|
|
s|b wrote:
> On Mon, 18 Aug 2008 21:30:33 -0500, VanguardLH wrote:
>
>> http://www.truecrypt.org/
>
> Same question: can this encrypt single files and folders? A program like
> AxCrypt integrates in the menu (shell?) and with a single click of a
> button you can encrypt data.
>
> TrueCrypt looks interesting, but it also looks overkill for what I want.
> (I don't want to encrypte a complete hard drive or create a partition
> just for the purpose of encryption).
Truecrypt can create encrypted containers besides encrypting a partition
or disk. These containers are files as far as your file system sees
them. The contents of the .tc file (you can elect to not use an
extension or use any extension you want to hide what the file is used
for) is what gets encrypted. When you mount that container file, it
becomes a drive, so you can have files and folders inside that
container.
With Truecrypt, I can put the .tc file on a USB thumb drive and take it
anywhere I want while the data remains secure, and I can use it anywhere
that I can install TrueCrypt on the host (or run TrueCrypt from the same
USB thumb drive). The encrypted data is portable. It isn't locked to a
particular host. I don't have to worry about whether or not I will have
privileges on the OS to install the software. For an encryptor that
digs into the OS, I already have EFS which can encrypt files and
folders. While Axcrypt mentions that compressed folders are not secure
( www.axantum.com/AxCrypt/faq.html#why_better_than_compressed_folders">http://www.axantum.com/AxCrypt/faq.html#why_better_than_compressed_folders),
they don't bother to compare themself to EFS. While you may only use
Windows (or demand to use only Windows or divulge you can only use
Windows) for your encrypted data because you use Axcrypt, Truecrypt has
Windows, Mac OS/X, and Linux versions available. With Truecrypt and if
the target host where I need to use the encrypted data is not running
Windows, I don't have to figure out how to run Axcrypt inside of WINE on
Linux or some VM running Windows on Mac OS/X. Portability to different
hosts, across different operating systems, and not requiring elevated
privileges to install the software make TrueCrypt a better choice (for
me).
Axcrypt only uses AES 128-bit. For those paranoid about their data
protection, that isn't long enough. TrueCrypt not only provides AES
256-bit but you can use other less common encryption schemes (so the
hacker may not have the appropriate tools) and you can even combine
them. Axcrypt tries to pooh-pooh their choice of just 128 bits at
www.axantum.com/AxCrypt/faq.html#why_128bit">http://www.axantum.com/AxCrypt/faq.html#why_128bit. There are various
password utilities available. One calculator is at
lastbit.com/pswcalc.asp">http://lastbit.com/pswcalc.asp to figure out how long it takes to brute
force a password using AES-256 depending on password length.
Assuming the brute force method can be sustained at the claimed records
per second that can be processed by their utility, an 8-character
password would take 5 days to recover assuming it was the last key
combination tested that found the password. A 14-character password
would take 22 billion years so password length is crucial for
protection. AES-128 with 2^128 LESS bit flips to exercise would take
far less time to than AES-256. For casual protection of encrypted
data for personal use, AES-128 is probably more than sufficient provided
you use a long and STRONG password. It is NOT sufficient by
organizations that demand better security for their data. Read
www.bizjournals.com/stlouis/stories/2008/08/11/daily93.html">http://www.bizjournals.com/stlouis/stories/2008/08/11/daily93.html. If
you were one of their employees, would you not be concerned how securely
encrypted was that stolen data?
Axcrypt may more than satisfy your security requirements of
password-encrypting files and folders under the current instance of
Windows using its file system along with the encryption support afforded
by the constantly running Axcrypt service. It might be just what you
want. I remember looking at Axcrypt a few years ago and, at that time
but I don't remember all my decisions back then as to why I instead
chose to go forward with Truecrypt..
|
|