Programs for reading encrypted files. Programs for encrypting folders and files. Public key cryptography and exchange

Tips for beginners

Editor's Choice

File encryption programs

Encrypt everything!

Every time information leaks out on the Internet about a scandal related to the fact that important documents have leaked somewhere, I ask myself why they were not encrypted? Document protection should be everywhere, after all.

Encryption algorithms

The encryption algorithm is like a black box. A dump of a document, image, or other file that you load into it, you get back. But what you see seems to be nonsense.

You can turn this gibberish back into a normal document through the window with the same password that you entered during encryption. This is the only way to get the original.

The US government has recognized Advanced Encryption Standard (AES) as a standard, and all products assembled here support the AES encryption standard.

Even those who support other algorithms generally recommend using AES.

If you are an encryption expert, you may prefer another algorithm, Blowfish, and perhaps even the Soviet government's GOST algorithm.

But this is for fans of extreme entertainment. For the average user, AES is just a great solution.

Public key cryptography and exchange

Passwords are important and you should keep them private, right? Well, not when using the Public Key Infrastructure (PKI) that is used in cryptography.

If I want to send you a secret document, I just encrypt it with my public key. When you receive it, you can use it to decrypt the document. It's that simple!

Using this system in the opposite direction, you can create a digital signature that confirms that your document came from you and has not been altered. How? Just encrypt it with your private key.

The fact that your public key decrypts it is proof that you have the right to edit it.

PKI support is less common than traditional symmetric support.

Many products allow the creation of self-decrypting executable files.

Also, you may find that the recipient can use a certain decryption-only tool for free.

What's better?

There is now a huge selection of products available in the encryption field.

Everyone simply has to choose the solution that will be convenient in terms of functionality, practical and stylish from the point of view of the interface of the main program window.

The digital CertainSafe safe goes through a multi-step security algorithm that identifies you on the site. You will have to go through multiple authentication checks each time.

Your files are encrypted, and if someone tries to break them, they fall apart and no one can recreate them. In this case, there is a certain risk, but at the same time, and the level of reliability is very decent.

Then each chunk of the file is stored on a different server. A hacker who has been able to break into one of the servers cannot do anything useful.

Locking can encrypt files or simply lock them so that no one can open them. It also offers encrypted lockers for safe keeping of personal confidential.

Other useful features include shredding, free space shredding, secure network backups, and self-decrypting files.

VeraCrypt (Windows / OS X / Linux)

VeraCrypt supports truecrypt encryption, which was discontinued last year.

The development team claims they have already addressed the issue raised during the initial audit of truecrypt and believe it can still be used as an available version for, OS X and.

If you're looking for a file encryption tool that actually works, this is it. VeraCrypt supports AES (the most commonly used algorithm).

It also supports TwoFish and Serpent encryption ciphers, and supports the creation of hidden encrypted volumes.

The program code is open source, most of the code base consists of Truecrypt.

The program is also constantly evolving, with regular security updates and independent audits at the planning stage (according to the developers).

Those of you who have tried it have praised it for the on-the-fly encryption tool works great and only decrypts your files when you need them. So the rest of the time they are stored encrypted.

Especially users note that the program is a powerful tool that is easy to use and always in place. Yes, it lacks a pretty interface or a ton of bells and whistles.

AxCrypt (Windows)

AxCrypt is free and open source software under the GNU license.

A GPL-licensed encryption tool for Windows that prides itself on being simple, efficient, and reliable to use.

It integrates nicely with the Windows shell, so you can right-click on the file you want to encrypt and issue a command.

Or, you can simply tweak the executable code so that the file will be locked if not used for a certain period of time. It can be decrypted later, or when the recipient notifies of receipt.

Files with AxCrypt can be decrypted on demand or you can keep them decrypted while they are in use and then automatically encrypted.

It supports 128-bit AES encryption, provides protection against hacking attempts. It is very lightweight (less than 1 MB.)

Everyone decides for himself which program to use, but if your data is worth anything to you, be sure to think about the fact that you need a program for encryption.

Encrypting files and folders in Windows

File encryption software: which is the best to choose?

We recently compared mobile (for Android) encryption apps. It's time for a similar review, but for desktop programs.

Selection of programs for comparison

In order for all three programs to be in the same weight category, it was decided to compare only proprietary software, that is, software with closed source code. Folder Lock and PGP Desktop will be compared with CyberSafe Top Secret. I think that many are familiar with the last program. But Folder Lock was not chosen by chance either - it won a gold award in a comparison of ten encryption programs.

Folder Lock Overview

The main features of Folder Lock are as follows:
  • AES encryption, 256-bit key.
  • Hiding files and folders.
  • File encryption (by creating virtual disks - safes) "on the fly".
  • Online backup.
  • Create secure USB / CD / DVD drives.
  • Encryption of email attachments.
  • Creation of encrypted "wallets" storing information about credit cards, accounts, etc.

It would seem that the program has enough capabilities, especially for personal use. Now let's look at the program in action. At the first launch, the program asks to set a master password, which is used to authenticate the user in the program (Fig. 1). Imagine this situation: you have hidden files, and someone else launched the program, looked at which files were hidden and gained access to them. Agree, not very good. But if the program asks for a password, then this "someone" will not succeed - at least until he finds out or finds out your password.


Figure: 1. Setting the master password at the first start

First of all, let's see how the program hides files. Go to section Lock Files, then either drag files (Fig. 2) and folders to the main area of \u200b\u200bthe program, or use the button Add... As shown in fig. 3, the program allows you to hide files, folders and drives.


Figure: 2. Drag and drop the file, select it and click the Lock


Figure: 3. Button Add

Let's see what happens when we press the button Lock... I tried to hide the file C: \\ Users \\ Denis \\ Desktop \\ cs.zip. The file disappeared from Explorer, Total Commander and other file managers, even if the display of hidden files is enabled. The file hide button is called Lockand section Lock Files... However, these UI elements would need to be named Hide and Hide Files, respectively. Because, in fact, the program does not block access to the file, but simply "hides" it. Look at fig. 4. Knowing the exact name of the file, I copied it to the cs2.zip file. The file was copied quietly, there were no access errors, the file was not encrypted - it was unpacked as usual.


Figure: 4. Copy hidden file

By itself, the concealment function is stupid and useless. However, if you use it in conjunction with the file encryption function - to hide the safes created by the program - then the effectiveness of its use will increase.
In section Encrypt Files you can create lockers. A safe is an encrypted container that, once mounted, can be used like a regular disk - encryption is not simple, but transparent. The same technique is used by many other encryption programs, including TrueCrypt, CyberSafe Top Secret, and others.


