How data is encrypted. Comparison of Desktop Encryption Software

07.05.2019 Interesting

When Edward Snowden set about exposing the secrets of the data collection programs launched by intelligence agencies around the world, he had a goal: to prevent such captures in the future.

On the this moment there is no feeling that Snowden achieved his goal. Only in early December, the FBI received broad powers to spy on computers located across the ocean, including in Russia. Many politicians in the United States are unanimous in their opinion: during the Trump presidency, such organizations will receive even more rights.

The United Kingdom has already taken such measures: here, the secret services received legal grounds on a large-scale collection of information on the principle of Full Take. For Snowden, this means "the most powerful surveillance in the history of Western democracy." And he is not alone in his views. The EU data protection officer also sees the current situation as “not just dangerous”.

"For every attack there is a method
protection"

Edward Snowden, whistleblower
According to Snowden, it is wiser to disclose
as little personal information as possible

Supporters of surveillance present the principle “I have nothing to hide” as an argument. The catch is that if secret services can dig into your personal data and contacts without any restrictions, there is always a risk of abuse and errors.

For example, Germany has one of the world's best data protection laws, but even there data is at risk due to a new law regarding the activities of the Federal Intelligence Service (BND).

If you store your information in the cloud, in most cases it falls under the jurisdiction of other countries. However, even in such a situation, it can be reliably protected. The method already suggested by Snowden is encryption. Why only individual users are still doing this is easily explained - comfort is reduced.

But with our tips, you won't have to choose between security and convenience. We'll show you how to thoroughly encrypt your data on your local computer, smartphone, and in the cloud. We pay special attention to ease of setup and optimal "cohesion" with the respective operating system.

Thanks to this, you will not only hide confidential information from the eyes of the secret services, but also prevent hacker attacks, because even if the intelligence services cannot decrypt your data, then hackers even more so.

Data protection on PC

Let's start with Windows. Information on home computer best protected by encrypting everything hard drive. However, on older machines with poor performance it makes sense to encode each folder separately. Below we describe each of the methods.

Applying hardware encryption

Encrypt modern hard drives easier than you might think as they offer own methodology coding. To do this, they use Opal SSC (Opal Security Subsystem Class). This standard allows you to encrypt the drive directly on the media controller. Thus, the operating system remains unaffected.

Crypto algorithms for file encryption
> AES (Advanced Encryption Standard)
Successor to DES. A key with a length of 192 or more characters, for example, AES-192, is considered reliable
> DES (Data Encryption Standard)
Joint development by IBM and the US NSA. Should only be used latest versions, such as 3DES and Tripple-DES.
>twofish
Is in free access as a public domain key. Among experts it is considered reliable and not noticed in the presence of loopholes.

To see if your drive supports Opal technology, see technical description product on the manufacturer's website. There you will also find the tools to activate this feature. In the case of Samsung, for example, this is the Magician program. After activation, the hard drive will ask you to enter the specified password before starting the OS.

Two points should be noted Special attention: Do not use additional encryption in parallel - for example, through the BitLocker tool in Windows. Often this causes problems: many users have even reported data loss.

In addition, you should disable encryption before dismantling the hard drive, since the decoding software will only run if the hard drive is acting as bootable media with the operating system. At the same time, if you connect such a drive to another computer via USB, the disk will appear completely empty.

Disk encryption with third-party software

Windows 10 also offers its own software for hard encryption drives - BitLocker. However, it is only available for the Professional and Enterprise versions. Owners of the "Home" version can use as a free option VeraCrypt program(veracrypt.codeplex.com).

After launching VeraCrypt, select the option "Encrypt the system partition or entire system drive". In the window that appears, click on "Normal" and then on "Encrypt the whole drive". Thanks to this, all data on the system and all other partitions will subsequently be encrypted.

A pop-up window will ask if VeraCrypt should also encode hidden sections. As a rule, it should be answered with "Yes". However, keep in mind that in this case, the utility will also encrypt the recovery partition, if one exists. This section is used by some enterprises to start the download process.

In the last dialog, create rescue disk- VeraCrypt will suggest this automatically.

