By Michael Ross
This article was published by ComputorEdge, issue #2643, 2008-10-24, as the cover article, in both their PDF edition (on pages 10-13) and their website.
Much of the data residing on a typical computer is not intended to be seen by anyone but the owner of that computer. So how can one prevent unauthorized people from accessing that data? For protection against local snoops (i.e., people who can gain physical access to your computer), boot-up passwords and operating system account passwords offers some measure of defense, but they can be bypassed at will by determined and technically knowledgeable attackers, and are completely useless if and when that data needs to be sent outside the computer, such as when e-mailing a document to someone.
Fortunately, there exist digital encryption methods to safeguard electronic data, and those methods are seeing increasing use by every government that has secrets to keep from other governments (and their own citizens), corporations that wish to avoid falling prey to industrial espionage, and individuals determined to protect their sensitive personal information.
With the advent of personal computers, the amount of data in need of protection has grown enormously. Similarly, with the proliferation of the Internet, persistent broadband access, and malware, the avenues of attack have increased just as dramatically. On the other hand, encryption methods once only available to the most advanced governments, militaries, and commercial firms, can now be obtained by anyone with a computer. Likewise, the Internet has made it far easier to download file encryption applications, and in this article we will examine a few of them.
A Bit of Background
Regardless of the security need, the type of data to be kept under wraps, and the entities trying to do so, the fundamental ideas of cryptography have not changed during the many centuries that they have been employed — possibly before the 7th century BCE, when the ancient Greeks utilized scytales (batons of various diameters) to perform extremely simple transposition ciphering. In essence, one or more ciphers or codes are used to convert the original message (the "plaintext") into text (the "ciphertext") that can only be read by those who know the encryption method and the keys used. The recipient (intended or otherwise!) uses those keys to decrypt that message back to its original form. The simplest example cipher of all may be to shift each character of the plaintext to the left, by one character — thereby encrypting, say, "IBM" into "HAL" (perhaps not a coincidence).
The field of encryption (cryptology) has, throughout its history, been much like an arms race, pitting cryptographers (inventors of increasingly sophisticated ciphers) against cryptanalysts (those trying to unravel the enemy's ciphers) — an ongoing battle between the code makers and the code breakers. This contest has naturally had quite an influence on history — particularly in the realms of war and politics (or are they one and the same?). During World War II, for example, both Germany and Japan placed great store in their top cipher systems — named by the Allies "Enigma" and "Purple", respectively. British and American cryptanalysts were able to break both systems, allowing the Allies to read the enemies' critical transmissions at will, and thereby gain inestimable advantages.
Every encryption method can be classified as either symmetric or asymmetric. Symmetric encryption uses one secret key known by both the sender and the receiver. The strength of a symmetric system (i.e., its resistance to unauthorized decryption) mostly depends upon the key size. For example, the modern Advanced Encryption Standard (AES) can employ up to 256 bits, making it significantly stronger than the Data Encryption Standard (DES), which uses a 56-bit key. In general, the smaller the symmetric method's key, the more vulnerable it is to being cracked, using massive parallel computations.
With an asymmetric encryption method, the sender utilizes a "public key" to scramble his plaintext message, and the recipient uses a "private key" to unravel the message. The strength of an asymmetric encryption method depends upon the difficulty of factoring immensely large numbers. It too can be broken by computational analysis, and possibly more direct mathematical techniques.
There are currently four symmetric key algorithms approved by the Federal Information Processing Standard (FIPS): AES, DES, Skipjack, and Triple-DES. The National Institute of Standards and Technology (NIST), publisher of FIPS, recommends AES. But despite the progress from the simplest ciphers of yesteryear, most if not all of these most modern encryption methods can be cracked by the U.S. government's National Security Agency (NSA), and possibly by their counterparts in other countries.
Yet for the purposes of protecting your own computer-based data, you do not need to become adept in cryptography. You only need one solid encryption system designed to safeguard digital information.
Super Secret Software
If you were to opt for AES for your encryption needs, then an excellent choice of software would be File2File, which is offered at no charge by Cryptomathic. It runs on Windows XP, 2000, and some earlier versions of Windows. The company's website indicates that a Vista version will be available soon, but it is possible that the existing version will run fine under Vista just as well as it does under XP.
File2File is easy to download and install, and is even easier to use, because during installation, it is added as an extension to Windows Explorer. Consequently, when you wish to encrypt one or more files, or a entire folder (including all subfolders and their files), simply right-click on the top-level files and/or folder, and choose "Encrypt" from the "File2File" menu option. In our example, we will encrypt a file named "secrets.doc".
Figure 1. File2File encryption dialog
File2File requires that the key you type in be at least eight characters long. As with any computer password, the longer it is, and the more unusual characters (to prevent attacks based upon a dictionary), the stronger the final results. After File2File has finished, it deletes the original file, not only from your hard drive, but also from the disk cache, for additional security. The resulting file, in our example, is named secrets.doc.f2f. At least as of version 2.1, File2File unfortunately does not have an option for encrypting the name of the file. Knowledge of the file name could provide valuable clues to anyone trying to decrypt your file, because then they would know likely phrases to be found in the file's plaintext.
One excellent feature is that if you mistype the password, File2File will detect that it is not your default password, and will alert you, giving you a chance to retype it in order to confirm it. You also have the opportunity to make the (previously) unseen password your new default.
Figure 2. File2File new password confirmation
File2File can create an executable file, so the recipient of your encrypted files is not required to have File2File installed on their PC to decrypt the file you sent them. This is similar to file archive programs that allow you to zip up files as self-unzipping executables.
Some people, especially computer programmers and other techies, do not like the idea of entrusting their secrets to a proprietary, blackbox program, whose workings they cannot examine and verify. If you fit this category (of people, not programs!), then you should consider using PGP (Pretty Good Privacy) instead of AES, because the majority of the PGP programs out there are open source projects. As a consequence, you can you download not only a "binary package" (i.e., the program ready to run on your computer), but you can also download all of its source code — thereby allowing you to examine the code and even modify it if you are up to the challenge.
GNU Privacy Guard (a.k.a. GnuPG and GPG) is a popular example of such software. It bills itself as a complete and free implementation of the OpenPGP standard, as defined by RFC4880. Its Windows version has a command line interface. Use the "-h" option to see a listing of the help information.
Figure 3. GnuPG help info
As seen in Figure 3, GnuPG supports numerous algorithms, including those using public keys, ciphers, and hashes, in addition to regular file archive compression. Unfortunately, like so many other open source utilities, the documentation may prove to be excessively cryptic for the non-technical user.
Regardless of which file encryption program you choose, make good use of it to protect the sensitive data on your computer, and especially the data that you send to other people via e-mail. Lastly, do not forget the password(s) that you have selected. Otherwise, an encryption program that deletes the original version of the file, can become the electronic equivalent of a paper shredder.