Figure: 5. Encrypt Files section

Click the button Create locker, in the window that appears, enter a name and select the location of the safe (Fig. 6). Next, you need to enter a password to access the safe (Fig. 7). The next step is to select the file system and the size of the safe (Fig. 8). The size of the safe is dynamic, but you can set the maximum limit. This saves disk space if you are not using a full-size safe. Optionally, you can create a fixed-size safe, which will be shown in the Performance section of this article.


Figure: 6. Name and location of the safe


Figure: 7. Password to access the safe


Figure: 8. File system and size of the safe

After that, you will see the UAC window (if enabled), in which you will need to click Yes, then a window with information about the created safe will be displayed. In it, you need to click the Finish button, after which the Explorer window will open, displaying the mounted container (media), see fig. nine.


Figure: 9. Virtual disk created by the program

Return to the section Encrypt Files and select the created safe (fig. 10). Button Open locker allows you to open a closed safe, Close Locker - close open, button Edit Options calls a menu containing commands for deleting / copying / renaming / changing the safe password. Button Backup Online allows you to back up your safe, and not somewhere, but to the cloud (Fig. 11). But first you have to create an account. Secure Backup Account, after which you will get up to 2 TB of disk space, and your safes will be automatically synchronized with the online storage, which is especially useful if you need to work with the same safe on different computers.


Figure: 10. Operations over the safe


Figure: 11. Creating a Secure Backup Account

Nothing happens just like that. Please see secure.newsoftwares.net/signup?id\u003den for pricing for storing your safes. For 2 TB, you will have to pay $ 400 per month. 500 GB will cost $ 100 per month. To be honest, it is very expensive. For 50-60 $ you can rent a whole VPS with 500 GB "on board", which you can use as storage for your safes and even create your own website on it.
Please note: the program can create encrypted partitions, but unlike PGP Desktop, it cannot encrypt entire disks. In section Protect USB / CD you can protect your USB / CD / DVD drives as well as email attachments (Figure 12). However, this protection is not achieved by encrypting the medium itself, but by writing a self-decrypting safe to the corresponding medium. In other words, a truncated portable version of the program will be written to the selected medium, allowing you to "open" the safe. As such, this program does not have support for mail clients either. You can encrypt the attachment and attach it (already encrypted) to the email. But the attachment is encrypted with a regular password, not PKI. I think there is no point in talking about reliability.


Figure: 12. Protect USB / CD section

Section Make wallets allows you to create wallets containing information about your credit cards, bank accounts, etc. (fig. 13). All information, of course, is stored encrypted. I can say with full responsibility that this section is useless, since the function of exporting information from the wallet is not provided. Imagine that you have many bank accounts and you entered information about each of them into the program - account number, bank name, account owner, SWIFT code, etc. Then you need to provide your account information to a third party to transfer money to you. You will have to manually copy each field, paste it into a document or email. Having an export function would make this task much easier. As for me, it is much easier to store all this information in one common document, which must be placed on the virtual disk created by the program - a safe.


Figure: 13. Wallets

Folder Lock Benefits:

  • An attractive and intuitive interface that will appeal to novice users who speak English.
  • Transparent encryption "on the fly", creating virtual encrypted disks that you can work with like regular disks.
  • Possibility of online backup and synchronization of encrypted containers (safes).
  • The ability to create self-decrypting containers on USB / CD / DVD disks.

Disadvantages of the program:

  • There is no support for the Russian language, which will complicate the work with the program for users who are not familiar with the English language.
  • Doubtful functions Lock Files (which simply hides, rather than "locks" files) and Make Wallets (ineffective without exporting information). Honestly, I thought that the Lock Files feature would provide transparent encryption of a folder / file on the disk, as CyberSafe Top Secret or the EFS file system does.
  • Inability to sign files, verify digital signatures.
  • When opening the safe, it does not allow you to select a drive letter that will be assigned to the virtual disk that corresponds to the safe. In the program settings, you can only select the order in which the program will assign a drive letter - ascending (from A to Z) or descending (from Z to A).
  • There is no integration with email clients, only the ability to encrypt the attachment.
  • The high cost of cloud backup.

PGP Desktop

Symantec's PGP Desktop is a suite of encryption software that provides flexible, multi-layered encryption. The program differs from CyberSafe TopSecret and Folder Lock by its close integration into the system shell. The program is embedded in the shell (Explorer), and its functions are accessed via the Explorer context menu (Fig. 14). As you can see, the context menu contains functions for encryption, file signing, etc. The function of creating a self-decrypting archive is quite interesting - according to the principle of a self-extracting archive, only instead of unpacking the archive is also decrypted. However, Folder Lock and CyberSafe also have a similar function.


Figure: 14. Context Menu PGP Desktop

You can also access the program functions through the system tray (Fig. 15). Team Open PGP Desktop opens the main program window (Fig. 16).


Figure: 15. Program in the system tray


Figure: 16. PGP Desktop Window

Sections of the program:

  • PGP Keys - management of keys (both own and imported from keyserver.pgp.com).
  • PGP Messaging - management of messaging services. Upon installation, the program automatically detects your accounts and automatically encrypts AOL Instant Messenger communications.
  • PGP Zip - management of encrypted archives. The program supports transparent and non-transparent encryption. This section implements opaque encryption. You can create an encrypted Zip archive (PGP Zip) or a self-decrypting archive (Figure 17).
  • PGP Disk is an implementation of the transparent encryption function. The program can either encrypt an entire hard disk partition (or even an entire disk) or create a new virtual disk (container). There is also a Shred Free Space function that allows you to erase free space on the disk.
  • PGP Viewer - here you can decrypt PGP messages and attachments.
  • PGP NetShare - a tool for "sharing" folders, while the "balls" are encrypted using PGP, and you have the ability to add / remove users (users are identified based on certificates) who have access to the "share".


Figure: 17. Self-decrypting archive

As far as virtual disks are concerned, I especially liked the ability to create a dynamically sized virtual disk (Figure 18), as well as select an algorithm other than AES. The program allows you to select the drive letter to which the virtual disk will be mounted, and also allows you to automatically mount the disk at system startup and unmount it when idle (by default, after 15 minutes of inactivity).


Figure: 18. Creating a virtual disk

The program tries to encrypt everything and everyone. It monitors POP / SMTP connections and offers to secure them (Figure 19). The same goes for instant messaging clients (Figure 20). It is also possible to protect IMAP connections, but it must be enabled separately in the program settings.


Figure: 19. SSL / TLS connection detected


Figure: 20. PGP IM in Action

It's a pity that PGP Desktop does not support popular modern programs like Skype and Viber. Who is currently using AOL IM? I think there are not many of them.
Also, when using PGP Desktop, it is difficult to configure mail encryption, which works only in interception mode. But what if encrypted mail has already been received, and PGP Desktop was launched after receiving the encrypted message. How to decode it? You can, of course, but you have to do it manually. In addition, already decrypted letters in the client are no longer protected. And if you configure the client for certificates, as it is done in the CyberSafe Top Secret program, then the letters will always be encrypted.
The interception mode also does not work very well, since the message about the protection of mail appears every time on every new mail server, and gmail has a lot of them. The mail protection window will get bored very quickly.
The program also does not differ in stability of work (fig. 21).


