Duplicati is a free open source project for Windows and Linux to back up your data encrypted on the cloud, a USB device or a network drive. The software has a user friendly interface where you can configure and monitor your backup jobs, the best feature is probably its built-in support to backup data on the cloud, Duplicati can use FTP, Webdav and SSH to send your data to a remote server, you can use one of the supported services, Amazon S3, Cloudfare (Rackspace) and Tahoe-LAFS (open source P2P decentralized system), or rent a cheap VPS (Virtual Private Server) and use it for your own backups keeping control of everything with no third party reliance.
A wizard will guide you through the process of creating your first backup job, you can choose one of the folder suggestions given (My Documents, My Music, etc) or select custom folders you would like backed up, the screen will show how much free hard disk space you need for the job, the data is all encrypted using AES256 by default or you can use Gnu Privacy Guard with PGP keys to encrypt it, everything is digitally signed so that nobody can tamper with the data.
Duplicati data backup with encryption
Duplicati main features
Data encrypted and digitally signed
Built-in support for backing up data on cloud services
Support for differential backups
Real time backup error notifications
Restoring a backup job is as easy as choosing “View contents” from the backup logs and launch the wizard, you will be asked if you want to schedule, edit, remove or restore files, after choosing restore files you are then offered different dates and the option to change the default location where to save the content.
Duplicati doesn’t have a fancy interface like other free backup software but it is easy to use and the encryption and SSH options make this program one of the best for backing up sensitive data. If you are worried that the files you store on the cloud can be leaked, subpoenaed, etc, or worried about your cloud storage provider so called encryption having a backdoor (like Dropbox), use Duplicati, do not give the authority to others to look after something as important as your encryption keys, data leakage liability will be yours not theirs, this backup software encryption has no backdoor, you can even use your own PGP encryption keys (created using GNU Privacy Guard) for peace of mind.
Unprotect is a free brute force program custom designed to attack encrypted Truecrypt containers, it works with Truecrypt6.0 and above, there is no support for external encrypted devices and full disk encryption, another limitation is that containers encrypted using a keyfile or a cascade algorithm, ie. AES-Serpent, are not supported either.
Truecrypt default settings use AES for encryption, without cascade mode, it is highly likely that the encrypted container will have been encrypted using it, if the user is a newbie who does not understand the consequences of using a cascade algorithm and does not bother reading the manual (most people don’t), he will not have risked changing the default Truecrypt settings.
Unprotect.info Truecrypt password recovery
Unlike other hard to use brute force software like John the Ripper, Unprotect makes it easy for the home user to have a go at cracking a Truecrypt container, the program has a series of checkboxes where you can choose the password length to try in between two values and further details like if the password contains lowercase, uppercase, punctuation characters, special characters and numbers. The more you can remember about your forgotten password the quicker an easier it will be to crack the Truecrypt container.
There is a detailed progress bar reading how many passwords have been tried, the remaining passwords left to be tried and the estimated time to finish. How long it will take to recover your Truecrypt password will depend on the characters settings and password length you have chosen and on how powerful your computer processor is.
If you encrypt your whole hard drive including your operating system you will not have to worry about wiping data, clearing the Internet browser cache, deleting temporary files and encrypting individual files, all you will have to worry about is choosing a strong passphrase that can not be broken using a brute force attack (trying dictionary words).
The only way to access a fully encrypted operating system is by getting access to the computer while it is switched on (decrytped), you will save lots of time if you decide to encrypt your full operating system, it is not difficult and there is free software for that. Windows Vista and 7 come with BitLocker Drive Encryption for full disk encryption but only the more expensive business high end editions do and it has been designed for businesses with few home user features.
Full disk encryption software without backdoor
Truecrypt (Free): It’s wizard driven menu will guide you through the whole encryption process, there are many algorithm choices, if you do not understand what they mean leave all of the default choices on, they are secure enough for everyone. Truecrypt can encrypt external devices, create virtual encrypted drives and create a hidden encrypted operating system, to be used if you are forced to give up the password.
You will find it easy to find support for Truecrypt at computer security forums and Usenet groups as it is one of the most used full disk encryption programs.
Truecrypt encryption algorithm
DiskCryptor (Free): Open source encryption software, it can encrypt partitions that have already data on them, it supports AES, Twofish and Serpent encryption algorithms, allows you to encrypt USB flash drives and external hard disks with automatic mounting, support for key files, option to place the boot loader on an external device.
DiskCryptor full disk encryption
Symantec Encryption Dekstop: (Over $200): Suite of encryption applications to fully encrypt your operating system, external drive, USB thumbdrive, email and AIM Instant Messenger using PGP encryption. Software includes a data shredder. This product appears targeted at businesses, optionally it can deployed in multiple workstations using a central server.
Symantec Encryption Desktop PGP
DriveCrypt Plus Pack: (Over $100): Whole operating system encryption with AES256-bit, no backdoor, it can hide an undetectable operating system in the hard drive free space, this is useful if someone forces you give up your password, they would not be able to prove a second operating system exists, it can be used in conjunction with USB tokens for preboot authentication, login preboot screen can be changed, you can create your own.
DriveCrypt Plus Pack encryption
SecureDoc WinMagic (Over $100): Encryption of laptops, USB devices and desktop computers using AES 256 bit, certified FIPS 140-2 Level 2, it supports multifactor authentication at preboot level, no backdoor but password recovery is possible if you set it up, available in various languages, extended audit logging make SecureDoc a good option for businesses.
SecureDoc WinMagic full disk encryption
Full disk encryption performance
I have been using full disk encryption for over 5 years, I have used DiskCryptor, Truecrypt and DriveCrypt Plus Pack, in all cases there has been no computer slowdown while I was using full disk encryption, even using it on a low performance netbook with an Intel Atom CPU showed no noticeable performance issue.
If you are a home user you do not need to worry about full disk encryption slowing down your computer activities, the software normally needs very low resources to run on.
Sending email via Gmail, Yahoo and Hotmail it is like sending a postcard, anyone who comes across it can read its contents, that includes your ISP and your email provider, Gmail even scans your email contents to introduce what they call relevant publicity, encrypting email messages is the only way to make sure that no third party can eavesdrop on your communications.
There are a few specialist webmail providers that use encryption end to end but you are trusting them with your encryption keys, in security you must trust as few people as it is possible, the more people has access to your private encryption keys the easier a data leakage will be.
Comodo SecureEmail works locally in your computer to send, receive and store encrypted emails, including attachments, it is easy to use and deploy, and free, you can digitally sign emails to confirming the sender’s identity, a digital signature is even harder to fake than a real life pen and paper signature. The software is compatible with Windows Live Mail, Thunderbird, Eudora and other IMAP and SMTP email clients. Comodo SecureEmail comes with a wizard to easily import a Comodo email certificate for encryption and digital signing, or just choose to import someone’s public encryption key instead.
Comodo Secure Email
If the receiver of the emails does not use Comodo SecureEmail he can still read the encrypted messages using a web based reader, the messages will be encrypted using a single use session digital certificate.
Comodo SecureEmail main features
Easy to use for newbies with automatic encryption and decryption of emails
It supports most email clients even if they haven’t got built-in encryption
Wizard to install the necessary digital certificates to encrypt and digital sign messages
Web reader service to decrypt messages encrypted using a single use digital certificate (aka session certificate)
This email encryption software is light in resources, a small 6.5MB download and it is very flexible, you will not have to swap email software, once the digital certificates have been installed the whole encryption process is automated without having to exchange public encryption keys, encrypting emails using a digital certificate is as secure as using PGP keys to secure messages and easier to use for newbies.
The Advanced Encryption Standard, aka AES, was selected by the National Institute of Standards and Technology (NIST) after a 5 year process in search of an encryption algorithm capable of protecting sensitive government informationwell into the next century and to replace the obsolete and aging Data Encryption Standard (DES) used until then.
The AES cipher is now the standard symmetric-key encryption algorithm for the US Government, this encryption cipher was not only chosen for it’s security, AES arithmetic is based on XOR operations and bit shifts making it fast.
AES is sometimes referred to as Rijndael, a wordplay based on the names of the two Belgian cryptographers who invented AES, Joan Daemen and Vincent Rijmen, strictly speaking Rijndael it is not the same because AES has a fixed block size of 128 bits and a key size of 128, 192, or 256 bits and Rijndael can be specified with key and block sizes in any multiple of 32 bits, with a minimum of 128 bits and a maximum of 256 bits.
Encrypted data
The AES cipher has been approved by the NSA for encryption of TOP SECRET information but just using AES is not enough to make sure nobody can crack it, the implementation of the algorithm is important too, that is why the US Government announced that “The implementation of AES in products intended to protect national security systems and/or information must be reviewed and certified by NSA prior to their acquisition and use“.
Encryption algorithm used by the US Government
The US Government established that information classified as SECRET could be safeguarded using AES with key lengths of 128, 192 and 256 bits while TOP SECRET data must use AES with 192 or 256 bits key length, AES offers a sufficiently large number of possible key combinations to make a brute force attack – trying every possible key- impractical for many decades.
Technological advances, roughly, double the speed of computing processors every year, in a scenario where encryption software using the AES cipher has been correctly implemented, if the attacker were to be someone owning state sponsored resources, i.e. a large network of supercomputers, in theory, cracking AES encrypted data might be possible in around approximately 50 years at the earliest.
When you compress files you will be saving computer hard disk space, bandwidth and speeding up data transfers, file compression is useful to get around email maximum file attachments size too. Commendable file compression tools will allow for password protecting of compressed files, the most popular file compression software, WinZip and WinRar both have sound uncrackable file encryption protection, but they are not free, they show you a nagging screen asking you to buy the software.
BCArchive is %100 free from day one and its encryption features beat WinZip and WinRar hands down, this file compression and encryption tool is multilingual, available in Arabic, Chinese, German, Farsi, Russian, Spanish and Turkish, it creates its own .bca compressed encrypted file or a self extracting .exe for people without BCArchive installed to be able to decrypt it.
