want to encrypt
the folder it lives in. Are there any open source encryption packages
that will let me encrypt individual folders, or even individual files,
that anyone can recommend?


If you have an image program like Acronis then image the folder with a
password and then delete the original. Restore from image when you need it.

(Regardless of whether you consider the encryption in Acronis or
whatever to be any good the "delete" in the above would be "delete
with extreme prejudice", i. e. use one of the many utilities that
overwrite. (With modern drives I don't think you'll need multiple
overwrites.) Plus what (ITIW) VanguardLH said about buffers, pagefiles,
etcetera.
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

What's awful about weird views is not the views. It's the intolerance. If
someone wants to worship the Duke of Edinburgh or a pineapple, fine. But don't
kill me if I don't agree. - Tim Rice, Radio Times 15-21 October 2011.
 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 03:08 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.