Figure: 21. PGP Desktop is frozen ...

Also, after installing it, the system worked slower (subjectively) ...

Benefits of PGP Desktop:

  • A complete program used for file encryption, file signing and electronic signature verification, transparent encryption (virtual disks and encryption of the entire partition), e-mail encryption.
  • Keyserver support keyserver.pgp.com.
  • The ability to encrypt the system hard drive.
  • PGP NetShare function.
  • Ability to overwrite free space.
  • Close integration with Explorer.

Disadvantages of the program:

  • Lack of support for the Russian language, which will complicate the work with the program for users who do not know English.
  • Unstable program operation.
  • Poor program performance.
  • There is support for AOL IM, but no support for Skype and Viber.
  • Messages that have already been decrypted remain unprotected on the client.
  • Mail protection works only in interception mode, which will quickly bother you, since the mail protection window will appear every time for each new server.

CyberSafe Top Secret

As in the previous review, there will not be a detailed description of the CyberSafe Top Secret program, since our blog has already written a lot about it (Fig. 22).


Figure: 22. CyberSafe Top Secret Program

However, we will nevertheless pay attention to some points - the most important ones. The program contains tools for managing keys and certificates, and the presence of its own key server in CyberSafe allows the user to publish his own public key on it, as well as to receive the public keys of other company employees (Fig. 23).


Figure: 23. Key management

The program can be used to encrypt individual files, which was shown in the article “Electronic signature: practical use of the CyberSafe Enterprise software product in an enterprise. Part one" . As for encryption algorithms, the CyberSafe Top Secret program supports GOST algorithms and a certified crypto provider CryptoPro, which allows it to be used in government agencies and banks.
The program can also be used for transparent encryption of a folder (Figure 24), which allows it to be used as a replacement for EFS. And, given that CyberSafe turned out to be more reliable and faster (in some scenarios) than EFS, it is not only possible to use it, but also necessary.


Figure: 24. Transparent encryption of the C: \\ CS-Crypted folder

The functionality of the CyberSafe Top Secret program resembles that of the PGP Desktop program - if you noticed, the program can also be used to encrypt e-mail messages, as well as to electronically sign files and verify this signature (section Email digital signature, see fig. 25).


Figure: 25. Section Email digital signature

Like PGP Desktop, CyberSafe Top Secret can create virtual encrypted disks and encrypt entire hard disk partitions. It should be noted that CyberSafe Top Secret can only create virtual disks of a fixed size, unlike Folder Lock and PGP Desktop programs. However, this disadvantage is mitigated by the ability to transparently encrypt the folder, and the folder size is limited only by the amount of free space on the hard disk.
Unlike PGP Desktop, CyberSafe Top Secret cannot encrypt the system hard drive; it is limited to encrypting external and internal non-system drives.
But CyberSafe Top Secret has a cloud backup option, and, unlike Folder Lock, this option is absolutely free, more precisely, the cloud backup function can be configured for any service - both paid and free. You can read more about this feature in the article "Cloud backup encryption".
Also, two important features of the program should be noted: two-factor authentication and a system of trusted applications. In the program settings, you can either set up password authentication or two-factor authentication (Fig. 26).


Figure: 26. Program settings

In the tab Allowed. annexes you can define trusted applications that are allowed to work with encrypted files. All applications are trusted by default. But for greater security, you can set applications that are allowed to work with encrypted files (Figure 27).


Figure: 27. Trusted applications

CyberSafe Top Secret benefits:

  • Support for GOST encryption algorithms and a certified CryptoPro encryption provider, which allows using the program not only for individuals and commercial organizations, but also for government agencies.
  • Support for transparent folder encryption, which allows you to use the program as a replacement for EFS. Given that the program provides the best level of performance and security, such a replacement is more than justified.
  • The ability to sign files with an electronic digital signature and the ability to verify the file signature.
  • Built-in key server that allows you to publish keys and access other keys that have been published by other company employees.
  • The ability to create a virtual encrypted disk and the ability to encrypt the entire partition.
  • The ability to create self-decrypting archives.
  • Free cloud backup that works with any service - both paid and free.
  • Two-factor user authentication.
  • A trusted application system that allows only specific applications to access encrypted files.
  • The CyberSafe application supports the AES-NI instruction set, which has a positive effect on program performance (this fact will be demonstrated below).
  • The CyberSafe driver allows you to work over the network, which makes it possible to organize corporate encryption.
  • Russian-language interface of the program. For English speaking users, there is an option to switch to English.

Now about the shortcomings of the program. The program has no particular flaws, but since the task was to honestly compare the programs, the flaws still have to be found. If you really find fault, sometimes (very, very rarely) unlocalized messages like “Password is weak” “slip through” in the program. Also, while the program does not know how to encrypt the system disk, but such encryption is not always and not everyone needs. But these are all small things compared to PGP Desktop freezing and its cost (but you don't know about that yet).

Performance

When working with PGP Desktop, I got the impression (right after installing the program) that the computer began to work slower. If not for this "sixth sense", then this section would not be in this article. It was decided to measure the performance with the CrystalDiskMark program. All tests are carried out on a real machine - no virtual machines. The configuration of the laptop is as follows - Intel 1000M (1.8 GHz) / 4 GB RAM / WD WD5000LPVT (500 GB, SATA-300, 5400 RPM, 8 MB buffer / Windows 7 64-bit). The machine is not very powerful, but what it is.
The test will be performed as follows. We launch one of the programs and create a virtual container. The container parameters are as follows:
  • The virtual disk size is 2048 MB.
  • File system - NTFS
  • Drive letter Z:
After that, the program is closed (of course, the virtual disk is unmounted) - so that nothing would interfere with the test of the next program. The next program is launched, a similar container is created in it, and the test is performed again. To make it easier for you to read the benchmark results, you need to talk about what the CrystalDiskMark results mean:
  1. Seq - sequential write / sequential read test (block size \u003d 1024KB);
  2. 512K - random write / random read test (block size \u003d 512KB);
  3. 4K - The same as 512K, but the block size is 4K;
  4. 4K QD32 - random write / read test (block size \u003d 4KB, Queue Depth \u003d 32) for NCQ & AHCI.
During the test, all programs except CrystalDiskMark were closed. I chose the test size of 1000 MB and set 2 passes so as not to force my hard drive once again (as a result of this experiment, its temperature increased from 37 to 40 degrees anyway).