Encryption of individual folders

On slow and old computers, it is still worth abandoning full encryption. We strongly recommend creating a so-called container for such cases.

At the same time, it appears virtual disk, where confidential information is stored. It is automatically encrypted and placed in a file on your hard drive.

And in this situation, you can use the VeraCrypt program. In the encryption settings window, click on the "Create an encrypted file container" option and follow the wizard's instructions.

Encrypted USB stick

Every year, Russians purchase hundreds of thousands of rubles worth of USB drives. These miniature media are very convenient to use, but they get lost incredibly quickly.

If you store confidential information on them, the person who discovered your flash drive can read it without any problems. able to fix the situation encoded by AES standard drives.

> Inexpensive to create such a drive will help encrypting a regular flash drive with VeraCrypt. Problem: every computer where you connect it must have this software.
> The most reliable- those in which encryption is integrated by default, including DataTraveler2000 from Kingston. However, such devices are more expensive than usual by as much as 6400 rubles. Data access is opened only after entering the password on the keyboard built into the device.
> Maximum comfort offers . This drive has a built-in fingerprint scanner. A flash drive encrypted with a strong AES key is recognized by the system only after successful authentication. Of course, such super technology cannot be cheap. For one hundred percent data protection, you will have to pay about 18,000 rubles.

A photo: manufacturing companies, vchalup, tashatuvango, Scanrail, Oleksandr Delyk, 2nix/Fotolia.com

The principle of encryption (cryptography) is that information is placed in a container and can be retrieved from this container only after presenting the password. Typically, the container is a file, although sometimes encryption methods are applied at the level of the entire partition or physical disk. The purpose of encryption is to hide the data from everyone except the person who knows the password.

For example, a disk or an entire computer can be seized or stolen, but you need to keep the entire contents of the disk or individual files On him. The simplest example encryption is given by archiving programs. All of them can protect created archives passwords. The resistance of encrypted archives to hacking is quite high. Although there are special utilities for selecting passwords for protected archives, they do this mainly by brute-force selection. If the password has a length of 8 or more characters, consists of characters of two alphabets and numbers, the search takes an extremely long time. Because of this, the practical meaning of the selection is lost - hardly anyone is interested in getting the result in a few years continuous work computer!

From the user's point of view, encryption by means of the archiver is elementary. For example, in the 7-Zip program in the dialog box for adding files in the group Encryption just set a password. When opening the created archive, you will need to specify the same password, otherwise you will not be able to extract and view the files. If the checkbox was checked Encrypt filenames, then without entering a password it is impossible to see even the names of files and folders in the archive.

Other archivers, such as WinZip or WinRAR, encrypt information in a similar way. Usually for safe storage files, including on removable media, it is enough to encrypt the files using the archiver program installed on the computer. There is a program on the computer - so we will use all its capabilities!

Windows 7 has native cryptography built in. They are easy to use, reliable, but only a few users remember the existence of such tools. Full Support file system EFS, as well as technologies bitlocker(for encrypting internal drives) and BitLocker To Go(for removable media) is provided only in the "senior" editions of Windows 7 (Professional and Ultimate). Users of other editions can only encrypt folders using EFS technology. This technology is implemented "on top" of the file NTFS systems and prevents unauthorized access to the contents of files and folders.

To encrypt a folder, open its properties dialog box (command Properties in the context menu) and on the tab General press the button Additionally. In the child window that opens, check the box Encrypt content to protect data. Click the button OK in both dialog boxes.

During this operation, an encryption certificate is created and stored on the local computer. Files in an encrypted folder can be opened on this computer without any restrictions. If you try to open files on another computer (via the network, or by rearranging the hard drive), access to them will be denied.

bitlocker- a means of encrypting entire disk partitions. For example, to encrypt removable drive, right-click on its icon and select the command from the context menu Enable BitLocker.... The system will prompt you to set a password, save the recovery key to a file or print it, and then encrypt the contents of the disk. Depending on the amount of data and the performance of your computer, the procedure may take a significant amount of time.

