Encryption Soft

What other productivity software are you working with...
Post Reply
eil
Posts: 1054
Joined: 13 Jan 2011 19:44

Encryption Soft

Post by eil » 07 Dec 2017 22:15

basically i'd wish to hear some opinions about encryption software, pluses and minuses. say, what's better: encrypt/decrypt file-by-file real-time, or create "mountable containers" that contain encrypted items? if there is a difference in access time and data-loss security depending on mount-container size?(like 3 containers 10Gb each is more reliable and fast than 1 30Gb)?

i'm in search, and i have a pattern i need to fulfill. mainly i want to encrypt personal data(like photos, docs) and set of portable programs. so it's data with seldom access, and "mount/decrypt this folder" needed, i guess. the smaller impact on system resources, the better.!
yet, it'd be great if there be some safe-protocol in it. like "3-5 times wrong pass = termination of data". yep, harsh, that in case of laptop being stolen, to be sure no important data will be acquired.

highend
Posts: 8255
Joined: 06 Feb 2011 00:33

Re: Encryption Soft

Post by highend » 07 Dec 2017 22:46

encrypt/decrypt file-by-file real-time
That would require a read AND writable transparent file system (in other words: a container...^^)
so that this would work with portable programs...
like 3 containers 10Gb each is more reliable and fast than 1 30Gb
Reliability comes from backups! For containers: Backup their headers and the contains themselves.
The more containers, the more effort to handle all of them (one for personal data, one for portable stuff, one for...)
to be sure no important data will be acquired
Choose a secure password and if you want to be on the safe side, use a hidden container (ofc this
requires two passwords to unlock the inner one). The plus on this: If you are asked to decrypt
one (by law), you unlock the outer one. Put some harmless files in there AND NEVER change
them / add more files!. The inner one is not detectable. Plausible Deniability!

Easiest solution: Portable Veracrypt, I'm using it (and Truecrypt before) since forever with 4 x 2 TB
containers (on different drives, computers, network)...
One of my scripts helped you out? Please donate via Paypal or highend (at) web (dot) de

Filehero
Posts: 2289
Joined: 27 Feb 2012 18:50
Location: Windows 10 Pro x64

Re: Encryption Soft

Post by Filehero » 08 Dec 2017 06:23

I have two scenarios.


1. Pure encryption
(also for public cloud backups): done on/from hard drives where space is not a constraint -> VeraCrypt containers.

2. Encrypted sync (via public cloud): done on/from SSDs where space is still a valuable resource -> CryptSync. Wrapping 7z, it's basically the core functionality of BoxCryptor Personal without a plan.

For 2. I'm still thinking about setting up a private cloud (NAS).
Last edited by Filehero on 09 Dec 2017 07:35, edited 1 time in total.

eil
Posts: 1054
Joined: 13 Jan 2011 19:44

Re: Encryption Soft

Post by eil » 08 Dec 2017 19:40

highend wrote:Reliability comes from backups! For containers: Backup their headers and the contains themselves.
stupid question - what are the headers? crypted container consists of 2 files?! heard about headers in one topic about possible change of password, and it was smt about headers there too, but i didn't get it..
highend wrote:The more containers, the more effort to handle all of them (one for personal data, one for portable stuff, one for...)
so there is no difference in speed of access to data between 10Gb or 100Gb containers?
highend wrote:Choose a secure password and if you want to be on the safe side, use a hidden container (ofc this
requires two passwords to unlock the inner one).
container with another container in it? making inner one hidden by attribute won't really help as any middle-minded person will notice not equality of size for present items and size of first -level container as a whole.
highend wrote: The plus on this: If you are asked to decrypt one (by law), you unlock the outer one. Put some harmless files in there AND NEVER change them / add more files!. The inner one is not detectable. Plausible Deniability!
in this scenario first-level container's items must be unchanged to use 2nd level container, right? why?

yet, by law is one thing, but in case i would be forced to provide pass, or smb would be trying to brute-force the pass possessing containers - i'd prefer to have a safety mechanism that will erase all data inside container(or container itself) in case of specific "fake pass" or numerous wrong passwords. any ideas on that?

eil
Posts: 1054
Joined: 13 Jan 2011 19:44

Re: Encryption Soft

Post by eil » 08 Dec 2017 19:45

Filehero thanks for links and ideas, but i tend to think any scenario with putting info away from my laptop/external drive is not safe by itself. i'm considering only direct control methods.