Let's start with a regular hard drive to compare with. The performance of the C: drive (which is the only partition on my computer) will be considered a reference. So, I got the following results (Fig. 28).


Figure: 28. Hard disk performance

Now let's start testing the first program. Let it be Folder Lock. In fig. 29 shows the parameters of the created container. Please note that I am using a fixed size. The results of the program are shown in Fig. 30. As you can see, there is a significant decrease in performance compared to the benchmark. But this is normal - data is encrypted and decrypted on the fly. The performance should be lower, the question is how much.


Figure: 29. Parameters of the Folder Lock container


Figure: 30. Folder Lock Program Results

The next program is PGP Desktop. In fig. 31 - parameters of the created container, and in fig. 32 - results. My feelings were confirmed - the program really works slower, which was confirmed by the test. But when this program was running, not only the virtual disk was "slowing down", but even the entire system, which was not observed when working with other programs.


Figure: 31. Parameters of the PGP Desktop container


Figure: 32. PGP Desktop Results

It remains to test the CyberSafe Top Secret program. As usual, first - the parameters of the container (Fig. 33), and then the results of the program (Fig. 34).


Figure: 33. Parameters of the CyberSafe Top Secret container


Figure: 34. CyberSafe Top Secret results

I think comments will be superfluous. In terms of productivity, places were distributed as follows:

  1. CyberSafe Top Secret
  2. Folder Lock
  3. PGP Desktop

Price and conclusions

Since we tested proprietary software, another important factor to consider is price. Folder Lock app will cost $ 39.95 for one installation and $ 259.70 for 10 installations. On the one hand, the price is not very high, but the functionality of the program, frankly, is small. As noted, the functions of hiding files and wallets are of little use. The Secure Backup feature requires an additional fee, therefore, giving away almost $ 40 (if you put yourself in the shoes of a regular user, not a company) just for the ability to encrypt files and create self-decrypting safes is expensive.
PGP Desktop will cost $ 97. And mind you - this is just the starting price. The full version with a set of all modules will cost about $ 180-250 and this is only a 12-month license. In other words, you will have to pay $ 250 each year to use the program. As for me, this is too much.
CyberSafe Top Secret program is the golden mean, both in terms of functionality and price. For an ordinary user, the program will cost only $ 50 (a special anti-crisis price for Russia, for other countries the full version will cost $ 90). Please note, that is the price for the most complete version of the Ultimate program.
Table 1 contains a comparison chart of the features of all three products to help you choose your product.

Table 1. Programs and functions

Function Folder Lock PGP Desktop CyberSafe Top Secret
Virtual encrypted disks Yes Yes Yes
Encrypt entire partition No Yes Yes
System disk encryption No Yes No
Convenient integration with email clients No No Yes
Encrypting email messages Yes (limited) Yes Yes
File encryption No Yes Yes
EDS, signing No Yes Yes
EDS, verification No Yes Yes
Transparent folder encryption No No Yes
Self-decrypting archives Yes Yes Yes
Cloud backup Yes (paid) No Yes (free)
Trusted Application System No No Yes
Certified Crypto Provider Support No No Yes
Token support No No (support discontinued) Yes (when installing CryptoPro)
Own key server No Yes Yes
Two-factor authentication No No Yes
Hiding individual files Yes No No
Hiding hard drive partitions Yes No Yes
Payment wallets Yes No No
GOST encryption support No No Yes
Russian interface No No Yes
Sequential read / write (DiskMark), MB / s 47/42 35/27 62/58
The cost 40$ 180-250$ 50$

Considering all the factors outlined in this article (functionality, performance and price), the winner of this comparison is the CyberSafe Top Secret program. If you have any questions, we will be happy to answer them in the comments.

We recently compared mobile (for Android) encryption apps. It's time for a similar review, but for desktop programs.

Selection of programs for comparison

In order for all three programs to be in the same weight category, it was decided to compare only proprietary software, that is, software with closed source code. Folder Lock and PGP Desktop will be compared with CyberSafe Top Secret. I think that many are familiar with the last program. But Folder Lock was not chosen by chance either - it won a gold award in a comparison of ten encryption programs.

Folder Lock Overview

The main features of Folder Lock are as follows:
  • AES encryption, 256-bit key.
  • Hiding files and folders.
  • File encryption (by creating virtual disks - safes) "on the fly".
  • Online backup.
  • Create secure USB / CD / DVD drives.
  • Encryption of email attachments.
  • Creation of encrypted "wallets" storing information about credit cards, accounts, etc.

It would seem that the program has enough capabilities, especially for personal use. Now let's look at the program in action. At the first launch, the program asks to set a master password, which is used to authenticate the user in the program (Fig. 1). Imagine this situation: you have hidden files, and someone else launched the program, looked at which files were hidden and gained access to them. Agree, not very good. But if the program asks for a password, then this "someone" will not succeed - at least until he finds out or finds out your password.


Figure: 1. Setting the master password at the first start

First of all, let's see how the program hides files. Go to section Lock Files, then either drag files (Fig. 2) and folders to the main area of \u200b\u200bthe program, or use the button Add... As shown in fig. 3, the program allows you to hide files, folders and drives.


Figure: 2. Drag and drop the file, select it and click the Lock


Figure: 3. Button Add

Let's see what happens when we press the button Lock... I tried to hide the file C: \\ Users \\ Denis \\ Desktop \\ cs.zip. The file disappeared from Explorer, Total Commander and other file managers, even if the display of hidden files is enabled. The file hide button is called Lockand section Lock Files... However, these UI elements would need to be named Hide and Hide Files, respectively. Because, in fact, the program does not block access to the file, but simply "hides" it. Look at fig. 4. Knowing the exact name of the file, I copied it to the cs2.zip file. The file was copied quietly, there were no access errors, the file was not encrypted - it was unpacked as usual.


Figure: 4. Copy hidden file

By itself, the concealment function is stupid and useless. However, if you use it in conjunction with the file encryption function - to hide the safes created by the program - then the effectiveness of its use will increase.
In section Encrypt Files you can create lockers. A safe is an encrypted container that, once mounted, can be used like a regular disk - encryption is not simple, but transparent. The same technique is used by many other encryption programs, including TrueCrypt, CyberSafe Top Secret, and others.


Figure: 5. Encrypt Files section

Click the button Create locker, in the window that appears, enter a name and select the location of the safe (Fig. 6). Next, you need to enter a password to access the safe (Fig. 7). The next step is to select the file system and the size of the safe (Fig. 8). The size of the safe is dynamic, but you can set the maximum limit. This saves disk space if you are not using a full-size safe. Optionally, you can create a fixed-size safe, which will be shown in the Performance section of this article.