In addition to those named, a number of programs are used to encrypt files and disks. For example, this free apps, DiskCryptor, FreeOTFE, BestCrypt proprietary programs, PGP Desktop family, etc.

Due to the technologies themselves, recovering data in case of damage to an encrypted disk is quite difficult, and sometimes even impossible in principle. In addition, encryption slows down access to files, because rather complex algorithms are calculated each time. Therefore encrypt system disk computer, and other media, should be only if necessary! First decide if they have any real secret information that needs tough protection? If the answer is yes, detailed instructions on using EFS and BitLocker, see help system Windows.

A special place in cryptography is occupied by the so-called asymmetric encryption. It is based on original mathematical principles, which scientists came to only in the second half of the 20th century. The idea behind asymmetric encryption is that anyone can encrypt a file, but only the owner of the private key can decrypt it. To do this, the recipient of the file must first generate two related keys - "open", public (public key) and "closed", secret (secret key). The public key is only for encryption, while the private key is for decryption. If we draw a mechanical analogy, then the lock can only be locked with a public key, but it is impossible for them to open the lock back: for this you need private key which the owner keeps in a safe place.

First, asymmetric encryption was used when sending files via e-mail. Both the sender and the recipient are sure that no one else will be able to read the encrypted message. Even theoretically, it is impossible to recreate a private key from a public key, and without it, decryption is impossible: this is the main "trick" of the technology. Therefore, the public key is no secret - it can even be posted on the site, etc. The main thing is that the secret key does not fall into the wrong hands, but its safety is quite easy to ensure!

the most famous software implementation such encryption was the PGP project, on the basis of which almost all programs of strong cryptography were developed. Currently, the direct successor of the project is PGP Desktop. After the acquisition of rights by Symantec, the program became paid. However, there are many free alternatives, some of which are listed earlier in this article.

Subsequently, this idea has found application in a variety of areas: from cellular communication to secure user authentication. In particular, most of the "client-bank" systems are built on pairs of linked keys. The bank certifies the identity of the client. The client, in turn, makes sure that he is communicating with the bank, and not with some kind of "dummy" node.

Data encryption is a method of hiding the original meaning of a document or message, which provides a distortion of its original form. In simple words This method is also called coding, since with the help of special programs or manually your text is translated into incomprehensible to stranger the code. The procedure itself depends on the sequence of change. Such a sequence is usually called an algorithm.

Data encryption is referred to as cryptography. This science is carefully studied by the world's intelligence organizations, and every day new cryptographic algorithms are unraveled and created.

Encryption methods were known in antiquity, when Roman military leaders transmitted with messengers important letters in encrypted form. Algorithms then were primitive, but successfully confused enemies.

Unlike those times, we are not military leaders, but we have enemies. They are scammers who are eager to get data that is important to us. That's what they should be protected in any way.

The flash drive has become the most popular storage of information today. Even huge corporations transfer important, confidential data on this kind of media. The demand for flash drives led scientists to the issue of protecting data on them. To do this, programs were invented that encrypt information on the media using a secret key known only to the real owner. Such data encryption on a flash drive is very reliable and will help protect important information from prying eyes.

Experts consider TrueCrypt to be the most popular data encryption program. It was created on the basis of E4M (Encryption for the Masses), the first version of which was released back in 1997. The author is the Frenchman Paul Rocks. Today, the program is used by millions of people and many businesses to encrypt data.

In addition to protecting information on flash media, many are also interested in encrypting data on the disk. After all, people often want to “hide” some documents from prying eyes. Requests in search engines confirm this, so many companies began to develop special programs. Today there are many various programs involved in data encryption. They use various cryptographic algorithms, the most famous being DES, AES, Brute Force and others.

Data encryption helps not only to protect information, it also acts as a “compressor”. Many archivers save disk space using encryption. For example, the well-known WinRAR uses AES with a key length of 128. Many users store data on their computer only in archived form, and each archive is protected with a password. This guarantees them not only more free space, but also protecting important data from fraudsters.

With the development of the Internet, it is not difficult for a well-trained hacker to break into an unprotected computer and get the information he needs. Therefore, experts recommend encrypting all important data for you.

