GPG4Browsers Merged with OpenPGP.js a Javascript implementation of OpenPGP that can be used to encrypt and decrypt webmail, at the moment it is only available as a Google Chrome extension and it only works with Gmail, using HTML5 for local storage of public and private encryption keys, OpenPGP.js supports all encryption ciphers (AES, Twofish, TripleDES, CAST5, Blowfish) and hashing algorithms (SHA, MD5, RIPEMD160) supported by OpenPGP specifications (except IDEA). It can be used to digitally sign messages using standard public/private RSA, DSA or ElGamal asymmetric cryptography, however it can not create signing keys, you will have to import them. OpenPGP.js is not available in the Chrome Web Store, it needs to be manually installed following the instructions in Recurity Labs website
OpenPGP.js webmail OpenPGP encryption
Its main features are encryption and description of messages, signing and verifying of message signatures, and the importing and exporting of certificates. Unlike GnuPG, it can not compress data, this can be a problem to create messages compatible with GnuPG, the whole idea of using standard OpenPGP encryption is that it does not matter what software people is using to encrypt and decrypt email as long as they use OpenPGP specifications they should be able to communicate. The developers advise that to create a GnuPGP compatible messages you add the option –compress-algo none in settings.
Although lacking features and restricted to Gmail encryption right now, being an open source project open to everyone for improvements this applications has the earmarks of being promising, if someone can manage to port it to other Internet browsers and support other webmail providers it should be quickly adopted, a GPG Javascript tool like this one can be used in portable browsers, and it does not require administrator rights or installing anything in your computer which is a big bonus.
ProtectOrion Data Safe is an user friendly file encryption software made by an Austrian company, after installing it you will be prompted to create a masterpassword, a password strength meter will let you know how secure your password is, the user is forced to enter a password made up of a combination of letters and numbers or special characters, otherwise it will be rejected for being too weak.
ProtectOrion main window is very informative, a toolbar above lets you know the full file path where data is being stored in Windows, and below you are shown the remaining free hard disk space and encrypted database size. Through the interface you can create folders where to classify your encrypted data (files and folders), just like you would do working on your operating system but with the data encrypted, a wastebin securely keeps any files you erase in case you change your mind.
ProtectOrion file encryption software
A Windows widget, called SafePad, holds over your desktop at all times if you choose so, it can be used to drag and drop files or full folders for automatic encryption with the AES256 cipher (used by many government agencies and banks), after dragging a file you can choose in what encrypted folder you would like to place it, ProtectOrion options allow you to specify if the original file should be securely wiped after encryption or only copied, leaving the original file intact, the software can be set to autolock after a preset time or manually locked if you need to go away from your computer, the encrypted database can easily be backed up anywhere you like and restored.
Another feature is a password manager where you can create groups of passwords, usernames and URLs, all nicely put together, you can paste passwords to the clipboard with a single click, for security, the passwords are automatically erased from the clipboard after 15 seconds. There is a portable version of this software that can be installed on a USB thumbdrive with ProtectOrion ToGo (7MB), encrypted passwords can be synchronized in between the desktop and USB thumbdrive.
Most of the software functions are intuitive but a complete well structured PDF manual is included anyway, my main concern with this software is the existence of temporary files when you open them, a common Windows problem is that the operating system can create automatic unencrypted backups of photos or documents you are viewing in hard to find places.
Freeware encryption ProtectOrion
Protectorion Data Safe claims to securely wipe files after adding them to the encrypted database but besides the fact that it stops data recovery software, they do not mention anywhere what method and how many wipes they use.
I think this could a good program for people who want something very easy to use with no learning curve, an eye candy interface and have very low security needs, if your opponent is someone well funded stay away from this encryption software, I saw decrypted temporary files created on the hard disk while the safe was open, once you close the encrypted safe the temporary files vanish, but I don’t know if they are securely wiped or not, there is no information about this anywhere.
Other encryption programs (Safetica, DiskCryptor, etc) create encrypted virtual drives where to store the data, that appears to me a far more secure solution than encrypting and decrypting every single file when you view them, even if they were wiped, the data leakage risk is still higher, the more files need to be wiped, the easier it is something can go wrong (ie computer crash leaving files decrypted before they have been erased).
ProtectOrion is the living example of whyjust because certain encryption software is using an unbreakable cipher like AES256 does not mean it is secure, how encryption is implemented needs to be considered too.
Note: The free version of this software is limited to 100 files and 5 passwords, a popup window invites you to upgrade your version when you open the software.