Figure: 6. Name and location of the safe


Figure: 7. Password to access the safe


Figure: 8. File system and size of the safe

After that, you will see the UAC window (if enabled), in which you will need to click Yes, then a window with information about the created safe will be displayed. In it, you need to click the Finish button, after which the Explorer window will open, displaying the mounted container (media), see fig. nine.


Figure: 9. Virtual disk created by the program

Return to the section Encrypt Files and select the created safe (fig. 10). Button Open locker allows you to open a closed safe, Close Locker - close open, button Edit Options calls a menu containing commands for deleting / copying / renaming / changing the safe password. Button Backup Online allows you to back up your safe, and not somewhere, but to the cloud (Fig. 11). But first you have to create an account. Secure Backup Account, after which you will get up to 2 TB of disk space, and your safes will be automatically synchronized with the online storage, which is especially useful if you need to work with the same safe on different computers.


Figure: 10. Operations over the safe


Figure: 11. Creating a Secure Backup Account

Nothing happens just like that. Please see secure.newsoftwares.net/signup?id\u003den for pricing for storing your safes. For 2 TB, you will have to pay $ 400 per month. 500 GB will cost $ 100 per month. To be honest, it is very expensive. For 50-60 $ you can rent a whole VPS with 500 GB "on board", which you can use as storage for your safes and even create your own website on it.
Please note: the program can create encrypted partitions, but unlike PGP Desktop, it cannot encrypt entire disks. In section Protect USB / CD you can protect your USB / CD / DVD drives as well as email attachments (Figure 12). However, this protection is not achieved by encrypting the medium itself, but by writing a self-decrypting safe to the corresponding medium. In other words, a truncated portable version of the program will be written to the selected medium, allowing you to "open" the safe. As such, this program does not have support for mail clients either. You can encrypt the attachment and attach it (already encrypted) to the email. But the attachment is encrypted with a regular password, not PKI. I think there is no point in talking about reliability.


Figure: 12. Protect USB / CD section

Section Make wallets allows you to create wallets containing information about your credit cards, bank accounts, etc. (fig. 13). All information, of course, is stored encrypted. I can say with full responsibility that this section is useless, since the function of exporting information from the wallet is not provided. Imagine that you have many bank accounts and you entered information about each of them into the program - account number, bank name, account owner, SWIFT code, etc. Then you need to provide your account information to a third party to transfer money to you. You will have to manually copy each field, paste it into a document or email. Having an export function would make this task much easier. As for me, it is much easier to store all this information in one common document, which must be placed on the virtual disk created by the program - a safe.


Figure: 13. Wallets

Folder Lock Benefits:

  • An attractive and intuitive interface that will appeal to novice users who speak English.
  • Transparent encryption "on the fly", creating virtual encrypted disks that you can work with like regular disks.
  • Possibility of online backup and synchronization of encrypted containers (safes).
  • The ability to create self-decrypting containers on USB / CD / DVD disks.

Disadvantages of the program:

  • There is no support for the Russian language, which will complicate the work with the program for users who are not familiar with the English language.
  • Doubtful functions Lock Files (which simply hides, rather than "locks" files) and Make Wallets (ineffective without exporting information). Honestly, I thought that the Lock Files feature would provide transparent encryption of a folder / file on the disk, as CyberSafe Top Secret or the EFS file system does.
  • Inability to sign files, verify digital signatures.
  • When opening the safe, it does not allow you to select a drive letter that will be assigned to the virtual disk that corresponds to the safe. In the program settings, you can only select the order in which the program will assign a drive letter - ascending (from A to Z) or descending (from Z to A).
  • There is no integration with email clients, only the ability to encrypt the attachment.
  • The high cost of cloud backup.

PGP Desktop

Symantec's PGP Desktop is a suite of encryption software that provides flexible, multi-layered encryption. The program differs from CyberSafe TopSecret and Folder Lock by its close integration into the system shell. The program is embedded in the shell (Explorer), and its functions are accessed via the Explorer context menu (Fig. 14). As you can see, the context menu contains functions for encryption, file signing, etc. The function of creating a self-decrypting archive is quite interesting - according to the principle of a self-extracting archive, only instead of unpacking the archive is also decrypted. However, Folder Lock and CyberSafe also have a similar function.


Figure: 14. Context Menu PGP Desktop

You can also access the program functions through the system tray (Fig. 15). Team Open PGP Desktop opens the main program window (Fig. 16).


Figure: 15. Program in the system tray


Figure: 16. PGP Desktop Window

Sections of the program:

  • PGP Keys - management of keys (both own and imported from keyserver.pgp.com).
  • PGP Messaging - management of messaging services. Upon installation, the program automatically detects your accounts and automatically encrypts AOL Instant Messenger communications.
  • PGP Zip - management of encrypted archives. The program supports transparent and non-transparent encryption. This section implements opaque encryption. You can create an encrypted Zip archive (PGP Zip) or a self-decrypting archive (Figure 17).
  • PGP Disk is an implementation of the transparent encryption function. The program can either encrypt an entire hard disk partition (or even an entire disk) or create a new virtual disk (container). There is also a Shred Free Space function that allows you to erase free space on the disk.
  • PGP Viewer - here you can decrypt PGP messages and attachments.
  • PGP NetShare - a tool for "sharing" folders, while the "balls" are encrypted using PGP, and you have the ability to add / remove users (users are identified based on certificates) who have access to the "share".


Figure: 17. Self-decrypting archive

As far as virtual disks are concerned, I especially liked the ability to create a dynamically sized virtual disk (Figure 18), as well as select an algorithm other than AES. The program allows you to select the drive letter to which the virtual disk will be mounted, and also allows you to automatically mount the disk at system startup and unmount it when idle (by default, after 15 minutes of inactivity).


Figure: 18. Creating a virtual disk

The program tries to encrypt everything and everyone. It monitors POP / SMTP connections and offers to secure them (Figure 19). The same goes for instant messaging clients (Figure 20). It is also possible to protect IMAP connections, but it must be enabled separately in the program settings.


Figure: 19. SSL / TLS connection detected


Figure: 20. PGP IM in Action

It's a pity that PGP Desktop does not support popular modern programs like Skype and Viber. Who is currently using AOL IM? I think there are not many of them.
Also, when using PGP Desktop, it is difficult to configure mail encryption, which works only in interception mode. But what if encrypted mail has already been received, and PGP Desktop was launched after receiving the encrypted message. How to decode it? You can, of course, but you have to do it manually. In addition, already decrypted letters in the client are no longer protected. And if you configure the client for certificates, as it is done in the CyberSafe Top Secret program, then the letters will always be encrypted.
The interception mode also does not work very well, since the message about the protection of mail appears every time on every new mail server, and gmail has a lot of them. The mail protection window will get bored very quickly.
The program also does not differ in stability of work (fig. 21).