The problem of theft of personal data has quietly turned into a scourge of civilization. Information about the user is pulled by all and sundry: someone having previously asked for consent ( social networks, operating systems, computer and mobile applications), others without permission or demand (intruders of all kinds and entrepreneurs who derive any benefit from information about specific person). In any case, there is little pleasant and there is always a risk that, along with harmless information, something will fall into the wrong hands that can harm you personally or your employer: official documents, private or business correspondence family photos...

But how to prevent leaks? A tinfoil hat will not help here, although this is undoubtedly a beautiful solution. But total data encryption will help: by intercepting or stealing encrypted files, the spy will not understand anything in them. You can do this by protecting all your digital activity with the help of strong cryptography (strong ciphers are called ciphers, which, with existing computer power, will take time to break, according to at least longer human lifespan). Here are 6 practical recipes that will help you solve this problem.

Encrypt your web browser activity. The global network is designed in such a way that your request even to closely located sites (such as yandex.ru) passes on its way through many computers (“nodes”) that relay it back and forth. You can see an approximate list of them by typing in command line tracert command Website address. The first in such a list will be your Internet provider or the owner of the point WiFi access through which you connected to the Internet. Then some more intermediate nodes, and only at the very end is the server on which the site you need is stored. And if your connection is not encrypted, that is, it is conducted according to the usual HTTP protocol, everyone who is between you and the site will be able to intercept and analyze the transmitted data.

So do simple thing: append to "http" in address bar the "s" symbol so that the site address begins with "https://". This way you enable traffic encryption (the so-called SSL / TLS security layer). If the site supports HTTPS, it will allow it. And in order not to suffer every time, install a browser plugin: it will forcefully try to enable encryption on every site you visit.

Flaws: the eavesdropper will not be able to know the meaning of the transmitted and received data, but he will know that you visited a particular site.

Encrypt your email. Letters sent by e-mail also go through intermediaries before reaching the addressee. By encrypting, you will prevent the spy from understanding their contents. However, the technical solution here is more complex: you need to apply additional program for encryption and decryption. The classic solution, which has not lost its relevance so far, will be the OpenPGP package or its free counterpart GPG, or a browser plug-in that supports the same encryption standards (for example, Mailvelope).

Before starting a correspondence, you generate a so-called public crypto key, which can be used to “close” (encrypt) letters addressed to you, your recipients. In turn, each of your recipients must also generate their own key: with the help of other people's keys, you can “close” letters for their owners. In order not to get confused with the keys, it is better to use the aforementioned browser plugin. A letter "closed" by a crypto key turns into a set of meaningless characters - and only the owner of the key can "open" it (decrypt it).

Flaws: when starting a correspondence, you must exchange keys with your correspondents. Try to ensure that no one can intercept and change the key: pass it from hand to hand, or publish it on public server for keys. Otherwise, by replacing your key with your own, the spy will be able to deceive your correspondents and be aware of your correspondence (the so-called man in the middle attack).

Encrypt instant messages. The easiest way is to use instant messengers that already know how to encrypt correspondence: Telegram, WhatsApp, facebook messenger, Signal Private Messenger, Google Allo, Gliph, etc. In this case, you are protected from prying eyes from outside: if a random person intercepts the messages, he will see only a hodgepodge of characters. But this will not protect you from the curiosity of the company that owns the messenger: companies, as a rule, have keys that allow you to read your correspondence - and not only do they like to do it themselves, they will hand them over to law enforcement agencies on demand.

Therefore, the best solution would be to use some popular free (open source) messenger with a plug-in for on-the-fly encryption (such a plug-in is often called “OTR”: off the record - preventing recording). good choice will be Pidgin .

Flaws: as in the case of email, you are not guaranteed against a man-in-the-middle attack.

Encrypt documents in the cloud. If you use "cloud" storage like Google Drive, Dropbox, OneDrive, iCloud, your files can be stolen by someone who peeps (or picks up) your password, or if some kind of vulnerability is found in the service itself. Therefore, before you put anything in the "cloud", encrypt it. It is easiest and most convenient to implement such a scheme with the help of a utility that creates a folder on the computer - documents placed where are automatically encrypted and forwarded to the "cloud" disk. Such is, for example, Boxcryptor. It is a little less convenient to use applications like TrueCrypt for the same purpose - they create an entire encrypted volume hosted in the "cloud".

