If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#16
|
|||
|
|||
password-protecting a file or folder
On Wed, 18 Jul 2018 15:43:37 -0500, Jo-Anne wrote:
I've Googled password-protecting files and folders; and according to what I've read, one needs third-party software to do this in W7; or one can encrypt the files/folders instead. Any suggestions for third-party software? Yes, I started off using TrueCrypt then VeraCrypt. Both were good and cross platform, but VeraCrypt for some reason started opening the encrypted container as read only and googling this it turned out others were having the same problem. Both of these use an encrypted container, which is essentially a single file the the program opens as a directory when you enter the password. For single files, I use AESCrypt for Linux/ Windows compatibility. For windows only, AXCrypt is better since it removes the target file once encrypted, whereas AEScrypt leaves both the encrypted and original file in place. Obviously you then have to delete the original file yourself. I am now using SiriKali which again runs in both Linux and Windows. It's quite good and again creates a container file. A nice feature is the size of the file (container) grows as needed (but never shrinks). It's simpler to use than the alternatives I mentioned. There are others, particularly for windows. For archiving, I use a regular zip file and encrypt it with AESCrypt. As far as security, any of the above are very secure as long as you use a decent password. |
Ads |
#17
|
|||
|
|||
password-protecting a file or folder
On 7/19/2018 6:40 AM, J. P. Gilliver (John) wrote:
In message , Jo-Anne writes: On 7/18/2018 8:39 PM, Zaidy036 wrote: On 7/18/2018 5:23 PM, 0 On 18/07/2018 21:43, Jo-Anne wrote: I've Googled password-protecting files and folders; and according to what I've read, one needs third-party software to do this in W7; or one can encrypt the files/folders instead. Any suggestions for third-party software? 7-zip 7_zip is free and easy to use and can be run in a batch. Thank you. I assume you mean that I can password-protect the zipped files? Yes, and that might be a good compromise. I think even the built-in .zip handler can handle passwords, though I'm not sure about that. How robust the protection available is is arguable, but as you've conceded nothing is bulletproof; if all you want is that when thief/hacker tries to access a file s/he is prompted for a password, this would be a good first step (perhaps along with not using obvious filenames). Note that (I think) you can see the _names_ of the files inside a password-protected .zip file just by looking at it - you only need the password to actually extract them. Play with it a bit to see if it'd suit you (and read up on whether the ease of cracking it would suit your needs). https://www.7-zip.org/ There is an encrypt file names option -- Zaidy036 |
#18
|
|||
|
|||
password-protecting a file or folder
On 7/19/2018 6:30 AM, John B. Smith wrote:
On Wed, 18 Jul 2018 20:58:29 -0500, VanguardLH wrote: Jo-Anne wrote: On 7/18/2018 7:00 PM, VanguardLH wrote: Jo-Anne wrote: I've Googled password-protecting files and folders; and according to what I've read, one needs third-party software to do this in W7; or one can encrypt the files/folders instead. Any suggestions for third-party software? W7 (Windows 7) does not state which *edition* you have of that OS. The Professional and Enterprise editions come with EFS (Encrypting File System). If you use it, make damn sure to setup a recovery agent. https://en.wikipedia.org/wiki/Encrypting_File_System (Requires NTFS file system. You didn't say what you use.) https://msdn.microsoft.com/en-us/library/cc875821.aspx EFS is something you need to self-educate yourself before committing to using it. So enjoy reading several articles about it, like: https://www.nextofwindows.com/things...a-in-windows-7 and https://www.google.com/search?q=windows+7+efs As I recall, EFS was tied to your Windows logon - so you'll need one (instead of blank credentials). That means no sharing of EFS-protected folders with other Windows accounts under the same or different instances of Windows. You can't dole out a shared password. With 3rd party tools that utilize a password, anyone with it can get inside. I've been twice burned by EFS. I went to TrueCrypt to secrete files within a mountable container (becomes a drive letter when mounted). You need to use version 7.1a since the latest version was deliberately crippled for read-only mode when the authors scurried away (there is speculation by their behavior that they got a National Security Letter which legally bars them from revealing getting one, refused to add a backdoor for the NSA or FBI, and left the last version crippled as a warrant canary). There are variations of TrueCrypt since it used open source code, like VeraCrypt. Any superficial software that bans access to the file or folders