Figure: 21. PGP Desktop is frozen ...

Also, after installing it, the system worked slower (subjectively) ...

Benefits of PGP Desktop:

  • A complete program used for file encryption, file signing and electronic signature verification, transparent encryption (virtual disks and encryption of the entire partition), e-mail encryption.
  • Keyserver support keyserver.pgp.com.
  • The ability to encrypt the system hard drive.
  • PGP NetShare function.
  • Ability to overwrite free space.
  • Close integration with Explorer.

Disadvantages of the program:

  • Lack of support for the Russian language, which will complicate the work with the program for users who do not know English.
  • Unstable program operation.
  • Poor program performance.
  • There is support for AOL IM, but no support for Skype and Viber.
  • Messages that have already been decrypted remain unprotected on the client.
  • Mail protection works only in interception mode, which will quickly bother you, since the mail protection window will appear every time for each new server.

CyberSafe Top Secret

As in the previous review, there will not be a detailed description of the CyberSafe Top Secret program, since our blog has already written a lot about it (Fig. 22).


Figure: 22. CyberSafe Top Secret Program

However, we will nevertheless pay attention to some points - the most important ones. The program contains tools for managing keys and certificates, and the presence of its own key server in CyberSafe allows the user to publish his own public key on it, as well as to receive the public keys of other company employees (Fig. 23).


Figure: 23. Key management

The program can be used to encrypt individual files, which was shown in the article “Electronic signature: practical use of the CyberSafe Enterprise software product in an enterprise. Part one" . As for encryption algorithms, the CyberSafe Top Secret program supports GOST algorithms and a certified crypto provider CryptoPro, which allows it to be used in government agencies and banks.
The program can also be used for transparent encryption of a folder (Figure 24), which allows it to be used as a replacement for EFS. And, given that CyberSafe turned out to be more reliable and faster (in some scenarios) than EFS, it is not only possible to use it, but also necessary.


Figure: 24. Transparent encryption of the C: \\ CS-Crypted folder

The functionality of the CyberSafe Top Secret program resembles that of the PGP Desktop program - if you noticed, the program can also be used to encrypt e-mail messages, as well as to electronically sign files and verify this signature (section Email digital signature, see fig. 25).


Figure: 25. Section Email digital signature

Like PGP Desktop, CyberSafe Top Secret can create virtual encrypted disks and encrypt entire hard disk partitions. It should be noted that CyberSafe Top Secret can only create virtual disks of a fixed size, unlike Folder Lock and PGP Desktop programs. However, this disadvantage is mitigated by the ability to transparently encrypt the folder, and the folder size is limited only by the amount of free space on the hard disk.
Unlike PGP Desktop, CyberSafe Top Secret cannot encrypt the system hard drive; it is limited to encrypting external and internal non-system drives.
But CyberSafe Top Secret has a cloud backup option, and, unlike Folder Lock, this option is absolutely free, more precisely, the cloud backup function can be configured for any service - both paid and free. You can read more about this feature in the article "Cloud backup encryption".
Also, two important features of the program should be noted: two-factor authentication and a system of trusted applications. In the program settings, you can either set up password authentication or two-factor authentication (Fig. 26).


Figure: 26. Program settings

In the tab Allowed. annexes you can define trusted applications that are allowed to work with encrypted files. All applications are trusted by default. But for greater security, you can set applications that are allowed to work with encrypted files (Figure 27).


Figure: 27. Trusted applications

CyberSafe Top Secret benefits:

  • Support for GOST encryption algorithms and a certified CryptoPro encryption provider, which allows using the program not only for individuals and commercial organizations, but also for government agencies.
  • Support for transparent folder encryption, which allows you to use the program as a replacement for EFS. Given that the program provides the best level of performance and security, such a replacement is more than justified.
  • The ability to sign files with an electronic digital signature and the ability to verify the file signature.
  • Built-in key server that allows you to publish keys and access other keys that have been published by other company employees.
  • The ability to create a virtual encrypted disk and the ability to encrypt the entire partition.
  • The ability to create self-decrypting archives.
  • Free cloud backup that works with any service - both paid and free.
  • Two-factor user authentication.
  • A trusted application system that allows only specific applications to access encrypted files.
  • The CyberSafe application supports the AES-NI instruction set, which has a positive effect on program performance (this fact will be demonstrated below).
  • The CyberSafe driver allows you to work over the network, which makes it possible to organize corporate encryption.
  • Russian-language interface of the program. For English speaking users, there is an option to switch to English.

Now about the shortcomings of the program. The program has no particular flaws, but since the task was to honestly compare the programs, the flaws still have to be found. If you really find fault, sometimes (very, very rarely) unlocalized messages like “Password is weak” “slip through” in the program. Also, while the program does not know how to encrypt the system disk, but such encryption is not always and not everyone needs. But these are all small things compared to PGP Desktop freezing and its cost (but you don't know about that yet).

Performance

When working with PGP Desktop, I got the impression (right after installing the program) that the computer began to work slower. If not for this "sixth sense", then this section would not be in this article. It was decided to measure the performance with the CrystalDiskMark program. All tests are carried out on a real machine - no virtual machines. The configuration of the laptop is as follows - Intel 1000M (1.8 GHz) / 4 GB RAM / WD WD5000LPVT (500 GB, SATA-300, 5400 RPM, 8 MB buffer / Windows 7 64-bit). The machine is not very powerful, but what it is.
The test will be performed as follows. We launch one of the programs and create a virtual container. The container parameters are as follows:
  • The virtual disk size is 2048 MB.
  • File system - NTFS
  • Drive letter Z:
After that, the program is closed (of course, the virtual disk is unmounted) - so that nothing would interfere with the test of the next program. The next program is launched, a similar container is created in it, and the test is performed again. To make it easier for you to read the benchmark results, you need to talk about what the CrystalDiskMark results mean:
  1. Seq - sequential write / sequential read test (block size \u003d 1024KB);
  2. 512K - random write / random read test (block size \u003d 512KB);
  3. 4K - The same as 512K, but the block size is 4K;
  4. 4K QD32 - random write / read test (block size \u003d 4KB, Queue Depth \u003d 32) for NCQ & AHCI.
During the test, all programs except CrystalDiskMark were closed. I chose the test size of 1000 MB and set 2 passes so as not to force my hard drive once again (as a result of this experiment, its temperature increased from 37 to 40 degrees anyway).

Let's start with a regular hard drive to compare with. The performance of the C: drive (which is the only partition on my computer) will be considered a reference. So, I got the following results (Fig. 28).