Flaws: none.

Encrypt all (not just browser) traffic from your computer. It can come in handy if you are forced to use an unverified open Internet connection - for example, unencrypted Wi-Fi in a public place. Here it is worth using a VPN: somewhat simplifying, this is an encrypted channel stretched from you to the VPN provider. On the provider's server, the traffic is decrypted and sent further to its destination. VPN providers are both free (VPNbook.com, Freevpn.com, CyberGhostVPN.com) and paid ones - differing in access speed, session time, etc. The big bonus of such a connection is that to the whole world you appear to be going online with VPN servers and not from your computer. Therefore, if the VPN provider is outside Russian Federation, you will have access to sites blocked within the Russian Federation.

The same result can be achieved if you install TOR on your computer - with the only difference that in this case there is no provider: you will access the Internet through random nodes belonging to other members of this network, that is, persons or organizations unknown to you.

Flaws: remember that your traffic is decrypted at the exit node, i.e. the server of the VPN provider or the computer of a random TOR participant. Therefore, if their owners wish, they will be able to analyze your traffic: try to intercept passwords, extract valuable information from correspondence, etc. Therefore, when using VPN or TOR, combine them with other encryption tools. In addition, setting up TOR correctly is not an easy task. If you have no experience, it is better to use turnkey solution: TOR kit+ Firefox browser (in this case, only browser traffic will be encrypted) or Tails Linux distribution (working from a CD or flash drive), where all traffic is already configured to be routed through TOR.

Encrypt flash drives removable media data, mobile devices. You can also add encryption of the hard drive on a working computer, but at least you don’t risk losing it - the likelihood of which is always present in the case of portable drives. To encrypt not a single document, but an entire disk at once, use BitLocker (built into MS Windows), FileVault (built into OS X), DiskCryptor, 7-Zip and the like. Such programs work "transparently", that is, you will not notice them: files are encrypted and decrypted automatically, "on the fly". However, an attacker who gets into the hands of a flash drive closed with their help, for example, will not be able to extract anything from it.

As for smartphones and tablets, it is better to use the built-in functionality for full encryption operating system. On Android devices, look in "Settings -> Security", on iOS devices in "Settings -> Password".

Flaws: since all data is now stored in encrypted form, the processor has to decrypt it when reading and encrypt it when writing, which, of course, wastes time and energy. Therefore, the drop in performance can be noticeable. How much will your work actually slow down? digital device depends on its characteristics. AT general case more modern and top models will perform better.

This is a list of actions to take if you are concerned about the possible leakage of files into the wrong hands. But apart from that, there are a few more general considerations that should also be kept in mind:

A free privacy app is usually more secure than a proprietary one. Free is something whose source code is published under free license(GNU GPL, BSD, etc.) and can be modified by anyone. Proprietary - such, the exclusive rights to which belong to any one company or developer; the source code of such programs is usually not published.

Encryption involves the use of passwords, so make sure your password is correct: long, random, varied.

Many office applications (text editors, spreadsheets etc.) are able to encrypt their documents on their own. However, the strength of the ciphers used by them is usually low. Therefore, for protection, it is better to prefer one of the universal solutions listed above.

For tasks that require anonymity/privacy, it is more convenient to keep a separate browser set to "paranoid" mode (like the aforementioned Firefox + TOR bundle).

Javascript, often used on the Web, is a real find for a spy. Therefore, if you have something to hide, it is better to block Javascript in your browser settings. Also unconditionally block ads (install any plugin that implements this function, for example, AdBlockPlus): under the guise of banners in recent times often send out malicious code.

If the notorious “Yarovaya law” nevertheless comes into force (according to the plan, this should happen on July 1, 2018), spare keys for all ciphers in Russia will have to be transferred to the state, otherwise the cipher will not be certified. And for using uncertified encryption, even ordinary smartphone owners can be fined in the amount of 3 thousand rubles with confiscation of the digital device.

