How You Can Protect Your Secrets with Encryption

News stories over the past few years about the unconstitutional actions of the National Security Agency (NSA) and other government agencies should serve as a wake-up call for all of us. Yes, there are many people and organizations trying to obtain information about you. From hackers in third-world countries, to companies trying to sell you products, to semi-secret agencies of the U.S. Government, it seems as if nearly everyone is trying to find information about you. Indeed, many people seem to have a phobia about storing their personal information on servers on the Internet.

What saddens me most of all is that the entire issue is so easily avoided: encrypt the information. When you leave your house, I suspect you lock the door. When you leave your automobile in a parking lot, you probably lock it up, too. The same should be true with your information. When you leave your information unattended, whether it is in your home when you are not present or someplace in the cloud, you should lock it up.

Simply put, encryption programs scramble data within the file or files that you specify so that no one else can access that data without the key that you keep. If anyone does manage to obtain a copy of your file, all they will see is something that looks similar to this:

lj,Rn’G9%$#ho\mG{njbhdmnRle=iuwHdwk|,mfmn~jJYle

Security is under your control at all times because you have the key and you decide who gets copies of that key. Encryption is easy to do, requiring only a few seconds, and (in many cases) it is free of charge.

I know that I am paranoid about security, but I worry about my personal information wherever it is stored–online or on flash drives. I also worry about data stored on my computer at home. There are thousands of hackers around the world running automated scripts that attempt to connect to individual in-home computers to access information, even information that is not stored in the cloud. This remote access is easy to block, but many people don’t know how to do that.

I had one experience a few years ago that made a security believer out of me. I tossed my laptop computer into the trunk of my automobile, drove into a nearby big city, and parked ion an underground parking garage. I then met some friends at a nearby restaurant. When I later returned to the parking garage, I found the trunk of my automobile was open. There were scratch marks near the lock; I suspect someone had pried the trunk open with a large screwdriver or a pry bar. My laptop was the only think missing.

The laptop had my entire life on it. Lots of business and personal files. My bank account information as well as a lot of information about my other financial accounts. The names, telephone numbers, and email addresses of most f my friends and business associates as well, as that of many customers. And, yes, my Social Security Number was also stored on the laptop.

All the thief had to do was to turn on the laptop computer and he or she then gained access to everything. If I had been smart enough to encrypt the entire hard drive, the thief would have gained access to nothing.

Even higher risk is in-home physical access. Sure, I trust my family members with any information I have, but do I trust their friends who visit our home? Do I trust the plumbers, the electricians, the locksmith, the delivery drivers, and others who enter my home, sometimes when I am not there? They could easily access my computer, even if for only a few seconds.

I used to have a job fixing computers in homes and in offices. In more than one case I found viruses had been introduced to computers by babysitters. These same babysitters obviously had easy access to the entire computer’s contents and could easily have copied information to a flash drive or sent it by email to another computer anywhere in the world. In most cases, the babysitters had plenty of time to do this.

I no longer have any need to employ babysitters or pet sitters, but perhaps you do. If so, you need to ask yourself if you trust that babysitter or pet sitter with all your secrets.

One simple solution will eliminate all this worry: encryption will lock out prying eyes from your data on your own computer at home as well as protect data stored on laptop computers, flash drives, on web servers, in the cloud, or elsewhere.

Who cares if someone gets their hands on your encrypted files? Assuming the encryption is performed with current, state-of-the art software, nobody can read your encrypted files without knowing those magic characters that will unscramble the files–the encryption key. (NOTE: Multi-bit encryption keys are very different from simple passwords.)

If a thief or hacker does mangae to access your encrypted files, all he or she is ever going to see is something that looks like this:

kn38s,kr9g,333,@gdfurl*mep;.ehunloozheso84)jel

Not very useful, is it?

Encryption is used by the military, civilian governments, and corporations to keep secret information just that: secret. The U.S. military uses advanced cryptography techniques to document war plans, inventories of atomic bombs, intelligence information, flight plans of bombers, and similar secrets. The banking industry uses encryption to safely transfer billions of dollars every day. If encryption meets the needs of these organizations, it will work for you.

To be sure, the encryption should be performed with one of the better encryption standards of today, which are available in many encryption programs available from many vendors. The secret files also must be made by using a lengthy, multi-bit key to encrypt data using cryptographic algorithm. The key length used in the encryption determines the ease with which a hacker could perform a brute-force attack; longer keys are exponentially more difficult to crack than shorter ones.

Luckily, there are dozens of encryption programs to choose from for Windows, Macintosh, Android, and Apple iOS operating systems, and many of them are available free of charge.

For most of us, there is no need to encrypt every file on the computer. In fact, I encrypt only a small number of files. I don’t care if someone is able to find and copy my chili recipe or the schedule for my next airline trip. However, there are a few files that I do not wish to share with others: the list of my credit card numbers, my checking account information, the list of passwords that are too long to memorize, and similar, sensitive data. I have perhaps two or three dozen such files that I wish to keep private. Those are the only files that I encrypt.

I encrypt those files on my home computer’s hard drive, and I make sure that no plain text copy exists anywhere. Even that one copy on my hard drive is encrypted. The reason is two-fold: encrypting files on my local hard drive provides protection from babysitters, tradesmen, and that shady brother-in-law that I never quite trusted. In addition, a file that is already encrypted can be copied to any media—including flash drives, online backup services, or to the cloud—all without concern for security. If the file is properly encrypted, it will remain encrypted when copied elsewhere.

What happens if a hacker later obtains a copy of my encrypted file? Nothing.

However, any time I want to view the file, I can enter the encryption key and see the original contents. There are three caveats, however:

1. To later read the encrypted file on a different computer, that computer must have the same encryption program or a compatible one. That is, if I encrypted the file with program XYZ, I must later use program XYZ or a program that is compatible with XYZ to decrypt the data and display it on the screen. However, there are a few programs that will create self-extracting encrypted files; those files can be opened on the receiving computer with no encryption software.

2. I can never, ever forget the encryption key. (A key is somewhat like a password. Actually, keys and passwords are not the same thing, but they are used in a similar manner.) If the original encryption key gets lost, the encrypted file becomes useless. There is no recovery method, and you will never read the information in that file.

3. The encryption key now becomes the most sensitive piece of information of all. I need to protect that encryption key from outsiders.

NOTE: Public and private key encryption is a method that avoids some of the issues with keeping some keys private. However, it also adds some new complications that are equally complex, if not more so. I will skip over a discussion of public and private key encryption as that is an advanced topic that is beyond the scope of this article, and also because most private individuals have little need for a complex system simply to restrict access to a few files. If you have an interest in public-key cryptography, you can read several detailed articles about its inner workings on the World Wide Web. You might start at http://en.wikipedia.org/wiki/Public-key_cryptography.

A quick search online will produce information about dozens of available encryption programs. Luckily, many of them are available free of charge. I haven’t had a chance to try all of these, but all of the following enjoy a good reputation.

Windows

BitLocker is Microsoft’s easy-to-use, proprietary encryption program for Windows that can encrypt your entire drive as well as help protect against unauthorized changes to your system such as firmware-level malware. As the phrase “drive encryption” in the title suggests, it is not designed to encrypt individual files to later be saved elsewhere; however, it will stop anyone who enters your home and tries to snoop on your computer.

BitLocker is available to anyone who has a machine running Windows Vista or 7 Ultimate, Windows Vista or 7 Enterprise, Windows 8.1 Pro, Windows 8.1 Enterprise, or Windows 10 Pro. For some reason, Microsoft does not include BitLocker on the hiome versions of Windows.

VeraCrypt is a free encryption program for Windows, macOS, and Linux. VeraCrypt is one of the most popular security tools, providing you with enterprise-grade encryption for important data.

The system is quite easy to use, and all it really does is add encrypted passwords to your data and partitions. All you have to do is give the tool a few details about your data, such as volume size, location and specified hashing algorithms – and then the program does its thing. VeraCrypt may be found at https://www.veracrypt.fr/en/.

AxCrypt is a free personal privacy and security program with 128-bit encryption and compression for Windows. It integrates seamlessly with Windows to compress, encrypt, decrypt, store, send, and work with individual files. AxCrypt is available free of charge at: https://www.axcrypt.net.