Figure: 28. Hard disk performance

Now let's start testing the first program. Let it be Folder Lock. In fig. 29 shows the parameters of the created container. Please note that I am using a fixed size. The results of the program are shown in Fig. 30. As you can see, there is a significant decrease in performance compared to the benchmark. But this is normal - data is encrypted and decrypted on the fly. The performance should be lower, the question is how much.


Figure: 29. Parameters of the Folder Lock container


Figure: 30. Folder Lock Program Results

The next program is PGP Desktop. In fig. 31 - parameters of the created container, and in fig. 32 - results. My feelings were confirmed - the program really works slower, which was confirmed by the test. But when this program was running, not only the virtual disk was "slowing down", but even the entire system, which was not observed when working with other programs.


Figure: 31. Parameters of the PGP Desktop container


Figure: 32. PGP Desktop Results

It remains to test the CyberSafe Top Secret program. As usual, first - the parameters of the container (Fig. 33), and then the results of the program (Fig. 34).


Figure: 33. Parameters of the CyberSafe Top Secret container


Figure: 34. CyberSafe Top Secret results

I think comments will be superfluous. In terms of productivity, places were distributed as follows:

  1. CyberSafe Top Secret
  2. Folder Lock
  3. PGP Desktop

Price and conclusions

Since we tested proprietary software, another important factor to consider is price. Folder Lock app will cost $ 39.95 for one installation and $ 259.70 for 10 installations. On the one hand, the price is not very high, but the functionality of the program, frankly, is small. As noted, the functions of hiding files and wallets are of little use. The Secure Backup feature requires an additional fee, therefore, giving away almost $ 40 (if you put yourself in the shoes of a regular user, not a company) just for the ability to encrypt files and create self-decrypting safes is expensive.
PGP Desktop will cost $ 97. And mind you - this is just the starting price. The full version with a set of all modules will cost about $ 180-250 and this is only a 12-month license. In other words, you will have to pay $ 250 each year to use the program. As for me, this is too much.
CyberSafe Top Secret program is the golden mean, both in terms of functionality and price. For an ordinary user, the program will cost only $ 50 (a special anti-crisis price for Russia, for other countries the full version will cost $ 90). Please note, that is the price for the most complete version of the Ultimate program.
Table 1 contains a comparison chart of the features of all three products to help you choose your product.

Table 1. Programs and functions

Function Folder Lock PGP Desktop CyberSafe Top Secret
Virtual encrypted disks Yes Yes Yes
Encrypt entire partition No Yes Yes
System disk encryption No Yes No
Convenient integration with email clients No No Yes
Encrypting email messages Yes (limited) Yes Yes
File encryption No Yes Yes
EDS, signing No Yes Yes
EDS, verification No Yes Yes
Transparent folder encryption No No Yes
Self-decrypting archives Yes Yes Yes
Cloud backup Yes (paid) No Yes (free)
Trusted Application System No No Yes
Certified Crypto Provider Support No No Yes
Token support No No (support discontinued) Yes (when installing CryptoPro)
Own key server No Yes Yes
Two-factor authentication No No Yes
Hiding individual files Yes No No
Hiding hard drive partitions Yes No Yes
Payment wallets Yes No No
GOST encryption support No No Yes
Russian interface No No Yes
Sequential read / write (DiskMark), MB / s 47/42 35/27 62/58
The cost 40$ 180-250$ 50$

Considering all the factors outlined in this article (functionality, performance and price), the winner of this comparison is the CyberSafe Top Secret program. If you have any questions, we will be happy to answer them in the comments.

Open source has been popular for over 10 years due to its independence from major vendors. The creators of the program are publicly unknown. Among the most famous users of the program are Edward Snowden and security expert Bruce Schneier. The utility allows you to turn a flash drive or hard drive into a secure encrypted storage in which confidential information is hidden from prying eyes.

Mysterious developers of the utility announced the closure of the project on Wednesday May 28, explaining that using TrueCrypt is not secure. “WARNING: Using TrueCrypt is unsafe because the program may contain unresolved vulnerabilities ”- such a message can be seen on the product page on the SourceForge portal. Then another appeal follows: "You must transfer all data encrypted in TrueCrypt to encrypted disks or virtual disk images supported on your platform."

Graham Cluley, an independent security expert, commented quite logically on the situation: "Now is the time to find an alternative solution for encrypting files and hard drives."

It is not joke!

Initially, there were suggestions that the program's website was hacked by cybercriminals, but now it is becoming clear that this is not a hoax. SourceForge now offers an updated version of TrueCrypt (which is digitally signed by the developers) that prompts you to upgrade to BitLocker or another alternative tool during installation.

Matthew Green, professor of cryptography at Johns Hopkinas University, said: "It is highly unlikely that an unknown hacker identified the TrueCrypt developers, stole their digital signature, and hacked their site."

What to use now?

The website and pop-up notification in the program itself contains instructions for transferring files encrypted by TrueCrypt to Microsoft's BitLocker service, which comes with Microsoft Vista Ultimate / Enterprise, Windows 7 Ultimate / Enterprise, and Windows 8 Pro / Enterprise. TrueCrypt 7.2 allows you to decrypt files, but does not allow you to create new encrypted partitions.

BitLocker is the most obvious alternative to the program, but there are other options. Schneier shared that he is returning to using PGPDisk from Symantec. ($ 110 per user license) uses the well-known and proven PGP encryption method.

There are other free alternatives for Windows like DiskCryptor. A computer security researcher known as The Grugq last year compiled a whole that is still relevant today.

Johannes Ulrich, Science Director at SANS Institute of Technology, recommends that Mac OS X users take a look at FileVault 2, which is built into OS X 10.7 (Lion) and later. FileVault uses XTS-AES 128-bit encryption, which is used by the US National Security Agency (NSA). According to Ulrich, Linux users should stick to the built-in Linux Unified Key Setup (LUKS) system tool. If you are using Ubuntu, then the installer of this OS already allows you to enable full disk encryption from the very beginning.

However, users will need other portable media encryption applications that are used on computers with different operating systems. Ulrich said that in this case it comes to mind.

The German company Steganos offers to use the old version of its encryption utility Steganos Safe (the current version is currently 15, but it is proposed to use version 14), which is distributed free of charge.

Unknown vulnerabilities

The fact that TrueCrypt may have security vulnerabilities raises serious concerns, especially since the audit of the program did not reveal such problems. Users of the program have raised $ 70,000 for audits following rumors that the US National Security Agency could decode significant amounts of encrypted data. The first phase of the study, which analyzed the TrueCrypt downloader, was carried out last month. The audit did not reveal any backdoors or intentional vulnerabilities. The next phase of the study, in which the cryptographic methods used were to be tested, was planned for this summer.

