Hacker 10 – Security Hacker

Tag: no backdoor encryption

  • Public key encryption with CyberSafe Top Secret

    Public key encryption with CyberSafe Top Secret

    CyberSafe Top Secret is a commercial program made in Russia to encrypt files, folders and partitions, it can be used to create virtual encrypted drives or encrypt a full partition or removable media (USB thumbdrive) where everything stored is automatically ciphered. The program’s source code is available for download from the company website to reassure you that there is no backdoor.

    The free edition of CyberSafe Top Secret should be considered trial software, the password length limit of 4 characters and DES algorithm make it very easy crack, it is only after buying the program that you get full protection with encryption algorithms that no law enforcement or sophisticated spies can penetrate.

    I found the program very versatile, it has so many options that if you have not used encryption before learning how to use digital certificates for encryption and signing files could take a few days to learn for newbies but a PDF manual explains in detail how everything works, it is not difficult, it simply takes time.

    I welcomed the addition of being able to encrypt files in your computer before uploading them to Dropbox, Google Drive and other cloud services. Google Drive, like Gmail, scans your data to find out if you have uploaded child pornography photos by matching the unique hashes of those files with the ones given to them by law enforcement. You have no guarantee that the NSA will not order Google to also scan your files to find X, once built-in scanning exists,nothing stops the NSA from abusing that capability for their own purposes. Anybody storing files in the cloud would be insane not to encrypt their files first and CyberSafe Top Secret allows you to do that easily dragging and dropping folders inside a window.

    CyberSafe Top Secret encryption software
    CyberSafe Top Secret encryption software

    When creating a virtual encrypted drive (.dvf) you are given the choice of encrypting it with the USA Department of Defense approved AES algorithm or the Russian government standard GOST symmetric block cipher. Be careful when entering the password because you will not be asked for confirmation. This was bizarre, it is one of the few times that I come across an encryption program that does not ask you to confirm your password twice when creating an encrypted container that is meant to be uncrackable.

    CyberSafe Top Secret Ultimate comes with a few business friendly features, like the optional Google Authenticator that can be activated in settings, a one time password mobile app that has to be used together with a user password before you can launch the program.

    The heavy reliance on public key encryption to secure files suggests CyberSoft Top Secret has businesses in mind. It is easier to manage a central registry of digital certificates that can be revoked over the network than managing dozens of passwords, the program allows you to access a public key server and import or export a public encryption key without having to open your web browser.

    CyberSafe Top Secret file encryption
    CyberSafe Top Secret file encryption

    My main criticism of this software is pricing, I obtained a license for the high end CyberSafe Top Secret Ultimate edition during a give away not connected to this review, otherwise, I would not have paid the €100 it costs. For slightly more money I can buy BestCrypt, WinMagic SecurDoc or SecurStar DriveCrypt Plus Pack full disk encryption.

    There is a cheaper version of CyberSafe Top Secret but it comes with a maximum password length of 16 characters, I don’t think that is long enough to secure your data from an adversary with high resources and it seems unfair that security software you have paid for can come with a limit that weakens your security unless you buy their most expensive package.

    CyberSafe Top Secret pricing can only be justified because it can manage and create encryption keys and it makes it easy to email to other people in a secure manner with a proven standard, but disk encryption wise, full disk encryption is much better.

    CyberSafe Top Secret should be praised for making the source code available for download. This does not guarantee that the program is bullet proof but it guarantees that experts can look at how encryption works and detect changes if somebody forces the company to modify the code.

    Perhaps if the price was cheaper for the Ultimate edition or if I needed support I would consider this program to encrypt my data. I see this software most suitable for a company with many employees after an easy solution to manage multiple encryption keys, home users in need of hard drive encryption might be better off looking at the other options mentioned above or with DiskCryptor (free), but if all you want is a solution to encrypt emails maybe it is worth to check out this software.

    Visit CyberSafe homepage

    PS: After writing the review I noticed that the uninstaller is only in Russian, clicking on the default options erased everything properly. There is no malware, but it is not very professional not translating the uninstaller.

  • Review Axcrypt free file encryption program

    Review Axcrypt free file encryption program

    AxCrypt is a free open source encryption program for Windows computers available in 32-bit and 64-bit versions, after installing AxCrypt it will integrate with your right-click  menu and allow for single click encryption, it is very easy to use, there is nothing to configure, everything works straight out of the box after installation, you can right-click on a folder and instruct AxCrypt to encrypt the entire contents, the program will then create multiple encrypted file belonging to each one of the files inside.

    The software interface is multilingual, available in 7 different languages, it can be used from the command line and a portable version of AxCrypt is available for those on the go wanting an encryption programs that runs from inside a USB thumbdrive.

