13 Free Software That Encrypt Your Data

[Guest]

The information you store on your computer not only represents hours of hard work, but business and personal secrets as well. Here are thirteen free utilities that—with proper use—will keep your data secure.

13 Free Software That Encrypt Your Data : Read more

 

[freggo]

Interesting list. I stay with TrueCrypt. Works well, never had a problem,

 

[Guest]

I do like the premise of the article, but IMHO full of questionable choices.

1. Gmail: while your connection to the gmail server is encrypted through https, your mail is neither encrypted on the gmail server itself nor during the transport to your recipient nor on your recipients side. It is well known that the US-law-enforcement can be given access to gmail and the same might be true for law-enforcement in many other countries. It can also be accessed if someone hacks gmail (happened at least once already, perpetrator beeing most probably the chinese government). Your data is not really save from anyone.

TL;DR: Gmail is NOT encryption!

2. Similarly to point one, the article does not clear up the difference between spideroak and e.g. dropbox. While dropbox does encrypt your data during transfer, it is NOT encrypted on the dropbox servers. While there are good reasons for this it also means your data is not save from law-enforcement or hackers (or the 24h dropbox bug where you could log into any account because they forgot to check whether the password was correct). Spideroak on the other does not have your unencrypted data. All data is first encrypted by a password only known to you and then sent to spideroak. Your data on the spideroak servers is encrypted with your password, so none (not even spideroak) can decrypt it except you. This is also the reason there is no web-interface for spideroak.
TL;DR: Dropbox is NOT encryption, but SpiderOak is.

 

[pcxperp]

"TrueCrypt can even create a decoy OS on your PC, which you can provides access to under duress and through the scent of the real OS which contains your sensitive data."

I think this is supposed to be something more like, "TrueCrypt can even create a decoy encrypted file or partition on your PC, which you can provides access to under duress and throw the scent off the real encrypted file or partition which contains your sensitive data."

I use TrueCrypt regularly and have never known it to support any type of fake OS. It will let you create a partition in which to store encrypted data, and then you can assign that partition to masquerade as a different file type (such as a word doc, sys file, or whatever you choose). You can then bury the partition deep inside a system folder where the average user would never dare tread. If someone was looking right at it, they would not know it because it would appear to be a regular file (you could name the file "system.ini", assign it an icon, and bury it in the Windows folder).
The dummy partition works as follows: lets say when you create the partition make it 40gigs, 30 to main partition and 10 to the dummy partition. Make the partition appear to look like a system file or whatever. The 30gig portion is assigned the password XXXXXX, and the hidden 10gig partition is assigned the password OOOOOO. Then dump all your porn on the 30 gig partition, and maybe all your old school work on the 10gig. If by chance your wife came across the file, tried to open it, and became suspicious when it won't open, you could say, "Look honey, its just my old school work", type in the OOOOOO password for the hidden partition, and it will show her the school work you have inside. Think of it as having two passwords for your partition file, one that opens the main, and one that opens the hidden portion within the main.

I don't know of any other encrypting programs that give the end user that kind of control and freedom. Obviously, I LOVE Truecrypt.

 

[ben850]

+9,001 for TrueCrypt

 

[LORD_ORION]

Can you trust things like FileVault and Bitlocker to be safe? At a minimum, you could not trust it to save you from your own government.

 

[pcxperp]

Filevault and Bitlocker suck. If I can crack your OS password, then I have access to your Bitlocker files. There are dozens of free apps out there that can crack a Windows password in seconds, basically making Bitlocker useless.

 

[assasin32]

[citation][nom]pcxperp[/nom]Filevault and Bitlocker suck. If I can crack your OS password, then I have access to your Bitlocker files. There are dozens of free apps out there that can crack a Windows password in seconds, basically making Bitlocker useless.[/citation]

If your using a weak password like "password" or "0123" you shouldn't be using encryption it's that simple. But I imagine majority of the users who do use encryption your not going to be able to use a password guesser on any program they use and get their password within any amount of time that the data will still be of use. Things are un/fortunately not like TV where we can have Abbey crack 256bit AES encryption in a hurry to find the serial killer from the USB key he accidently left on scene.

Take me for example my password for what I use encryption on it's pretty much equalivent to using a PW like this "I really h8t3 annoyingly b1g passwords don't you???" and thats combined with some keyfiles you need to know about to use. Chances are your not going to be able to access that unless I let you because every time you add a character to a password you increase how strong it is drastically so memorizing "ah93!5k" isn't as strong as a simple sentence thats easy to memorize especially if you have bad spelling/grammer.