using permissions, ACLs, stacked file drivers, etc will not work when the OS is not loaded along with that software/drivers. Booting using a different OS, like from a CD or USB drive, or toting the drive to another computer running a different instance of Windows will permit access to all those files and folders. Permissions are enforced per Windows instance, not across all of them. Using any other OS, whether it be Windows or Linux, will let you get at the files. While the container is mounted, you can immediate access to everything inside. You need to unmount the container (drive) to re-protect its contents. Logging out or shutting down Windows will also unmount the container. There are some folder protect tools but they run as stacked file drivers. That's why I mention they are easily avoided by using a different OS to read the disk. In another instance of Windows or by using Linux, the drivers and permissions won't be enforced. Only if that 3rd party folder protect tool encrypts the folder would its contents remain safe when using a different booted OS to access the drive. No 3rd party software needed if you have the Pro or Enterprise edition of Windows 7 where you can use EFS. While TrueCrypt can also be used to encrypt an entire volume, like the partition on the hard disk, even for the OS, I wouldn't suggest it. Development on TrueCrypt ended before UEFI became ubiquitous in new PC builds. Use TrueCrypt's whole-disk encryption only in MBR setups. VeraCrypt is supposed to have been updated to support UEFI. However, like Bitlocker, if you forget your login credentials, the entire volume (partition) becomes unusable. You won't even be able to boot the OS because it is within the encrypted volume. Some users are very paranoid and use whole-disk encryption. You don't need to secrete the OS or app code since it isn't your property anyway and anyone can get that code by simply getting the same OS or app. You really only need to protect your own data files (unless you're into programming and working on a new project on your computer and want to make sure espionage can't be used to get at your gem of new code). Back in TrueCrypt's hey day, there were some alternative but not all were free, like TrueCrypt (or provided source code for inspection and instead were closed and proprietary). There have been 2 audits of TrueCrypt's code: no backdoors were found and the defects were piddly. BestCrypt had a free version but closed called Traveller. It was far more basic than TrueCrypt but then not all users want all the features of TrueCrypt. It's Windows 7 Professional 64-bit NTFS. All this sounds, however, like more than I want to get involved in. Maybe I should forget the whole thing... Learning a word processor takes effort, too, as does just about any software you install. I've used BestCript for many years. They advertise 'no back doors', but who knows if this is true. It's pricey at $100 now. I was shocked when I put Win7 on that my copy no longer works. You have to 'renew' it every so often or it ages out. I wasn't aware. Since I've used image backup for years I've managed to keep a working copy. It's a fairly easy learning curve. It creates 'containers' that are encrypted throughout and open as drives. A password lets you in. Sounds interesting, John. I'll check it out. Thank you. -- Jo-Anne |
#19
|
|||
|
|||
password-protecting a file or folder
On 7/19/2018 5:40 AM, J. P. Gilliver (John) wrote:
In message , Jo-Anne writes: On 7/18/2018 8:39 PM, Zaidy036 wrote: On 7/18/2018 5:23 PM, 0 On 18/07/2018 21:43, Jo-Anne wrote: I've Googled password-protecting files and folders; and according to what I've read, one needs third-party software to do this in W7; or one can encrypt the files/folders instead. Any suggestions for third-party software? 7-zip 7_zip is free and easy to use and can be run in a batch. Thank you. I assume you mean that I can password-protect the zipped files? Yes, and that might be a good compromise. I think even the built-in .zip handler can handle passwords, though I'm not sure about that. How robust the protection available is is arguable, but as you've conceded nothing is bulletproof; if all you want is that when thief/hacker tries to access a file s/he is prompted for a password, this would be a good first step (perhaps along with not using obvious filenames). Note that (I think) you can see the _names_ of the files inside a password-protected .zip file just by looking at it - you only need the password to actually extract them. Play with it a bit to see if it'd suit you (and read up on whether the ease of cracking it would suit your needs). Thank you, John. One other question: Someone pointed out that password protection of folders and files won't work if the disk is moved to another operating system. As far as I can tell, 7-zip is primarily for Windows, with something also for Linux. If the program won't run on other OS's, would the password protection remain? -- Jo-Anne |
#20
|
|||
|
|||
password-protecting a file or folder
On 7/19/2018 9:01 AM, Zaidy036 wrote:
On 7/19/2018 6:40 AM, J. P. Gilliver (John) wrote: In message , Jo-Anne writes: On 7/18/2018 8:39 PM, Zaidy036 wrote: On 7/18/2018 5:23 PM, 0 On 18/07/2018 21:43, Jo-Anne wrote: I've Googled password-protecting files and folders; and according to what I've read, one needs third-party software to do this in W7; or one can encrypt the files/folders instead. Any suggestions for third-party software? 7-zip 7_zip is free and easy to use and can be run in a batch. Thank you. I assume you mean that I can password-protect the zipped files? Yes, and that might be a good compromise. I think even the built-in .zip handler can handle passwords, though I'm not sure about that. How robust the protection available is is arguable, but as you've conceded nothing is bulletproof; if all you want is that when thief/hacker tries to access a file s/he is prompted for a password, this would be a good first step (perhaps along with not using obvious filenames). Note that (I think) you can see the _names_ of the files inside a password-protected .zip file just by looking at it - you only need the password to actually extract them. Play with it a bit to see if it'd suit you (and read up on whether the ease of cracking it would suit your needs). https://www.7-zip.org/ There is an encrypt file names option Thank you for the additional info, Zaidy. -- Jo-Anne |
#21
|
|||
|
|||
password-protecting a file or folder
On 7/19/2018 8:17 AM, dave61430 wrote:
On Wed, 18 Jul 2018 15:43:37 -0500, Jo-Anne wrote: I've Googled password-protecting files and folders; and according to what I've read, one needs third-party software to do this in W7; or one can encrypt the files/folders instead. Any suggestions for third-party software? Yes, I started off using TrueCrypt then VeraCrypt. Both were good and cross platform, but VeraCrypt for some reason started opening the encrypted container as read only and googling this it turned out others were having the same problem. Both of these use an encrypted container, which is essentially a single file the the program opens as a directory when you enter the password. For single files, I use AESCrypt for Linux/ Windows compatibility. For windows only, AXCrypt is better since it removes the target file once encrypted, whereas AEScrypt leaves both the encrypted and original file in place. Obviously you then have to delete the original file yourself. I am now using SiriKali which again runs in both Linux and Windows. It's quite good and again creates a container file. A nice feature is the size of the file (container) grows as needed (but never shrinks). It's simpler to use than the alternatives I mentioned. There are others, particularly for windows. For archiving, I use a regular zip file and encrypt it with AESCrypt. As far as security, any of the above are very secure as long as you use a decent password. Thank you, Dave. I like the idea of zipping the files and either password-protecting or encrypting the zipped files. -- Jo-Anne |
#22
|
|||
|
|||
password-protecting a file or folder
On 7/18/2018 4:15 PM, J. P. Gilliver (John) wrote [in part]:
[snipped] You'd also need to change your way of working slightly to make sure the unencrypted versions of the files (they have to be unencrypted for you to actually use them!) spend as little time on the computer as possible, and are overwritten with something; they're to be found in page files, hibernate files, and various buffers. [also snipped] I use Eraser from http://eraser.heidi.ie/, which overwrites files to be erased. There are canned erasing methods within the application that the user can select. Some overwrite multiple times. The user can also create additional methods. -- David E. Ross http://www.rossde.com/ Attorney-General Sessions claims the bible favors imprisoning illegal aliens. However, God repeatedly commanded us to welcome the stranger in our land. For example, see the following: Exodus 22:20 at http://bible.ort.org/books/pentd2.asp?ACTION=displaypage&BOOK=2&CHAPTER=22#P2 131 Exodus 23:9 at http://bible.ort.org/books/pentd2.asp?ACTION=displaypage&BOOK=2&CHAPTER=23#P2 151 Deuteronomy 10:19 at http://bible.ort.org/books/pentd2.asp?ACTION=displaypage&BOOK=5&CHAPTER=10#P5 200 |
#23
|
|||
|
|||
password-protecting a file or folder
John B. Smith wrote:
I've used BestCript for many years. They advertise 'no back doors', but who knows if this is true. It's pricey at $100 now. I was shocked when I put Win7 on that my copy no longer works. You have to 'renew' it every so often or it ages out. I wasn't aware. Since I've used image backup for years I've managed to keep a working copy. It's a fairly easy learning curve. It creates 'containers' that are encrypted throughout and open as drives. A password lets you in. BestCript? Or BestCrypt? I've only heard about the latter. It's has been many years since I went looking for an alternative to TrueCrypt, and back then BestCrypt Traveller was free. They still list it on their "Free Security Tools" page at: https://www.jetico.com/free-security-tools Clicking on Traveller takes you to: https://www.jetico.com/free-security...rypt-traveller It doesn't have all the features of their full-blown payware version but then some folks actually prefer a simpler tool. For example, Traveller won't do volume (drive) encryption; however, that can be dangerous to folks that don't understand how it works. I stuck with TrueCrypt. |
#24
|
|||
|
|||
password-protecting a file or folder
Jo-Anne wrote:
I like the idea of zipping the files and either password-protecting or encrypting the zipped files. Password protection of .zip files is easily hacked. That is why I did not mention using passworded compressed archive files (.zip, .7z, etc). If the zip tool offers legacy Zip and AES encryption, choose AES. WinZip (payware) offers AES (128 and 256 bit) encryption. Other zip tools usually only offer the weak legacy Zip encryption. There are many password recovery tools that will hack the weak legacy Zip password. Many users like 7-zip (freeware). I use Peazip (also freeware) because it supports most of the compression algorithms along with 7-zip's own (Peazip got the library from 7-zip); however, Peazip has a more modern UI than for 7-zip whose UI harkens back to the Windows 3.x era. However, neither one supports AES encryption, just the weak encryption. http://www.peazip.org/encrypt-files.html While a hacker might try decrypting the AES-based content, they would have to also have to separately try Serpent or TwoFish which would dramatically add to the time to decrypt successfully. 7-Zip just has AES encryption. Peazip has AES, TwoFish, and Serpent; however, since I haven't used encryption with Peazip, I don't know how to select which encryption algorithm to use (and didn't see an option when creating a new archive). Couple be, per the above article, a combined AES + Serpent + TwoFish encryption requires using the .pea archive format. When putting files into a compressed archive with a password, remember that the original file sticks around. You would have to delete it. Whether you or the archiver deletes the file, the file's contents still occupies the file system's clusters until those clusters are reallocated to another file AND until those clusters get overwritten by some other program writing to that file. Peazip comes with a secure file eraser (which can optionally be added to the Windows Explorer context menu). There are lots of file recovery tools. If you don't want to leave behind any trace of a file's content that you put into a passworded archive file then you need to securely erase the original file, not just delete it. I have Peazip configured to do 2 passes to securely erase the clusters occupied by a file. That is more than sufficient with drive manufactured for over two decades. Only on ancient RLL-encoded hard drives might the 35-pass Gutmann method. Note when using encryption within a .zip file that normally just the *contents* of the files stored within the archive file are encrypted. The filenames listed as records within the archive will still have the original names. If you need to ensure that no one can deduce what might be within a file, use an archiver that also encrypts the filenames. Peazip has that option. I'd have to research to find out if 7-zip does. Peazip also offers a two-factor algorithm: not only do you need to know the password but must also supply a keyfile. You generate a keyfile for the .zip archive and store it somewhere, like on a USB flash drive to which only you have physical access (because you don't want someone else copying the keyfile off the USB drive). I've never bothered with 2-factor authentication but then I don't bother using encryption in archivers since I use TrueCrypt (or you could use BestCrypt Traveller or VeraCrypt or other alternatives). I haven't used Traveller or VeraCrypt. In TrueCrypt, you can even compound the encryption algorithms. You could just use AES, or you could use AES + TwoFish or AES + TwoFish + Serpent. The added layers make decryption much more difficult; however, the extra encryptions also make decryption slower, so the access to the mounted container will be slower (not a problem with doc files but perhaps with videos). In addition, you can create an encrypted container (file) that has 2 passwords: one which allows access to one part of the container and another that allows access to a more secret part of the container. If someone forces you to reveal your password, like pointing a gun at your kids or wife or you or to satisfy FBI investigators applying legal action, you could give them the first password. That lets them into the first part of the container where you deposited