GPGTools is an open source free alternative to PGP, this OpenPGP port for Mac OS X computers includes MacGPG2, GPGMail, GPG Key Chain and Mozilla Enigmail for Thunderbird all in a single .dmg package, you can use the software to exchange encrypted messages with any computer user, including Windows and Linux users. A mobile version of GPGTools works in any mobile device which Internet browser is based on WebKit and has javascript enabled, this includes the iPhone&iPad (Safari) and Android (Chrome).
Like PGP, GPGTools encrypts and digitally signs your data before sending it over the Internet, if you know how public/private encryption key works it will only take you a couple of minutes to master GPGTools, it provides you with a nice front end for GnuPG and bells and whistles like the Enigmail plugin. You will need to understand the concepts behind digital signatures and public/private encryption keys before using it, a well worth time investment for anyone who cares about computer privacy and security.
GPGTools Apple Mac email encryption
You don’t have to use Thunderbird for encrypting emails, Apple Mail works with GPGMail to decrypt and encrypt messages, which one you use is up to you. GPGKey Chain Access lets you store and edit encryption keys, essential to create key pairs, GPGTools is very similar to GPG4Win, another open source OpenPGP implementation for Windows users only.
The expensive business focused PGP software sold by Symantec includes full disk encryption and secure data wiping, home users can get all of those features without spending a dime by using three different tools, GPGTools to encrypt/decrypt email, Truecrypt to fully encrypt your Mac computer hard disk and EdenWaith Permanent Eraser to securely shred your private files.
DiskCryptor download is a tiny 750Kb, after installing it you will need to reboot the computer, you might notice that its 64bit drivers come signed by the ReactOS foundation a non for profit organization assisting open source projects not able to acquire an expensive signing certificate to distribute Windows 64bit drivers.
Encrypting my Windows 7 Home Premium 64bit OS, with a fairly powerful Intel i5 2200Hz (quad core) absorbed very low CPU, a steady 7% of the available resources, it took me 20 hours to encrypt a 1TB hard drive, it would have been considerably quicker using just the AES algorithm instead of the cascade algorithm I selected.
DiskCryptor lets you know how long it will take to encrypt your operating system, you can still work with your computer while it is being encrypted, I advice you to temporarily disable power management in Windows and set it to always on, Windows will not notice the hard disk being encrypted and send the OS into hibernation mode believing the computer is inactive, if this happens full disk encryption will stop and only resume once you switch the computer back on, I have found this problem to occur with both DiskCryptor and Truecrypt, more of a Windows problem than to do with the full disk encryption software.
Diskcryptor lets you benchmark the encryption ciphers (Tools>Benchmark) if you have a low spec CPU and are in a hurry you can choose the cipher that performs best in your system, AES was the quickest for me, by quite a lot of difference in contrast with Twofish and Serpent, once the OS has been encrypted it doesn’t matter what cipher you used to encrypt it, performance will be the same. You can benchmark ciphers in Truecrypt too but since only AES can be used for full disk encryption there is no point in doing it.
DiskCryptor encryption keyfile
Truecrypt will ask you to enter your password after rebooting your computer before encrypting your operating system, DiskCryptor will not, it assumes you entered the passphrase correctly twice as asked and did not make any mistake. When using special signs in your password be aware that in booting up your computer the keyboard has a US layout that will not correspond with a non US keyboard, I searched for a photograph of US keyboard layout on the Internet to make sure there would be no mistakes about what keys to pres.
Unlike Truecrypt, DiskCryptor bootloader is highly configurable, I have my own (Ascii) logo at logon and I instructed DiskCryptor to time out after 30 seconds of inactivity at which point the computer reboots, other options like halt and exit to BIOS are possible. Using DiskCryptor keyfile for full disk encryption is something possible and not supported by Truecrypt, a keyfile will thwart dictionary attacks on your passphrase but this keyfile can not consist of anything it has to be a 64 byte file generated by DiskCryptor.
Windows 7 FDE specific problem
Unlike Vista, XP and lower Windows versions, when you use a whole disk encryption product on Windows 7, or installing a dual boot, you will notice that Windows 7 automatically creates a 100MB system reserved partition, 24MB contains actual data the rest is there for future use like Bitlocker or system restore, this partition is hidden by Windows and only visible using a live CD or through DiskCryptor or Truecrypt interface.