So to sum it up, a password guesser is only viable to people who use basic passwords which TBH those type of people are generally willing to give out their passwords if you just ask them nicely from my experience. But for a decent chunk of the people who use halfway decent password (not even the ones i listed as examples but much simpler) your password guesser will take forever to get it still, if it even does. It won't magically crack a PW in seconds, unless it's built to check common passwords first and the person used one of them.

 

[pcxperp]

[citation][nom]assasin32[/nom]If your using a weak password like "password" or "0123" you shouldn't be using encryption it's that simple. But I imagine majority of the users who do use encryption your not going to be able to use a password guesser on any program they use and get their password within any amount of time that the data will still be of use. Things are un/fortunately not like TV where we can have Abbey crack 256bit AES encryption in a hurry to find the serial killer from the USB key he accidently left on scene.Take me for example my password for what I use encryption on it's pretty much equalivent to using a PW like this "I really h8t3 annoyingly b1g passwords don't you???" and thats combined with some keyfiles you need to know about to use. Chances are your not going to be able to access that unless I let you because every time you add a character to a password you increase how strong it is drastically so memorizing "ah93!5k" isn't as strong as a simple sentence thats easy to memorize especially if you have bad spelling/grammer. So to sum it up, a password guesser is only viable to people who use basic passwords which TBH those type of people are generally willing to give out their passwords if you just ask them nicely from my experience. But for a decent chunk of the people who use halfway decent password (not even the ones i listed as examples but much simpler) your password guesser will take forever to get it still, if it even does. It won't magically crack a PW in seconds, unless it's built to check common passwords first and the person used one of them.[/citation]

I am not talking about a password guesser. I am talking about service software that I use on a daily basis that will retrieve Windows passwords from the registry. Like it even says in the article,

"BitLocker essentially works the same way, unscrambling data as you access your files on the PC, while keeping everything encrypted so that casual observers can't see the information stored on your computer. It also has the same vulnerability: knowledge of your Windows password provides full access."

If I can retrieve your Windows login password, I can gain access to your Bitlocker files.

If you need a good Windows password retrieval app, let me know, I'll dropbox it for you.

 

[assasin32]

[citation][nom]pcxperp[/nom]I am not talking about a password guesser. I am talking about service software that I use on a daily basis that will retrieve Windows passwords from the registry. Like it even says in the article, "BitLocker essentially works the same way, unscrambling data as you access your files on the PC, while keeping everything encrypted so that casual observers can't see the information stored on your computer. It also has the same vulnerability: knowledge of your Windows password provides full access." If I can retrieve your Windows login password, I can gain access to your Bitlocker files. If you need a good Windows password retrieval app, let me know, I'll dropbox it for you.[/citation]

My mistake, sounds interesting I think I look into that the next time I have free time. I have no use for it but every now and than I like looking into these things for fun.

 

[Guest]

"HTTPS in Gmail ensures that, even if someone intercepts your emails, they won't be able to view their contents"

Noooo thats is called S-MIME not HTTPS

 

[Guest]

What about dm-crypt? It would have been more accurate to mention LUKS on which FreeOTFE is based.

 

[ZambonieDude]

MISSING - a simple file/folder encryptor.

SOLUTION - Nothing is as easy & simple & secure as Encryption Wizard, http/spi.dod.mil/ewizard.htm. Coming from the Air Force Research Lab it can be trusted more that freeware from a lesser-known source. Compared to the others here, it simply encrypts files/folders, for local storage or sending across the Internet (email, posting, etc.) Its DoD certified software and originates from a cyber-defense R&D lab to "mitigate nation-state class threats".

 

[Guest]

pcxperp:. I’ve used windows password retrieval apps. I had the same idea when I first read bout BitLocker.

I was wrong.

BitLocker does more than you think.

You said: “I am not talking about a password guesser. I am talking about service software that I use on a daily basis that will retrieve Windows passwords from the registry”

Let say you have my laptop that you are trying to break and I have BitLocker on and I have a password you just can’t guess.

1) You still have to log into my laptop to run your registry password program. You’ll need my password here, which you don’t have. You can’t log on to my computer to run anything.

2) You could try to interject something into the boot path to allow you to log in. Bitlocker stops this and demands a key you don’t have.

3) You could take the HD out and put it into another computer to run the registry password program. Bitlocker stops this and demands a key you don’t have.

So your registry password program has no place to run because you can’t log in. Or your program can run but the drive has been locked with a key you don’t have.

Do you still think you can bypass a computer with bitlocker without knowing my password? If so what steps would you take. Again, I thought the same way you did, but I was wrong. I'd like to be wrong twice if you can figure it out.