Encryption

[raro]

I misplaced my laptop over New Years and had a bit of panicking two days when looking for it (was moving house....yes, it was a mess...).

Anyways, what came to my mind was all the rather confidential stuff from work and also the rather private stuff that I do not want to have published...lesson learned, we will encrypt the computers from now on!

First obvious choice is WinLocker that comes with win7 Ultimate. Has anyone actually got it going? My sparkling new Acer laptop (mind you, not the cheapest one!) did not have that TPM chip that winLocker requires. the option with the USB stick i was not able to get to work...

Thanks to a good friend and board member, I came across TruCrypt, a software I'd like to recommend here. Plenty of options, you can encrypt individual files or entire drives or anything in between. Easy to use, plenty of explanations (telling you about the consequneces whether you go for option A or B and so on...) and set up in minutes. The initial encryption as such takes a couple of hours so you want to do that over night.

[Mario2008]

Truecrypt is my favourite too. Easy to set-up and use and FREE!

[Crushdepth]

Truecrypt is excellent and has a strong reputation. It's also very fast.

[Crossy]

Another vote for TrueCrypt, encrypt the partition and then have a hidden TrueCrypt volume in there as well, totally secure.

[keeniau96]

Piling on ... TrueCrypt is 'da bomb.

[Daffy D]

Me too

TrueCrypt gets my vote

[Phil Conners]

+1

[Rice_King]

I encrypted my laptop's system partition and several sensitive folders in the data partition with TrueCrypt. (Next build I will just encrypt everything and be done with it.) I've been using TC for file encryption for about 4 years with no issues whatsoever. As for performance, you won't even know it is there.

[Tywais]

Another +1 for TrueCrypt.

[MKAsok]

Gets my vote.

[BB1950]

WinLocker???

It's BitLocker and it has too many limitations.

TrueCrypt is much more versatile and safer than BitLocker.

There are lots of encryption software available to encrypt individual files, but why bother?

IMHO TrueCrypt is the best method for encrypting volumes to store files and folders.

But don't use TrueCrypt prior to version 6. The volumes created with different versions are not compatible. .

I also like OneNote (in MS Office 2010 Suite) to store notes and secure (encrypted) notes together in one place. OneNote is also in older versions of MS Office suites, but the older versions just don't compare.

Using TrueCrypt along with OneNote meets all my encryption needs.

[Rice_King]

But don't use TrueCrypt prior to version 6. The volumes created with different versions are not compatible. .

I am not aware of this compatibility limitation. Can you reference it for me please?

[devdrinker]

BitLocker and Truecrypt are probably overkill.

You can protect your Documents folder (and any others) with EFS (in Professional/Business/Ultimate editions) you probably always want to protect your browser cache directory too. The key for EFS is unlocked by your logon password so pretty secure (if you circumvent and reset password via one of the boot tools etc) the new password wont be able to decrypt your old key rendering the data lost.

[Tywais]

But don't use TrueCrypt prior to version 6. The volumes created with different versions are not compatible. .

From TrueCrypt website version history for 6.0 > "Note: Volumes created by previous versions of TrueCrypt can be mounted using this version of TrueCrypt."

TrueCrypt version documention

[H2oDunc]

PGP is also very good. It used to be free but not sure now ? The trouble is that encryption is getting outlawed in lots of countries now. Unless you hand over the key you face a long stretch in prison. Phil Zimmerman found himself in such a position when PGP found its way outside the USA. In 1993 he was charged with exporting munitions without a license. Yes you read it right. Evidently the Good Ol USA classes anything using over a 40 digit key is classed as munitions and as PGP has always used 128 bits he was in bother. The trouble is Governments like to be able to read whatever you mail, fax or have on your computer. At 128 bits it takes them a very long time to hack ithence the new laws coming in.

He got round this by printing the source code in a book. You simply scanned the pages of the book and hey presto you had it and as there is no restriction on the export of books under the First amendment, for now anyway, there was nothing they could do. As said it would pay to research the country you are flying into before you travel if you have encrypted data on your laptop. Perfect if you are staying put though

[BB1950]

But don't use TrueCrypt prior to version 6. The volumes created with different versions are not compatible. .