Filehero
Posts: 2289
Joined: 27 Feb 2012 18:50
Location: Windows 10 Pro x64

Re: Encryption Soft

Post by Filehero » 09 Dec 2017 07:38

eil wrote:Filehero .... any scenario with putting info away from my laptop/external drive is not safe by itself. i'm considering only direct control methods.
I don't understand.

If you think "putting away" your files (strongly) encrypted this way you basically don't trust it. But then you can skip the whole idea.

eil
Posts: 1054
Joined: 13 Jan 2011 19:44

Re: Encryption Soft

Post by eil » 09 Dec 2017 07:58

Filehero wrote:If you think "putting away" your files (strongly) encrypted this way you basically don't trust it. But then you can skip the whole idea.
i meant uploading data on any external source that is not under my direct control(like cloud) is considered by me as not safe(even though data is encrypted). i trust only my laptop and backup usb drive.

Filehero
Posts: 2289
Joined: 27 Feb 2012 18:50
Location: Windows 10 Pro x64

Re: Encryption Soft

Post by Filehero » 10 Dec 2017 13:38

eil wrote: i meant uploading data on any external source that is not under my direct control(like cloud) is considered by me as not safe(even though data is encrypted). i trust only my laptop and backup usb drive.
Ah ok, thanks.

My encrypted cloud backups are the remote ones. These are a requirement for a „complete“ backup strategy, e. g. to provide rescue in case your local backups are destroyed by fire, children etc..

eil
Posts: 1054
Joined: 13 Jan 2011 19:44

Re: Encryption Soft

Post by eil » 11 Dec 2017 16:44

Filehero wrote:My encrypted cloud backups are the remote ones. These are a requirement for a „complete“ backup strategy, e. g. to provide rescue in case your local backups are destroyed by fire, children etc..
i'm less afraid of fire and destruction of data, than if it gets into hands of someone who decided to get it without my will.
btw may it happen you know some way to auto=destruct encrypted container with conditions? like maybe a script or tool run when container being opened?..

Filehero
Posts: 2289
Joined: 27 Feb 2012 18:50
Location: Windows 10 Pro x64

Re: Encryption Soft

Post by Filehero » 11 Dec 2017 17:11

eil wrote:i'm less afraid of fire and destruction of data, than if it gets into hands of someone who decided to get it without my will.
But that's the whole purpose of (strong) encryption, he cannot do anything with it.

highend
Posts: 8255
Joined: 06 Feb 2011 00:33

Re: Encryption Soft

Post by highend » 11 Dec 2017 17:28

crypted container consists of 2 files
No, volume headers are not files
so there is no difference in speed of access to data between 10Gb or 100Gb containers?
I can't measure any speed difference on my system with those container sizes. Speed is limited
by various factors (processor, aes support in hardware, drive speed). A 10GB container on a very
fast NVME SSD (2,2 GB/sec write, 3 GB/s read) has a write rate (AES encryption) of > 500MB / s
making inner one hidden by attribute
The inner (hidden) container is NOT a file!
https://www.veracrypt.fr/en/Hidden%20Volume.html
like maybe a script or tool run when container being opened?
What's the usage of this? No (not totally retarded) person would try to open
any container on your personal pc. They rip out the drives and try to decrypt
it elsewhere...
One of my scripts helped you out? Please donate via Paypal or highend (at) web (dot) de

eil
Posts: 1054
Joined: 13 Jan 2011 19:44

Re: Encryption Soft

Post by eil » 14 Dec 2017 19:08

Filehero wrote:But that's the whole purpose of (strong) encryption, he cannot do anything with it.
you probably know the saying "it's easier to crack a man than a machine". there are many situations when even legal demand to reveal pass is not legal. 8)

eil
Posts: 1054
Joined: 13 Jan 2011 19:44

Re: Encryption Soft

Post by eil » 14 Dec 2017 19:23

highend wrote:The inner (hidden) container is NOT a file!
https://www.veracrypt.fr/en/Hidden%20Volume.html
thanks for a link, interesting method, not a super solution still interesting. especially i liked: Whether the hidden or the outer volume will be mounted is determined by the entered password (i.e., when you enter the password for the outer volume, then the outer volume will be mounted; when you enter the password for the hidden volume, the hidden volume will be mounted).
highend wrote:
like maybe a script or tool run when container being opened?
What's the usage of this? No (not totally retarded) person would try to open
any container on your personal pc. They rip out the drives and try to decrypt
it elsewhere...
well exactly for that reason - when drives are ripped out or there is no owner manual access to destroy data, to self-detruct data in case of brute-force or owner was forced to give pass(obviously giving fake one).
script/tool*self-destruct method) i was asking about obviously must be inside crypted container.

Post Reply