inocuous files (something to appease the intruder but nothing sensitive or hurtful to you). They cannot get into the second part of the container where is the real files you want to hide. They cannot determine there is a second password and a second portion of the container because all that data is always randomized by TrueCrypt (rather than being unallocated). Again, these are advanced features that some users don't care about, so they want something simpler, like BestCrypt Traveller. If you go with a compressed archiver (.zip files), many use weak legacy Zip encryption that password recovery tools can hack. So choose wisely. https://www.youtube.com/watch?v=0H3rdfI28s0 And remember that when you read any file whether from an encrypted container or zip file that there could be [temporary] copies left behind outside the container or zip file. The files are secure only when in situ inside the container. Editing a file means creating a temporary copy of it or buffers (which might be in memory but could be on th disk) within the program with portions of the file. You might copy the file out of the container. Once you close the container, you need to securely wipe any remnants of the file when it was outside the container. |
#25
|
|||
|
|||
password-protecting a file or folder
In message , Jo-Anne
writes: [] Thank you, John. One other question: Someone pointed out that password protection of folders and files won't work if the disk is moved to another operating system. As far as I can tell, 7-zip is primarily for Windows, with something also for Linux. If the program won't run on other OS's, would the password protection remain? If you use a scheme which controls _access_ to files/folders with a password, but doesn't actually encrypt the files themselves (the data in them), then indeed it won't be protected if the disc is read on a system that allows access to them another way. The zip file format itself is understood by various OSs - IIRR it predates Windows. And the encryption available _does_ encrypt the actual data, not just controls access to it - though to varying difficulties, depending what you use to create them; see VanguardLH's post. I don't know if 7-zip is Windows only, but if it is, there will certainly be utilities capable of zipping and unzipping zip files on other systems - but of course only if you know the password. If I read VLH's post correctly, not all of such utilities offer the most robust encryption. (So presumably if you use one that uses the best encryption to create the zip file, and then try to recover the data using one of the weaker utilities - whether on the same OS or a different one - you won't succeed.) -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf Less rules means fewer grammar? - Marjorie in UMRA, 2014-1-28 13:14 |
#26
|
|||
|
|||
password-protecting a file or folder
In message , David E. Ross
writes: On 7/18/2018 4:15 PM, J. P. Gilliver (John) wrote [in part]: [snipped] You'd also need to change your way of working slightly to make sure the unencrypted versions of the files (they have to be unencrypted for you to actually use them!) spend as little time on the computer as possible, and are overwritten with something; they're to be found in page files, hibernate files, and various buffers. [also snipped] I use Eraser from http://eraser.heidi.ie/, which overwrites files to be erased. There are canned erasing methods within the application that the user can select. Some overwrite multiple times. The user can also create additional methods. You're not quite getting the point I'm making. Jo-Anne is looking into the possibility of encrypting files, so she can still use them but it's harder for a thief or hacker to. Utilities like the one you mention make files irretrievable for anyone - provided you know where they are in the first place. The point I was making was that when you actually _use_ a file (edit a document or, copies of the (unencrypted) data will exist in various buffers (some of which will be written to disc, such as in page sleep or hibernate files). If you're sufficiently paranoid, you need to make sure those are erased too - for which you'll first have to know where they are - as well as the "official" copies of the files encrypted. I think there are ways of working that minimise such buffering (usually at the expense of at least _some_ performance) - things like turning off hibernation/sleep altogether, setting page file size of zero - not my field. -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf Anything you add for security will slow the computer but it shouldn't be significant or prolonged. Security software is to protect the computer, not the primary use of the computer. - VanguardLH in alt.windows7.general, 2018-1-28 |
#27
|
|||
|
|||
password-protecting a file or folder
On 7/19/2018 6:52 PM, J. P. Gilliver (John) wrote:
In message , Jo-Anne writes: [] Thank you, John. One other question: Someone pointed out that password protection of folders and files won't work if the disk is moved to another operating system. As far as I can tell, 7-zip is primarily for Windows, with something also for Linux. If the program won't run on other OS's, would the password protection remain? If you use a scheme which controls _access_ to files/folders with a password, but doesn't actually encrypt the files themselves (the data in them), then indeed it won't be protected if the disc is read on a system that allows access to them another way. The zip file format itself is understood by various OSs - IIRR it predates Windows. And the encryption available _does_ encrypt the actual data, not just controls access to it - though to varying difficulties, depending what you use to create them; see VanguardLH's post. I don't know if 7-zip is Windows only, but if it is, there will certainly be utilities capable of zipping and unzipping zip files on other systems - but of course only if you know the password. If I read VLH's post correctly, not all of such utilities offer the most robust encryption. (So presumably if you use one that uses the best encryption to create the zip file, and then try to recover the data using one of the weaker utilities - whether on the same OS or a different one - you won't succeed.) Thank you again, John. -- Jo-Anne |
#28
|
|||
|
|||
password-protecting a file or folder
On 7/19/2018 4:30 PM, VanguardLH wrote:
Jo-Anne wrote: I like the idea of zipping the files and either password-protecting or encrypting the zipped files. Password protection of .zip files is easily hacked. That is why I did not mention using passworded compressed archive files (.zip, .7z, etc). If the zip tool offers legacy Zip and AES encryption, choose AES. WinZip (payware) offers AES (128 and 256 bit) encryption. Other zip tools usually only offer the weak legacy Zip encryption. There are many password recovery tools that will hack the weak legacy Zip password. Many users like 7-zip (freeware). I use Peazip (also freeware) because it supports most of the compression algorithms along with 7-zip's own (Peazip got the library from 7-zip); however, Peazip has a more modern UI than for 7-zip whose UI harkens back to the Windows 3.x era. However, neither one supports AES encryption, just the weak encryption. http://www.peazip.org/encrypt-files.html While a hacker might try decrypting the AES-based content, they would have to also have to separately try Serpent or TwoFish which would dramatically add to the time to decrypt successfully. 7-Zip just has AES encryption. Peazip has AES, TwoFish, and Serpent; however, since I haven't used encryption with Peazip, I don't know how to select which encryption algorithm to use (and didn't see an option when creating a new archive). Couple be, per the above article, a combined AES + Serpent + TwoFish encryption requires using the .pea archive format. When putting files into a compressed archive with a password, remember that the original file sticks around. You would have to delete it. Whether you or the archiver deletes the file, the file's contents still occupies the file system's clusters until those clusters are reallocated to another file AND until those clusters get overwritten by some other program writing to that file. Peazip comes with a secure file eraser (which can optionally be added to the Windows Explorer context menu). There are lots of file recovery tools. If you don't want to leave behind any trace of a file's content that you put into a passworded archive file then you need to securely erase the original file, not just delete it. I have Peazip configured to do 2 passes to securely erase the clusters occupied by a file. That is more than sufficient with drive manufactured for over two decades. Only on ancient RLL-encoded hard drives might the 35-pass Gutmann method. Note when using encryption within a .zip file that normally just the *contents* of the files stored within the archive file are encrypted. The filenames listed as records within the archive will still have the original names. If you need to ensure that no one can deduce what might be within a file, use an archiver that also encrypts the filenames. Peazip has that option. I'd have to research to find out if 7-zip does. Peazip also offers a two-factor algorithm: not only do you need to know the password but must also supply a keyfile. You generate a keyfile for the .zip archive and store it somewhere, like on a USB flash drive to which only you have physical access (because you don't want someone else copying the keyfile off the USB drive). I've never bothered with 2-factor authentication but then I don't bother using encryption in archivers since I use TrueCrypt (or you could use BestCrypt Traveller or VeraCrypt or other alternatives). I haven't used Traveller or VeraCrypt. In TrueCrypt, you can even compound the