CryptoExpert 8 for Windows offers secure data vaults for all your data, ensuring it’s always protected from potential breaches. The best thing about CryptoExpert 8 is that it can secure vaults of unlimited size, and it uses Blowfish, Cast, 3DES and AES-256 encryption algorithms. The latter are highly effective and industry-acclaimed. It’ll work with 32-bit and 64-bit versions of Windows 7, 8 and 10. CryptoExpert 8 may be found at: http://www.cryptoexpert.com.

NOTE: WinZIP, PKZIP, and some other compression programs include an option to encrypt files. With one exception, these programs do not use heavy-duty encryption algorithms. That is, they can be broken by knowledgeable users. The encryption used might be good enough to fool the non-technical babysitter, but I would not trust these simple programs for protecting any important information from sophisticated hackers, such as the NSA.

The one exception is 7-ZIP, an excellent compression program available for Windows. 7-ZIP offers AES-256 encryption, a state-of-the-art encryption method that will even lock out the KGB. 7-ZIP will create and decode ZIP files as well as many other formats. It will also create self-extracting files when used with its 7z file format. Best of all is the price tag: free. More information may be found at http://www.7-zip.org.

Encryption for Mobile Devices

You can find dozens of free encryption programs in the Google’s Play Store, the place to find Android apps, as well as in Apple’s iPhone and iPad App Store. New programs appear frequently. However, one that has been arohund for a while and has a good reputation is:

Folder Lock is available for Windows, Android, and Apple iOS devices. The app can protect your personal files, photos, videos, contacts, wallet cards, notes and audio recordings stored in your handset.

There are some other hidden security features, too. Not only is there encryption, but you can also set a decoy password, hacker deterrents, log unauthorized login attempts, back up all your passwords and get notified on potential brute-force attacks. The basic app is free to download, with a pro version available if you want more.

Encrypt an Entire Flash Drive or Removable Drive

Most encryption programs will encrypt one file at a time. However, several will encrypt entire removable drives, such as flash drives. Be aware, however, that encrypting an entire disk drive does not protect the individual files after they are copied to another drive, to the cloud, or sent as attached files in email messages. You will still need one of the single-file encryption programs to secure files being transferred elsewhere. Encrypting an entire drive will only protect files while they are stored on that drive. The following are popular products for encrypting an entire removable drive:

VeraCrypt, already described earlier, can create a virtual encrypted disk inside a file and mount it as a real disk. It can also encrypt an entire partition and start an operating system from inside the encrypted partition. You can even create a hidden encrypted disk inside a regular virtual encrypted disk. VeraCrypt is also fully portable, meaning that you can run it directly off a USB drive without installing it. VeraCrypt is my favorite program for protecting an entire hard drive or flash drive on Windows. It is available free of charge at https://www.veracrypt.fr/en.

Macintosh

FileVault is free software for Macintosh from Apple that provides an excellent method of encrypting files on one computer. It scrambles the data in your home folder; however, it is not designed to encrypt single files to make them available for sending to other computers. You can find an excellent article by Glenn Fleishman describing FileVault at http://bit.ly/2yOXzJj. A more technical article may be found on Apple’s support web site at: https://support.apple.com/en-us/HT204837.

VeraCrypt is a free encryption program for Windows, macOS, and Linux. VeraCrypt is one of the most popular security tools, providing you with enterprise-grade encryption for important data.

The system is quite easy to use, and all it really does is add encrypted passwords to your data and partitions. All you have to do is give the tool a few details about your data, such as volume size, location and specified hashing algorithms – and then the program does its thing. VeraCrypt may be found at https://www.veracrypt.fr/en.

Summation

NOTE: Many of the above programs will created encrypted versions of a file but will leave the original file on your computer’s hard drive as well. This may or may not be a good thing, depending upon the security of access to your computer. Make sure you know what your program is doing.

With a bit of planning and a few seconds of time, you can keep your most sensitive information free from prying eyes. You can do so by using the same techniques used by the NSA, the military, by banks, and by drug dealers. Many of these programs are available free of charge and are very easy to use. I would suggest you stop exposing your personal information, wherever that information may be stored.

One thought on “How You Can Protect Your Secrets with Encryption

  1. I use protectedtext.com to keep my password. I keep the user name and url separate so even if someone accesses it, no one can tell what they are for.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s