I am not aware of this compatibility limitation. Can you reference it for me please?

Maybe I should have clarified that statement a little better.

Sure, there have been a couple of changes to the TrueCrypt Volume Format (version 5.0 and 6.0). Back then, the change logs advised to convert the volumes to the new formats in order to take advantage of the new format features.

AFAIK There have been no changes to the format since 6.0. TrueCrypt has always maintained backwards compatibility. but not necessarily maintain forward compatibility. I've been using TrueCrypt since 4.x

I had a volume that was created with the (then) new 6.0 format, and I was unable to to mount it using ver 5.1a (I forgot the error message, it was over 20 months ago). It was easy to rectify by upgrading the 5.1a installation to 6.0, but at the time I needed quick access to the volume.

This link will mention to when the changes to the formats occurred and what was changed :

http://www.truecrypt.org/docs/?s=version-history

Here's a link to the TrueCrypt Forum that discusses this version compatibility issue some more:

http://forums.truecrypt.org/viewtopic.php?p=54891#54891

[BB1950]

PGP is also very good. It used to be free but not sure now ? The trouble is that encryption is getting outlawed in lots of countries now. Unless you hand over the key you face a long stretch in prison. Phil Zimmerman found himself in such a position when PGP found its way outside the USA. In 1993 he was charged with exporting munitions without a license. Yes you read it right. Evidently the Good Ol USA classes anything using over a 40 digit key is classed as munitions and as PGP has always used 128 bits he was in bother. The trouble is Governments like to be able to read whatever you mail, fax or have on your computer. At 128 bits it takes them a very long time to hack ithence the new laws coming in.

He got round this by printing the source code in a book. You simply scanned the pages of the book and hey presto you had it and as there is no restriction on the export of books under the First amendment, for now anyway, there was nothing they could do. As said it would pay to research the country you are flying into before you travel if you have encrypted data on your laptop. Perfect if you are staying put though

This cat and mouse game has been going on for many years. At one time the US government was trying to force developers of encryption software to put in a 'back door'. Never got off the ground. Now there are ways to hide encrypted data in what appear to be random data files (such as pictures, music, and videos). To enforce a law as you mentioned, they would have to know where to find it.

[astral]

I have been using BestCrypt for along time to encrypt any sensitive data,

both on the machine and external disks.

There are a variety of encryption keys on offer within the package.

[Phil Conners]

PGP is also very good. It used to be free but not sure now ? The trouble is that encryption is getting outlawed in lots of countries now. Unless you hand over the key you face a long stretch in prison. Phil Zimmerman found himself in such a position when PGP found its way outside the USA. In 1993 he was charged with exporting munitions without a license. Yes you read it right. Evidently the Good Ol USA classes anything using over a 40 digit key is classed as munitions and as PGP has always used 128 bits he was in bother. The trouble is Governments like to be able to read whatever you mail, fax or have on your computer. At 128 bits it takes them a very long time to hack ithence the new laws coming in.

He got round this by printing the source code in a book. You simply scanned the pages of the book and hey presto you had it and as there is no restriction on the export of books under the First amendment, for now anyway, there was nothing they could do. As said it would pay to research the country you are flying into before you travel if you have encrypted data on your laptop. Perfect if you are staying put though

The solution to that problem is plausible deniability: http://www.truecrypt.org/docs/?s=plausible-deniability

[Tywais]

I had a volume that was created with the (then) new 6.0 format, and I was unable to to mount it using ver 5.1a (I forgot the error message, it was over 20 months ago).

I understand what you mean now, wasn't clear previously. TrueCrypt is downward compatible but not upward compatible. Microsoft is very good at doing that with their office products.

BTW the message when trying to mount a 6.x drive with 5.1 is "A newer version of TrueCrypt is needed to mount this volume." Just ran a test under a virtual machine.