BCArchive encryption key manager
BCArchive integrates nicely with Windows shell right click, encryption and compression of a file can be done using two mouse clicks, if you use a password that is too short the software will not allow you to encrypt the file forcing you to use a better passphrase, when using symmetric encryption you can choose what encryption algorithm to use, some of the available ones are IDEA, Blowfish 448, AES Rijndael, Serpent, Gost, Cast5 and 3DES, you can choose the hashing algorithm as well SHA1, SHA256, RIPEMD160 or MD5. BCArchive symetric encryption ciphers are all well known in the cryptography community and considered sound, the best is to stick to the defaults if you don’t know which one to use.
It is possible to use asymmetric encryption with public and private secret encryption keys, you can create standard PKCS #12, X.509 public encryption keys within BCArchive key manager or import your own PGP keys created elsewhere, BC Keymanager allows you to import your PGP encryption keys directly from the Internet connecting to a PGP public key server.
To encrypt files use the interface or drag and drop files inside the BCArchive window, you can compress and encrypted files of up to 2 Terabytes in size. When you view files these are extracted to a temporary folder and securely wiped when the archive is closed, for those who are geeky, BCArchive can be run from the command line.
BCArchive main features
Self-extracting of encrypted files
Drag and drop of files and Windows shell integration
The seizure of Bin Laden’s computer and posterior forensic analysis of his hard disk and USB memory sticks is starting to bear fruit, according to a counter terrorism official speaking anonymously with Associated Press, although Bin Laden had no phone or Internet access at his hide out, he would still send emails to others using intermediaries.
Bin Laden himself would first write emails in his offline computer, save them to a thumbdrive and pass it on to a trusted courier who would then go miles away from Abbottabad to an Internet cafe and send the Al-Qaeda leader email messages copying and pasting them, that same courier would also save and copy all of the replies to Bin Laden onto a memory thumb drive and take them back to the compound for Bin Laden to read in his computer.
The Navy SEALs reportedly gathered 100 flash memory drives after they killed bin Laden, containing thousands of email messages and hundreds of email addresses, expected to lead to a small flood of subpoenas to email providers demanding computer IP connection addresses, and account holder details.
Al-Qaeda explosives training manual
Al-Qaeda operatives are known to change their email addresses often, it is likely that many of those email addresses have already been closed down but email providers do not erase all of the data from their server straight away, it can be kept for years after the account has been closed down, most likely months thought, email contents are not typically stored, but the last connection IP address with time and date are. Bin Laden’s computer hard disk also contained a huge amount of electronic documents that are still being looked into by Arabic translators working for the US Government.
Computer forensics Bin Laden computer
Bin Laden’s computer forensic analysis could be carried out by the National Media Exploitation Center (NMEC) a little known Department of Defense organisation that is designated as “clearinghouse for processing DoD collected documents and media“, their priorities are likely to be to discover imminent plots and finding out Al-Qaeda operatives living in the USA.
The most likely scenario is that a wide range standard law enforcement computer forensics software (Encase, FTK, Sleuthkit) will be used, they will not rely on just a single tool, assuming no encryption was used, the forensics software will first index everything on the machine allowing for quick manual searches of keywords, terrorists are known to use keywords for their targets and comrades, this makes law enforcement work much more difficult when documents are leaked and conversations overheard.
Al-Qaeda encryption software
The US Department of Defence isn’t revealing if Bin Laden was using any encryption, but it is known that a few years back Al-Qaeda supporters released via an Islamic forum called Al-Ekhlaasan an encryption program called Mujahideen Secrets 2, it was the second release of this encryption software targeted at Al-Qaeda supporters, it can encrypt emails, securely wipe data and encrypt text messages as ASCII for easy posting at bulletin boards and websites.
This custom Al-Qaeda encryption tool, still used, provides different encryption algorithms, including AES, and symmetrical encryption keys (256 bit), asymmetrical encryption keys (2048 bit), it can be run from a USB thumbdrive to be used from an internet cafe, there is no need to install it in your computer.
Al-Qaeda encryption software Mojaheeden Secrets
As good as the Asrar al-Mujahideen encryption tool can be, one downside of using this custom tool to cipher messages is that the encrypted messages always start with the unique text: “#—Begin Al-Ekhlaas Network ASRAR El Moujahedeen V2.0 Public Key 2048 bit—” giving away that the user is likely an Al-Qaeda supporter since this encryption software is not publicly available for download.
The Al-Malahem Media Foundation from Al-Qaeda in the Arabian Peninsula – AQAP, publishes an online English language magazine called Inspire Magazine that always ends with the a three different contact email addresses and a copy of their public encryption key created with Mujahedeen Secrets.
Al-Qaeda in the Arabian Peninsula (Yemen) has proved itself an adaptable professional terrorist organization that ditched traceable mobile phones in favour of walkie-talkies and uses coded names, they routinely use encryption for emails when they must send them.
The .rar file is password protected with: Asrar@_EkLaAs.TsG@[$^/!p@]z-2008
UPDATE 2016: It has been recently confirmed in the news that Yahoo Mail acting under a secret US subpoena was mass scanning all email traffic in real time to detect messages containing the identifier header that this software adds and reporting them to law enforcement for further investigation.