encryption algorithms. You could just use AES, or you could use AES + TwoFish or AES + TwoFish + Serpent. The added layers make decryption much more difficult; however, the extra encryptions also make decryption slower, so the access to the mounted container will be slower (not a problem with doc files but perhaps with videos). In addition, you can create an encrypted container (file) that has 2 passwords: one which allows access to one part of the container and another that allows access to a more secret part of the container. If someone forces you to reveal your password, like pointing a gun at your kids or wife or you or to satisfy FBI investigators applying legal action, you could give them the first password. That lets them into the first part of the container where you deposited inocuous files (something to appease the intruder but nothing sensitive or hurtful to you). They cannot get into the second part of the container where is the real files you want to hide. They cannot determine there is a second password and a second portion of the container because all that data is always randomized by TrueCrypt (rather than being unallocated). Again, these are advanced features that some users don't care about, so they want something simpler, like BestCrypt Traveller. If you go with a compressed archiver (.zip files), many use weak legacy Zip encryption that password recovery tools can hack. So choose wisely. https://www.youtube.com/watch?v=0H3rdfI28s0 And remember that when you read any file whether from an encrypted container or zip file that there could be [temporary] copies left behind outside the container or zip file. The files are secure only when in situ inside the container. Editing a file means creating a temporary copy of it or buffers (which might be in memory but could be on th disk) within the program with portions of the file. You might copy the file out of the container. Once you close the container, you need to securely wipe any remnants of the file when it was outside the container. Thank you, Vanguard. You've been very clear. The situation is more complex than I had anticipated. -- Jo-Anne |
#29
|
|||
|
|||
password-protecting a file or folder
On Thu, 19 Jul 2018 20:44:43 -0500, Jo-Anne wrote:
On 7/19/2018 4:30 PM, VanguardLH wrote: Jo-Anne wrote: I like the idea of zipping the files and either password-protecting or encrypting the zipped files. Password protection of .zip files is easily hacked. That is why I did not mention using passworded compressed archive files (.zip, .7z, etc). If the zip tool offers legacy Zip and AES encryption, choose AES. WinZip (payware) offers AES (128 and 256 bit) encryption. Other zip tools usually only offer the weak legacy Zip encryption. There are many password recovery tools that will hack the weak legacy Zip password. Many users like 7-zip (freeware). I use Peazip (also freeware) because it supports most of the compression algorithms along with 7-zip's own (Peazip got the library from 7-zip); however, Peazip has a more modern UI than for 7-zip whose UI harkens back to the Windows 3.x era. However, neither one supports AES encryption, just the weak encryption. http://www.peazip.org/encrypt-files.html While a hacker might try decrypting the AES-based content, they would have to also have to separately try Serpent or TwoFish which would dramatically add to the time to decrypt successfully. 7-Zip just has AES encryption. Peazip has AES, TwoFish, and Serpent; however, since I haven't used encryption with Peazip, I don't know how to select which encryption algorithm to use (and didn't see an option when creating a new archive). Couple be, per the above article, a combined AES + Serpent + TwoFish encryption requires using the .pea archive format. When putting files into a compressed archive with a password, remember that the original file sticks around. You would have to delete it. Whether you or the archiver deletes the file, the file's contents still occupies the file system's clusters until those clusters are reallocated to another file AND until those clusters get overwritten by some other program writing to that file. Peazip comes with a secure file eraser (which can optionally be added to the Windows Explorer context menu). There are lots of file recovery tools. If you don't want to leave behind any trace of a file's content that you put into a passworded archive file then you need to securely erase the original file, not just delete it. I have Peazip configured to do 2 passes to securely erase the clusters occupied by a file. That is more than sufficient with drive manufactured for over two decades. Only on ancient RLL-encoded hard drives might the 35-pass Gutmann method. Note when using encryption within a .zip file that normally just the *contents* of the files stored within the archive file are encrypted. The filenames listed as records within the archive will still have the original names. If you need to ensure that no one can deduce what might be within a file, use an archiver that also encrypts the filenames. Peazip has that option. I'd have to research to find out if 7-zip does. Peazip also offers a two-factor algorithm: not only do you need to know the password but must also supply a keyfile. You generate a keyfile for the .zip archive and store it somewhere, like on a USB flash drive to which only you have physical access (because you don't want someone else copying the keyfile off the USB drive). I've never bothered with 2-factor authentication but then I don't bother using encryption in archivers since I use TrueCrypt (or you could use BestCrypt Traveller or VeraCrypt or other alternatives). I haven't used Traveller or VeraCrypt. In TrueCrypt, you can even compound the encryption algorithms. You could just use AES, or you could use AES + TwoFish or AES + TwoFish + Serpent. The added layers make decryption much more difficult; however, the extra encryptions also make decryption slower, so the access to the mounted container will be slower (not a problem with doc files but perhaps with videos). In addition, you can create an encrypted container (file) that has 2 passwords: one which allows access to one part of the container and another that allows access to a more secret part of the container. If someone forces you to reveal your password, like pointing a gun at your kids or wife or you or to satisfy FBI investigators applying legal action, you could give them the first password. That lets them into the first part of the container where you deposited inocuous files (something to appease the intruder but nothing sensitive or hurtful to you). They cannot get into the second part of the container where is the real files you want to hide. They cannot determine there is a second password and a second portion of the container because all that data is always randomized by TrueCrypt (rather than being unallocated). Again, these are advanced features that some users don't care about, so they want something simpler, like BestCrypt Traveller. If you go with a compressed archiver (.zip files), many use weak legacy Zip encryption that password recovery tools can hack. So choose wisely. https://www.youtube.com/watch?v=0H3rdfI28s0 And remember that when you read any file whether from an encrypted container or zip file that there could be [temporary] copies left behind outside the container or zip file. The files are secure only when in situ inside the container. Editing a file means creating a temporary copy of it or buffers (which might be in memory but could be on th disk) within the program with portions of the file. You might copy the file out of the container. Once you close the container, you need to securely wipe any remnants of the file when it was outside the container. Thank you, Vanguard. You've been very clear. The situation is more complex than I had anticipated. No he isn't very clear, what is clear is he doesn't read too well. I said encrypt the zip file with something like AESCrypt, not at all the same as using the built in crackable scheme in some zip iterations. If you are paranoid about deleting the original file, there are a number of secure delete utilities available. Note, AXCrypt deletes and scrubs the original but is windows only. I'm on Linux, but want to be able to recover in windows in need be. |
#30
|
|||
|
|||
password-protecting a file or folder
On Thu, 19 Jul 2018 15:49:02 -0500, VanguardLH wrote:
John B. Smith wrote: I've used BestCript for many years. They advertise 'no back doors', but who knows if this is true. It's pricey at $100 now. I was shocked when I put Win7 on that my copy no longer works. You have to 'renew' it every so often or it ages out. I wasn't aware. Since I've used image backup for years I've managed to keep a working copy. It's a fairly easy learning curve. It creates 'containers' that are encrypted throughout and open as drives. A password lets you in. BestCript? Or BestCrypt? I've only heard about the latter. It's has been many years since I went looking for an alternative to TrueCrypt, and back then BestCrypt Traveller was free. They still list it on their "Free Security Tools" page at: https://www.jetico.com/free-security-tools Clicking on Traveller takes you to: https://www.jetico.com/free-security...rypt-traveller It doesn't have all the features of their full-blown payware version but then some folks actually prefer a simpler tool. For example, Traveller won't do volume (drive) encryption; however, that can be dangerous to folks that don't understand how it works. I stuck with TrueCrypt. Sorry mis-spelling it is BestCrypt. My excuse is I took a header on my bike and am existing on pills. As another poster said, if any govt agency wants your password all they have to do is threaten huge fines etc till you cave. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|