Green was one of the experts involved in the audit. He said that he had no preliminary information that the developers were planning to close the project. Greene said, “The last thing I heard from the TrueCrypt developers was:“ We're looking forward to the results of Phase 2 of the trial. Thanks for your efforts! " It should be noted that the audit will continue as planned, despite the shutdown of the TrueCrypt project.

Perhaps the creators of the program decided to suspend the development, because the utility is outdated. Development stopped on May 5, 2014, i.e. after the official end of support for Windows XP. SoundForge mentions: "Windows 8/7 / Vista and later have built-in encryption for disks and virtual disk images." Thus, data encryption is built into many operating systems, and developers may find the program no longer necessary.

To add fuel to the fire, we note that on May 19, TrueCrypt was removed from the secure Tails system (Snowden's favorite system). The reason is not completely clear, but clearly you should not use the program - said Cluley.

Cluley also wrote: "Whether it's trickery, hacking or the logical end of the TrueCrypt lifecycle, it's clear that conscious users won't feel comfortable trusting their data to a program after a fiasco."

The principle of modern crypto protection is not about creating encryption that cannot be read (this is almost impossible), but about increasing the costs of cryptanalysis.
That is, knowing the encryption algorithm itself, but not knowing the key, an attacker must spend millions of years decrypting it. Well, or as much as needed (as you know, information ceases to be important after the death of your loved ones and yourself), until the x-files lose their relevance. In this case, complexity conflicts with ease of use: data must be encrypted and decrypted quickly enough when using a key. The programs that were included in today's review, on the whole, satisfy the two named criteria: they are quite simple to operate, while using moderately robust algorithms.

We'll start with a program that in itself is worthy of a separate article or a series of articles. Already during installation, I was surprised by the additional possibility of creating a fake operating system. Immediately after the completion of the dialogue with the installation wizard, DriveCript suggested creating a key store. Any file can be selected as a repository: file, drawing, mp3. After the path to the storage is specified, we drive in passwords, of which we have two whole types: master & user. They differ in access to DCPP settings - the user cannot change something, he can only view the specified settings. Each type can contain two or more passwords. The actual access to the protection setting can be provided both by the master password and by the user password.

Before encrypting any disks, you need to check that the boot protection is installed correctly. Be careful, if you do not check the correctness of boot protection and immediately encrypt the disk, it will be impossible to restore its contents. After verification, you can proceed to encrypting the disk or partition. To encrypt a disk or partition, you must
select Disk Drives and click Encrypt. The Disk Encryption Wizard will open a window in which you will be asked to select a key from the storage. The disk will be encrypted with this key and the same key will be required for further work with the disk. After the key is selected, the disk encryption process will start. The process is quite long: depending on the size of the disk or partition being encrypted, it can take up to several hours.

In general, all this is quite simple and standard. It's much more interesting to work with a false axis. Let's format it on the hard drive in FAT32 (it seems that rumors about the death of this file system were greatly exaggerated
:)), install Windows, install DriveCrypt. The dummy operating system you create should look like a working system that is constantly in use. After the hidden operating system has been created, it is extremely dangerous to boot and operate with a fake operating system, as there is a possibility of corrupting the data of the hidden operating system. Throwing any garbage into the system, we create a new storage,
log into DCPP, switch to the Drives tab, select the section where the fake operating system is installed and poke around with HiddenOS. The settings window will open. Everything is simple here: we indicate the path to the newly created storage, passwords, the label of the hidden disk, its file system and the amount of free space that will separate the false operating system from the hidden one. After clicking the Create Hidden OS button, the process of creating a hidden partition will be launched and all the contents of the system partition will be copied to the hidden partition. The program will create a hidden partition, the beginning of which will be located through the free space specified when creating the hidden partition from the end of the false partition. Reboot and
log in by entering the passwords that were specified when creating the hidden partition. The contents of the fake operating system will not be visible when working in a hidden OS, and vice versa: when working in a fake operating system, the hidden OS will not be visible. Thus, only the entered password when turning on the computer determines which operating system will be loaded. After completing the creation of a hidden operating system, you need to enter it and encrypt the system partition.

With DriveCrypt, you can encrypt any hard drive or removable storage device (excluding CDs and DVDs) and use it to exchange data between users. The undoubted advantage of exchanging data on a fully encrypted medium is the impossibility of detecting any files on it, the medium looks unformatted. Even with information that the medium is encrypted, the data cannot be read without the key.

DriveCrypt encrypts an entire disk or partition, allowing you to hide not only important data, but also the entire contents of the disk or partition, including the operating system. Unfortunately, this level of security comes at the cost of a significant drop in file system performance.

Here we meet a rather original encryption algorithm with a private key from 4 to 255 characters long, developed by the authors of the program themselves. Moreover, the key password is not stored inside the encrypted file, which reduces the possibility of breaking it. The principle of the program is simple: we indicate the files or folders that need to be encrypted, after which the program prompts you to enter the key. For greater reliability, the key can be selected not only on the keyboard, but also using a special panel. This panel, in the course of business, was impudently stolen from MS Word (inset
- symbol). After confirming the password, we will force the program to encrypt the file by assigning the * .shr extension to it.

Files Cipher is capable of compressing encrypted files using a built-in archiving algorithm. In addition, after encryption, the original file can be permanently deleted from the hard drive.
The program works with files of any type, and also supports files larger than 4 Gb (for NTFS). At the same time, the system requirements for the computer are very modest and resources, unlike the frontman, eats nothing at all.

PGP implements encryption in both open and proven symmetric
keys: AES with encryption up to 256-bit, CAST, TripleDES, IDEA and Twofish2. To manage encryption keys there is an option PGP Keys, which displays a window displaying user keys and added to the list of public keys. Diagram of the module for encrypting PGP Disk disks ... mmmm ... how can I put it? A, elementary. Again, we create the Key Store file (I call it Keys to myself), enter the passwords. Moreover, when specifying a password, a special indicator of strength (quality) is displayed, which, by the way, clearly demonstrates the relevance of complex passwords: for example, the strength of a password consisting of eight digits is approximately equal to the strength of a six-letter or four-digit password, in which there is one special character (exclamation mark) and three letters.

I really liked that the creators thought about ICQ (who read the Stalker's logs after defacement of the motherfucker, he will understand ... or were they not in the asi and am I confusing something?). After installation, a special icon appears in the ICQ window, with the help of which session protection is turned on.

As for the most painful topic - information leakage through a swap file - the authors themselves admitted that they could not tightly block this leakage channel due to the peculiarities of the functioning of the operating system. On the other hand, measures have been taken to mitigate this threat - all important data is stored in memory no longer than necessary. After the operation completes, all critical information from memory is deleted. Thus, this vulnerability exists, and to eliminate it, you need to either disable virtual memory (which can lead to a noticeable deterioration in the OS performance), or take additional protection measures.

Did you like the article? To share with friends:
You may also be interested in