Windows 7 100MB hidden system partition
Windows 7 system reserved partition contains some necessary boot files, do not attempt to encrypt Windows 7 system reserved partition like I did because the computer will not boot! There are hacks around to merge that partition with the main Windows 7 operating system, I managed to do it partioning the hard disk with PartedMagic before installing Windows 7 and ignoring Windows installation DVD asking me to create the system reserved partition, everything worked fine until I fully encrypted Windows 7 without the system reserved space and the computer refused to boot.
If you would like to use whole disk encryption in Windows 7 there is no choice but to give in and allow Windows to create the unencrypted 100MB system partition, this shouldn’t be a problem regarding data leakage, you can view the files it contains with a live CD, I managed to see a bootsect.bak file, bootmgr, and System Volume Information folder and a few others with no obvious danger.
Truecrypt vs DiskCryptor comparison table
TRUECRYPT
DISKCRYPTOR
Open source license
Truecrypt own license
Standard Linux GPL license
Forces you to burn a recovery CD
YES
NO (optional)
Works with RAID volumes
YES
YES
Hidden operating system
YES
NO (pseudo)
Cross platform (Windows, Linux and MAC)
YES
NO
Option of cipher for full disk encryption
AES,Twofish,Serpent & cascades
AES,Twofish,Serpent & cascades
Supports keyfiles for full disk encryption
NO
YES
Can place bootloader on external device
NO
YES
Can create single encrypted containers
YES
NO
Portable mode
YES (admin rights)
NO
Encryption of external devices (USB,etc)
YES
YES
Plausible deniability
DiskCryptor does not support the hidden operating system feature that Truecrypt has but allows you to install the bootloader on an external device, ie. USB thumbdrive or CD-Rom, that is where the files giving away that the operating system has been encrypted and what software has been used for that are stored, if anyone seized your hard drive it would be possible to claim that it has been wiped clean as no identifiable information can be extracted from the HDD other than random data and there is no boot loader.
Plausible deniability appears more sound than Truecrypt hidden operating system, if you give away the password for the non hidden OS in Truecrypt, the timestamps and las activities could give away that the computer has not been used for a long time.
DiskCryptor full disk encryption
A computer with no operating system and a wiped hard disk will look very suspicious, claims that it was wiped the day before would be held with incredulity but hard to prove it didn’t happen. Even better, I came across a thread in DiskCryptor forums to have a dual OS system where one of the Windows OS will only boot with the USB thumbdrive plugged in and when not present the other OS will boot, this set up makes one of the partitions look like random data and not like 2 operating systems on one hard disk.
Conclusion Truecrypt vs Diskcryptor
If you have a tablet or netbook without a CD-drive go for DiskCryptor because Truecrypt forces you to burn a recovery CD (there is a work around using CD-drive virtualization software, i.e. Alcohol 120% or using the command line /noisocheck).
If you would like to be able to open encrypted external devices using Linux or MAC go for Truecrypt as DiskCryptor is a Windows only program, if you want to create single encrypted containers go for Truecrypt as DiskCryptor can’t do that.
Something in which Truecrypt beats DiskCryptor is in documentation, Truecrypt manual is very complete and DiskCryptor consists of an incomplete online Wiki, DiskCryptor can make up for this showing off the ‘Blue Screen’ feature, a way to quickly crash your fully encrypted computer allowing you to set the quick emergency shutdown to any hotkey shortcut you like.
Security wise, both Truecrypt and DiskCryptor have the same credentials with their source code open to scrutiny and none of them reviewed by any qualified cryptographer, overall, DiskCryptor has more configuration features than Truecrypt, and Truecrypt is better at cross platform compatibility.
Secure Archive is a file encryption, data compression and file wiping utility suitable for individuals and businesses alike, it is simple and easy to use with right click integration and drag and drop, unlike other compression programs with encryption, like WinZip or WinRar, Secure Archive allows for high customization of encryption, you can choose to secure your files with Advanced Encryption System (AES), aka Rijndael, Blowfish, a patent free encryption algorithm, or NASCLL which appeared to be a proprietary encryption cipher of which the help file did not included any information at all, you will be better off using one of first two ciphers as they are tried and tested.
This free file encryption program options allow you to choose by how much data should be compressed (none, low,high), I failed to see its usefulness as I would imagine everyone wants it set at a high compression, the default setting, but no harm in including that. When you encrypt a file Secure Archive will let you know the password key strength in bits as you type together with a message saying if it is an acceptable password or not, in advanced options you can select what metadata should be saved together with the encrypted file, for example, time stamps, file attributes, CRC file integrity, you can choose to wipe the original file after encryption too.
