Results 1 to 11 of 11
  1. #1
    5 Star Lounger
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    1,070
    Thanks
    42
    Thanked 132 Times in 86 Posts

    Ways to encrypt sensitive data in Windows




    ON SECURITY


    Ways to encrypt sensitive data in Windows


    By Lincoln Spector

    We all have something to hide. No, not those embarrassing party photos; I'm talking about sensitive documents such as medical records, financial statements, work files, and so forth. (Okay, and maybe those embarrassing photos, too.)
    Encryption is the best way to protect important data from those who might do us harm. Here's a rundown of encryption options.

    The full text of this column is posted at windowssecrets.com/on-security/ways-to-encrypt-sensitive-data-in-windows/ (paid content, opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

  2. #2
    New Lounger
    Join Date
    Jul 2010
    Posts
    19
    Thanks
    0
    Thanked 0 Times in 0 Posts
    The file encryption tool I use every day in my work is the U. S. Air Force's Encryption Wizard. A Google search for USAF Encryption Wizard will turn it up. Not being a U. S. Armed Forces employee or contractor, I use the Public version. I encrypt my work-product, reports in either WordPerfect or .docx format, before uploading them to OneDrive.

    The actual encryption for the Public (non-U. S. Forces members or contractors) version is done in java. The encryption strength allowed varies. Worldwide one can use 128-bit; in some countries, including where I live, Canada, policy .JAR files are available to put into java to allow AES 256 bit encryption.

    Pros: it can be integrated into Windows, so that a right-click on a file and 'Send To' has as an option the Encryption Wizard.
    Cons: It supports public key encryption but I haven't really gone into its implementation. Since it uses Java, it is unavailable for all practical purposes on iOS, Android and Chrome OS devices such as my Chromebox.
    If you use the AES256 option (assuming that you live in a country that allows this), you have to replace the Java policy .JAR files with the unlimited policy .JAR files, whenever there is a major upgrade to java.

    WARNING! If you have integrated the USAF Encryption Wizard into Windows, don't try to upgrade manually! Uninstall or rather disconnect the program from Windows in the old version of USAF Encryption Wizard, download the new version of the Encryption Wizard and re-integrate into Windows in the new version of the Encryption Wizard.

    Although I haven't done this, the USAF Encryption Wizard should work fine in Mac OS X and in various flavors of Linux.

    The program is mature, well-designed and easy to use.

  3. #3
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,202
    Thanks
    49
    Thanked 987 Times in 917 Posts
    Quote Originally Posted by aquinas50 View Post
    The program is mature, well-designed and easy to use.
    Unless you are in a non-256bit encryption country. And it is possible that the public version has a back door built-in. I'll stick with an open source implementation where we can verify the security.

    cheers, Paul

    p.s. Recent SSDs have hardware encryption built-in and you can enable it using a variety of methods.
    https://en.wikipedia.org/wiki/Hardwa...isk_encryption
    http://www.anandtech.com/show/6891/h...h-crucial-m500

  4. #4
    5 Star Lounger
    Join Date
    Oct 2013
    Location
    Phoenix, AZ
    Posts
    926
    Thanks
    554
    Thanked 137 Times in 128 Posts
    Quote Originally Posted by aquinas50 View Post
    ....The actual encryption for the Public (non-U. S. Forces members or contractors) version is done in java. .. .JAR files are available to put into java to allow AES 256 bit encryption....
    Thanks for the heads up to an alternative encryption app but running an insecure app (Java) to encrypt would not work for me.

  5. #5
    5 Star Lounger
    Join Date
    Oct 2013
    Location
    Phoenix, AZ
    Posts
    926
    Thanks
    554
    Thanked 137 Times in 128 Posts
    Darn fine review of encryption. I did not realize 7-zip had not been updated in five years!

    I encrypt my entire hard drives/SSDs with Truecrypt and never had an issue. But I will give the practice some thought now. I would be worried that Windows was keeping caches of what I had loaded throughout a session between boots, that might be available if I kept the OS in an unencrypted partition.

  6. #6
    Lounger
    Join Date
    Dec 2009
    Location
    Sydney, NSW, Australia
    Posts
    44
    Thanks
    21
    Thanked 4 Times in 3 Posts
    Hi, Thanks for an interesting article.
    Another interesting encryption solution for the cloud (DropBox, OneDrive or others) is Viivo (free for personal use, paid for commercial use). I've been using this for a little while and really like it. Basically it creates a watch drive on your PC, outside of the cloud, that's unencrypted (you can convert folders under this to encrypted folders if needed with Windows Pro) and anything you put in this folder gets encrypted to your cloud drive for backup and access on other machines (which also need Viivo to decrypt). So your stuff in the cloud is secure. I have it on two PCs and it syncs happily via DropBox in my case between the PCs. I just have to remember to file my sensitive personal stuff in Viivo's watch container rather than directly in DropBox.
    The "old" favourite WinZip also creates encrypted Zip files too if you want. But it's not free.
    Also, I'd like to know more about "encrypted" hard drives and SSDs etc., such as the OPAL drives sold with many laptops these days. How do I know what stuff is encrypted on these or even if the encryption is actually working? I've never been able to find out and the only search results I got back were enterprise-level software, way too pricey and difficult for personal use. I asked Lenovo one time about it and they weren't able to shed any light on it either. In case the PC goes bung, I'd like to know if I can transfer the drive to another and use the encryption key (which I don't know where to find) to do data recovery. Or is it tied to the PC's TPM somehow? There's zero information on how to ensure OPAL drives are actually encrypting their contents. It would remove the need for other software solutions if I could have this assurance.
    For Bitlocker whole disk encryption of the boot drive at least (as I've done on my Win 8.1 Pro Lenovo Yoga 3), if you don't have a TPM (trusted platform module) in your PC (just like I don't have), you have to change the PC settings to allow Bitlocker to work in passphrase-only mode. It's not obvious how to do this and I have to web-search it each time (dare I say "google it" or "bing it"?).
    Paul

  7. #7
    jwoods
    Guest
    Tried and TrueCrypt.

    Recently audited...

    http://istruecryptauditedyet.com/

  8. #8
    5 Star Lounger
    Join Date
    Oct 2013
    Location
    Phoenix, AZ
    Posts
    926
    Thanks
    554
    Thanked 137 Times in 128 Posts
    Yes, but no longer updated Truecrypt. Sooner or later you will have to switch to something else.

  9. #9
    jwoods
    Guest
    Quote Originally Posted by Fascist Nation View Post
    Yes, but no longer updated Truecrypt.
    Maybe...anyone can take the code and create a fork (VeraCrypt is one fork).

    We'll see.

  10. #10
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,202
    Thanks
    49
    Thanked 987 Times in 917 Posts
    Quote Originally Posted by dweebken View Post
    How do I know what stuff is encrypted on these or even if the encryption is actually working?
    Take the drive out of the machine and put it in another, or in an external caddy.
    Bitlocker will use the SSD's built-it encryption rather than do it in software.

    cheers, Paul

  11. The Following User Says Thank You to Paul T For This Useful Post:

    dweebken (2015-06-18)

  12. #11
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,202
    Thanks
    49
    Thanked 987 Times in 917 Posts
    An interesting discussion of Full Disk Encryption in hardware with lots of links.
    http://arstechnica.com/civis/viewtop...f=11&t=1243475

    cheers, Paul

  13. The Following User Says Thank You to Paul T For This Useful Post:

    dweebken (2015-06-18)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •