Why Encrypt Files?
We keep our secrets in files. It has been said that only people with something to hide object to surveillance and want privacy. Personally, I don’t have many secrets, There are plenty of things I do, say and write that I do not want shared, photographed or discussed. It is PRIVATE.
Everyone has secrets. Governments have secrets. Every business has customer information that must be kept from prying eyes.
Software and hardware companies work long and hard on new products and projects before they release them to the public. And the details will still be secret in many cases. Kentuck Fried Chicken and Coca Cola have secrets.
For Example NASA
In 2001 NASA suffered four data losses when laptops with unencrypted data where lost or stolen.
In August, 2013 David Miranda was detained at Heathrow under anti-terrorism laws. He was not suspected of terrorism, he is the partner of Glenn Greenwald, who has been publishing documents leaked by Edward Snowdon that are embarrassing to the NSA and GCHQ in the Guardian newspaper.
Miranda was forced to hand over passwords for his laptop, phone and several USB keys he was carrying.
If he did not comply, he could be detained. He was being held under duress. More on this later…
There are a number of encryption tools. some of them “on the fly tools” like TrueCrypt.
What is “On the Fly” Decryption?
TrueCrypt mounts a drive, partition or volume (file) so it can be seen and accessed by the operating system as a drive or folder. Files can be copied, read, run, deleted and be edited in real time.
These are just a few of the tools available. Most are not free:
One of the most popular is Bitlocker, and it is free… But it only works on Windows, and do you trust Microsoft?
Is Bitlocker Safe?
Microsoft has admitted building a back door into Skype after purchasing it. It works with the NSA because as a public company, it has no choice. And it is suspected that there is a back door into Windows, written into the encryption DLL from Windows 95 OSR2 onwards.. It is closed source. No one can look at the code and see if it is clean.
So Microsoft products may not be trustworthy.
The NSA have even attempted to have a back door built into Linux.
Fortunately, as an open source project, that is not easy to do, with many eyes looking on.
There are other trustworthy open source projects, but TrueCrypt is well known, cross platform, and here.
- Open source
- Capable of running on Linux, Windows, Mac
- System agnostic, create a volume on one OS, it works on all the others
- Safe, an independent code audit is underway, thanks to a Kickstarter project
TrueCrypt is very flexible. It can encrypt:
- Whole drives
- Containers (Files that can function as encrypted folders or drives)
It can open containers on:
- System drives
- Network drives
- USB and SD devices
It can open or mount devices upon:
- Booting the system
- Connection of the device (inserting a USB for example)
- On user request ( by using the software to mount a volume)
It can disconnect a device upon:
- After a period of inactivity (eg. No read/write for 10 minutes)
- When suspended
- When requested (manual / user dismount)
- It treats an encrypted partition or file as a folder In linux, or, on Windows, a drive letter
- TrueCrypt volumes can be stored anywhere, including a USB drive
- All settings are stored in an XML file, not in the Windows registry
- It uses on the fly symmetric encryption, the data is never stored unencrypted in the file system.
- A volume looks like noise. There no header that can be used to identify it. It can be any file extension.
- One corrupt block (128 bits) does not destroy the volume, the header is duplicated
The encryption is based on a huge pool of entropy used by the random number generators. This is drawn from the clock and calendar, MAC and IP information, random data from the network card, and movement of the mouse and keystrokes.
Use a Good Password (NOT One of These)
The weakest link is the password. ALWAYS use a good password. Here are the worst 25 passwords from 2013. If you use one of these, congratulations, you are in good company, now CHANGE IT!
The 25 most popular (dumbest) passwords of 2013:
Some of the more advanced features of TrueCrypt are:
- Files can be used as part of the password. This will help on a community PC because a keyboard logger cannot read the file data
- Security tokens (tags, USB devices and smartcards) can be used as security tokens
- Up to three encryption keys can be chained for maximum security (it IS slower)
- Header files containing the encryption data can be saved and stored
- Header files can be used to recover “lost” volumes if passwords are lost
If you are arrested, held prisoner or in a ransom situation failing to give a password can be life threatening. Plausible deniability is being able to demonstrate good faith by giving the demanded information without giving away secrets
In the US and Britain you can be jailed for refusing to give passwords while being questioned as a suspect.
David Miranda, mentioned earlier, supposedly had the password to an encrypted USB drive in his pocket…
Note the third bullet point. They decrypted ONE file. If they had found anything incriminating, he would not have been released nine hours later. Perhaps it was a sacrificial file used to protect the presence of a TrueCrypt hidden volume in a duress situation…
Hidden Volumes Provide Plausible Deniability.
A hidden, encrypted volume can be created within a volume. The TrueCrypt application tries to open the outer container with the provided password. If it fails, it searches further. If there is another, hidden container, it opens that.
The result is that in a duress situation the first password will open the outer container and reveal the not so secret, sacrificial files. The second password will open the second truly secret volume.
The size or even existence of the hidden volume is difficult to prove, because TrueCrypt fills every container with random data, So it always looks full.
Until decrypted, a TrueCrypt partition/device appears to consist of nothing more than random data (it does not contain any kind of “signature”). Therefore, it should be impossible to prove that a partition or a device is a TrueCrypt volume or that it has been encrypted (provided that the security requirements and precautions listed in the manual are followed).
Safety and features
Partition headers can be backed up. 1k file. if a corporate PC has an encrypted partition, and the employee loses or changes the password, management can come back with the backed up header and recover the data.
Does TrueCrypt use parallelization?
- Yes. Increase in encryption/decryption speed is directly proportional to the number of cores/processors your computer has.
- Benchmarks run under Windows XP found that it ran faster on a TrueCrypt volume than it did using native Windows file systems, because the TrueCrypt drivers use multiple cores or processors to increase throughput!!
- Encrypting a system drive creates an ISO image you must burn. The disk can repair a damaged boot-loader. damaging the boot-loader could cause TrueCrypt to not know the password, the disk can repair it.
- TrueCrypt is aware of, and manages wear levelling on SSDs
The TrueCrypt installation installs an excellent 150 page Pdf manual.
There are command line options, for details of usage applying to the Linux and Mac OS X versions, please run: truecrypt –h
Download TrueCrypt from the web site today, and give it a try.