    There is no maximum file size for encryption, the only size limit comes imposed by your operating system boundaries on file size, AxCrypt runs on very low resources, to use AxCrypt you only need 5MB RAM, 2MB hard disk space, temporary disk space 1.5 the size of the file being encrypted, and a low end computer desktop CPU.

    Because AxCrypt is open source, you can download the source code and compile the program yourself where you to feel inclined, you could check the source code for backdoors before compiling it.

    AxCrypt encryption method

    AxCrypt uses the AES algorithm with 128-bit keys for file encryption and SHA-1 for hashes, there is no backdoor, if you forget your password that is it. The AES encryption algorithm that AxCrypt uses was selected by NIST (American Nations Institute of Standards and Technology) after a 5 year process in which fifteen competing designs were presented, AES is the current Federal USA Government standard algorithm for encryption.

    AxCrypt file encryption
    AxCrypt file encryption of MP3 file

    Files encrypted with AxCrypt have the extension .axx, it retains the original file name and information, you can rename the file if you want to disguise a descriptive name, temporary files are automatically shred, the encryption keys are not stored in Windows page file. If you don’t want to erase the file after encryption you can just choose encrypt copy from AxCrypt menu.

    To make it more difficult for an attacker to brute force your password and make the best of the full 128-bit encryption strength potential that AxCrypt offers, you should be using with a meaningless passphrase sequence of 22 characters, if you decide to create a keyfile with AxCrypt and use it for encryption your files will automatically be secured at the maximum level, the keyfile encryption method can be used in conjunction with a password.

    AxCrypt software developers recommend that you always create a keyfile for encryption, the created keyfiles are made of 256 bits encoded in Base64, they are saved as a .txt text file with random characters in it.

    AxCrypt file decryption

    When sending your encrypted file over email to someone else that person will need AxCrypt installed to decrypt it, there is a free program called AxDecrypt that allows others to view AxCrypt encrypted files without installing the full software, AxDecrypt only serves to open files with the .axx extension and it can not encrypt.

    You can choose to create .exe self-decrypting files, the other end does not need any kind of program to view the encrypted data, they just need to know the password used, one downside is that .exe files many times contain viruses and few people trust them, antivirus could flag them as a malware, and some email services like Gmail do not accept the sending of .exe file attachments.

    Like all symmetric encryption software when you send an encrypted file to someone he/she will need to know the password you are using, you can transmit the password over a secure channel, ideally in person and if that it is not possible then using an encrypted VoIP call, or an Internet messaging program with built in encryption.

    File encryption vulnerabilities

    While AxCrypt contains no backdoor and the algorithm it uses can not be cracked at present, all file encryption programs have side vulnerabilities residing on the operating system, this is what you should watch out for.

      1. Weak password, file encryption programs are only as good as your password

    Solution: Use a very hard to guess passphrase not contained in a dictionary or use a keyfile to secure your files, use a password manager if needed to remember it.

      1. Temporary files and backup copies stored by the your operating system while viewing the decrypted file

    Solution: Use data wiping software in conjunction with your file encryption software, routinely wipe Windows locations where temporary files are normally stored, like for example the Windows page file, quality data wiping software come already preconfigured to securely erase those locations.

      1. Your computer has a keylogger installed that captures your password

    Solution: Have an updated antivirus and use a high quality firewall that will warn you of outgoing connections, the default Windows firewall will not do this.

    AxCrypt file decryption
    AxCrypt file decryption

    After decrypting a file AxCrypt will automatically overwrite it, secure data wiping consists of a single pass using pseudorandom data, this is enough to protect you from common undelete software but it will not protect you from expensive special diagnostics hardware used by well funded adversaries like corporations and law enforcement, if you need that level of protection get a different encryption software because data could be recovered from previously erased data.

    AxCrypt online documentation is very complete, if you want to know the inner workings visit their homepage, if you get stuck, they have an online forum and a mailing list where to ask questions to other users.

    Conclusion on AxCrypt file encryption

    It doesn’t have the prettiest of interfaces and its configuration capabilities are next to none, while some might view this as a disadvantage, others will see it as an advantage because it makes operation very easy to understand for beginners.

    AxCrypt strong points are that it is open source, it contains no backdoor, it uses a standard uncrackable algorithm for encryption (AES128) and it is easy to operate, its interface could be improved but it gets the job done, this is an excellent program for those on a budget because it is free (donationware) and it will securely encrypt your files.

    I would not hesitate recommending AxCrypt to friends in need of secure encryption software but the single pass temporary data overwriting was disappointing, if you are a business user stay out of AxCrypt because it is only secure enough for the home user due to this.

    Visit AxCrypt homepage