P.S. This article uses a photograph by Christiaan Colen .

If you liked the article - recommend it to your friends, acquaintances or colleagues related to the municipal or public service. We think that it will be both useful and pleasant for them.
When reprinting materials, a link to the source is required.

Encryption is the process of encoding information in such a way that it cannot be accessed by other people unless they have the necessary decryption key. Encryption is usually used to protect important documents, but this is also good way stop people who are trying to steal your personal data.

Why use categories? In order to break down a huge variety of information encryption programs into simpler and more understandable sets of programs, i.e. structure. This article is limited to a set of utilities for encrypting files and folders.

File and folder encryption utilities - these utilities are discussed in this article. These encryption utilities work directly with files and folders, unlike utilities that encrypt and store files in volumes (archives, that is, in file containers). These encryption utilities can run on demand or on the fly.
Virtual Disk Encryption Utilities. Such utilities work by means of creating volumes (encrypted containers/archives), which are represented in the file system as virtual drives with their own letter, for example, "L:". These drives can contain both files and folders. The computer file system can read, write and create documents in real time, i.e. in open form. Such utilities work on the fly.
Full-drive encryption utilities - Encrypt all storage devices such as hard drives themselves, disk partitions and USB devices. Some of the utilities in this category can also encrypt the drive where the operating system is installed.
Client encryption utilities in the "cloud": new category encryption utilities. These file encryption utilities are used before uploading or syncing to the cloud. Files are encrypted during transmission and during storage in the "cloud". Cloud encryption utilities use various forms of virtualization to provide access to client-side source code. In this case, all work takes place in the "on the fly" mode.

Cautions

Operating systems are vicious: echoes of your personal data - swap files, temporary files, power-saving ("system sleep") files, deleted files, browser artifacts, etc. - are likely to remain on any computer you use to access data. it non-trivial task- highlight this echo of your personal data. If you need protection data hard disk during their movement or receipt from the outside, then this is enough difficult task. For example, when you create an encrypted file archive or unzip such an archive, then, respectively, the original versions of the files or copies original files from this archive remain on the hard drive. They may also remain in storage areas. temporary files(aka Temp folders etc.). And it turns out that the task of deleting these original versions becomes the task of not simply deleting these files using the "delete" command.

Just because an encryption program "works" does not mean that it is secure. New encryption utilities often appear after "someone" reads applied cryptography, chooses an algorithm, and gets down to development. Maybe even "someone" is using a verified open source code. Implements user interface. Make sure it works. And he thinks it's all over. But, it's not. Such a program is probably filled with fatal bugs. "Functionality does not mean quality, and no amount of beta testing will reveal security issues. Most products are beautiful word"observed". They use cryptography algorithms, but are not themselves secure." (Free translation) - Bruce Schneier, from Security Pitfalls in Cryptography. (original line: "Functionality does not equal quality, and no amount of beta testing will ever reveal a security flaw. too many products are merely buzzword compliant; they use secure cryptography, but they are not secure.").
The use of encryption is not sufficient to ensure the security of your data. There are many ways to get around protection, so if your data is "very secret", then you should also think about other ways to protect it. Like a "start" for additional searches article can be used risks of using cryptographic software .

Overview of File and Folder Encryption Programs

TrueCrypt was once the best program in this category. And it is still one of the best, but it no longer corresponds to this category, as it is based on work using virtual disks.

Most, if not all, of the programs described below expose the user to non-obvious threats, which are described above in point # 1 from the list of pwarnings . TrueCrypt, which is based on working with partitions rather than working with files and folders, does not expose users to this vulnerability.

Sophos Free Encryption- no longer available.

Quick Guide (Download File and Folder Encryption Software)

AxCrypt

		Integration with context menu Windows Explorer. AxCrypt makes it as easy to open, edit and save encrypted files as if you were working with unencrypted files. Use this product if you need to work with encrypted files frequently.
		The program uses Open Candy (installed with an optional third-party software). If you want, you can not install it, but then you need to register on the site.