Secure Archive encryption file utility
The only shortcomings I found in Secure Archive is that the help manual failed to mention anything about their NASCLL encryption method, the secure wipe window could not be resized and it did not have a progress bar, it puzzled me that the developers claim that file wiping is being implemented using the standard US Department of Defense 5220. 22-M method which consists of a three wipe pass, but Secure Archive data wiping window indicates a single secure delete pass by default, my wild guess here is that it could mean a 1 time US DoD 5220.22-M data wiping pass but I can’t really be sure.
Secure Archive encrypted file properties
Secure Archive can be a good alternative to AxCrypt, useful for anyone in need of a free program to secure single files before emailing them, the .SAef file extension will confuse the other end, you both will have to be using the same software unless you create an encrypted self-extracting file which Secure Archive can do, data compression appeared to perform well, it managed to reduce my the seize of my WordPerfect document by 70%, I compressed the same file using WinZip .zip method and it compressed it by 71%, pretty much the same result.
If you are afraid that someone can guess your password using a brute force attack, Secure Archive lets you create what they call a HardKey, called keyfile in other software like Truecrypt, you can secure your compressed file with a password and a HardKey needing both to open it, something you know and something you have, but this HardKey can not be anything you like, it needs to have been created with the Secure Archive and anyone coming across it will know what it is for but it can enhance your security when emailing confidential documents if these happen to get intercepted or end up in the wrong inbox.
Duplicati is a free open source project for Windows and Linux to back up your data encrypted on the cloud, a USB device or a network drive. The software has a user friendly interface where you can configure and monitor your backup jobs, the best feature is probably its built-in support to backup data on the cloud, Duplicati can use FTP, Webdav and SSH to send your data to a remote server, you can use one of the supported services, Amazon S3, Cloudfare (Rackspace) and Tahoe-LAFS (open source P2P decentralized system), or rent a cheap VPS (Virtual Private Server) and use it for your own backups keeping control of everything with no third party reliance.
A wizard will guide you through the process of creating your first backup job, you can choose one of the folder suggestions given (My Documents, My Music, etc) or select custom folders you would like backed up, the screen will show how much free hard disk space you need for the job, the data is all encrypted using AES256 by default or you can use Gnu Privacy Guard with PGP keys to encrypt it, everything is digitally signed so that nobody can tamper with the data.
Duplicati data backup with encryption
Duplicati main features
Data encrypted and digitally signed
Built-in support for backing up data on cloud services
Support for differential backups
Real time backup error notifications
Restoring a backup job is as easy as choosing “View contents” from the backup logs and launch the wizard, you will be asked if you want to schedule, edit, remove or restore files, after choosing restore files you are then offered different dates and the option to change the default location where to save the content.
Duplicati doesn’t have a fancy interface like other free backup software but it is easy to use and the encryption and SSH options make this program one of the best for backing up sensitive data. If you are worried that the files you store on the cloud can be leaked, subpoenaed, etc, or worried about your cloud storage provider so called encryption having a backdoor (like Dropbox), use Duplicati, do not give the authority to others to look after something as important as your encryption keys, data leakage liability will be yours not theirs, this backup software encryption has no backdoor, you can even use your own PGP encryption keys (created using GNU Privacy Guard) for peace of mind.
Unprotect is a free brute force program custom designed to attack encrypted Truecrypt containers, it works with Truecrypt6.0 and above, there is no support for external encrypted devices and full disk encryption, another limitation is that containers encrypted using a keyfile or a cascade algorithm, ie. AES-Serpent, are not supported either.
Truecrypt default settings use AES for encryption, without cascade mode, it is highly likely that the encrypted container will have been encrypted using it, if the user is a newbie who does not understand the consequences of using a cascade algorithm and does not bother reading the manual (most people don’t), he will not have risked changing the default Truecrypt settings.
Unprotect.info Truecrypt password recovery
Unlike other hard to use brute force software like John the Ripper, Unprotect makes it easy for the home user to have a go at cracking a Truecrypt container, the program has a series of checkboxes where you can choose the password length to try in between two values and further details like if the password contains lowercase, uppercase, punctuation characters, special characters and numbers. The more you can remember about your forgotten password the quicker an easier it will be to crack the Truecrypt container.
There is a detailed progress bar reading how many passwords have been tried, the remaining passwords left to be tried and the estimated time to finish. How long it will take to recover your Truecrypt password will depend on the characters settings and password length you have chosen and on how powerful your computer processor is.
