When a phone or laptop is stolen, you understand that the worst thing is not depriving a physical object as such, although this is also depressing. The worst begins later, when you take a huge number of measures to eliminate the consequences. You call the phone company to block your SIM card, change passwords on all your accounts, sometimes even block credit cards. But all this is just the tip of the iceberg. Rusbase presents step by step instructions for those who have not yet encrypted their devices.
Coming up with complex pin codes and passwords, using any possible features to find a phone is a very good step to start if you want to reduce the number of forced consequences to a minimum. Today, it's better to fully encrypt the local drive where you have all your data if possible. Full disk or device encryption (that is, encrypting the entire device, not individual folders or user profiles) has not yet become a ubiquitous default feature, but most operating systems support it to some extent.
Why encrypt?
Even if you come up with a normal password to protect your user account, data security will be in question when someone decides to steal your device. In most computers, it is very easy to pull out the local disk and insert it into another system, or boot the computer with an external disk and copy information from a stolen disk to it. On almost all Android phones and devices, you can start the information recovery mode, and you can easily access files from user partitions by running process debugging tools. And even if you completely erased information from local disk, the recovery program will still be able to read the old files.
Encryption of the local data storage makes all of the above difficult, if not impossible. Those who try to access your information will need a key to attach the disk or at least read information from it. And if you erase everything from the local disk, the remaining information that is read by the recovery program will still be encrypted, even if you did not encode the new information on the disk.
There are several downsides to this. If you yourself lose the key, or if, for example, your disk breaks, then it will be more difficult, if at all, to recover the data. Encryption slows down devices without built-in processors, the hardware of which speeds up work when encrypting and decrypting data. In general, the benefits outweigh the drawbacks, and the experience on modern devices slows down to an acceptable level.
iOS: nothing to worry about
Concerning iOS devices 8, once you set the passcode, your personal data is encrypted. The Security White Paper (PDF) for iOS 8.3 and later states that “Information from core apps like Messages, Mail, Calendar, Contacts, Photos, Health is protected by default. Other apps installed on iOS 7 or later versions receive such protection automatically.
The company also claims that any modern apple device includes "a robust AES 256 algorithm embedded in DMA, a device for accessing shared memory flash storage systems and memory. Thanks to him, encryption practically does not affect the speed of the system.
Source: gifbase.com
OSX: File storageFirevault
Starting with OS X 10.7 (Lion) in 2011, Apple began supporting full-disk encryption with FireVault 2. In later versions of OS X, some MacBooks offered to encrypt data when you first installed the program, but encryption did not become a default feature, as in iOS .
To encrypt your drive after the fact, go to the Security & Privacy panel (Protection and Security) in the System Preferences section ( System settings) and open the FileVault tab. Click the Turn On FileVault start button. You will be offered two options to choose from: remember or save the password somewhere to unlock the disk, or save it in your iCloud account. When restoring local data, other companies will not see your password, however, if you yourself lose or forget it, the system will block you too. If you save your password on iCloud (or even if you don't, then be aware), we strongly recommend that you set up two-factor authentication for your Apple ID.
Disk encryption doesn't change much how OS X works. It's just worth setting a password to unlock the disk before the operating system boots, not after. In addition, it is necessary to clarify under which logins local users can unlock the drive. Otherwise, it will be possible to turn on the machine only from the account that launched FireVault. If you ever need to decrypt your Mac, the task will be easier when you enter your login into the computer or use the available key.
Android
Despite the company's past promises, the new devices still don't have encryption by default. Beyond devices Google Nexus- only rare companies, and more often none, decide to equip smartphones with such a function.
On relatively recent Android versions It is quite easy to encrypt data. These steps can be completed on Nexus or similar Android devices.
Open the Setting app section, go to Security, enter "encrypt phone" to start the process. The phone may ask you to connect or charge the battery before encryption starts, because interrupting this process can corrupt or erase your data storage partition. You will then need to secure your phone with a pin, pattern, or password if you haven't done so already. As with OS X, these steps must be completed before the operating system starts.
To confirm the encryption of the phone, go to the Settings section, then to the Security tab. There, look for the small Encrypted icon in the Encrypt phone menu. If the phone says that it is already encrypted, then most likely you have the latest version of the device with the encryption sewn in.
If you need to decrypt the device, you won't be able to do it without complete removal data and reboot the phone. If your phone was already encrypted initially, then it will also not be possible to decrypt it without additional changes and software extensions.
In the new line of Android Marshmallow, phones have external data storage, which allows you to encrypt and protect information both on external storage media and on internal ones.
Source: campuswhizzin.com
Chrome OS: nothing to worry about
Chromebooks and Chrome nettops are encrypted by default from the start. As stated in the Chromium design documentation, operating system Chrome uses file system eCrypts, where each user's directory is protected with a separate encrypted key. As long as you don't switch to Developer Mode , you don't have to worry about anything.
linux
Due to the wide variety of Linux products, it becomes difficult to recommend any one tool, script, or algorithm of actions to encrypt your device.
If you are running the latest version of Ubuntu or Ubuntu-based programs, the operating system will prompt you to encrypt your data during installation. All you need to do is download the updates. For everything else, check out this list of encryption software.
Windows Phone 8.1
Phone 8.1 is weird; it supports data encryption only if some device management server ordered them to be automatically encrypted. For ordinary users there is no option to encrypt your devices on demand.
A user-friendly BitLocker encryption program should be available at Windows phone 10, an update that would do well to run on latest smartphones on Windows 8.1.
Windows
A very complex operating system that functions due to huge amount iron, like none of the other OSs mentioned here, so the encryption of its data becomes more complicated. We will focus on the built-in tools that are in the latest versions of Windows, but if they do not work, then here is a list additional programs encryption at your service.
The chance that you are using Windows encrypted by default is very small. At least if your software and Hardware fit together as they should. This applies to Windows 8.1 or Windows 10 computer users who have registered with Microsoft system or in the Active directory of accounts whose hardware complies with the following requirements:
- - Secure Boot support
- - TPM (Trusted Platform Module). Encryption requires TPM 2.0, and on recent devices TPM 1.2.
- - Firmware or hardware support with Windows feature InstantGo (connected standby). It allows the system to periodically wake up from sleep mode and update certain information, such as messages from Email and calendar events. Any smartphone has a similar function.
- - InstantGo comes with its own set of hardware requirements, including hard boot volume, support for NDIS 6.30 for any network interfaces, soldered to the main board.
This encryption method became famous due to its use in some Windows systems R.T. Its advantages are that it is automated and accessible to anyone. Windows versions, including home versions. The bad news is that the hardware requirements for encryption are strong enough that you can't just add them to the computer you buy. And the account requirements can completely drive you crazy if you no longer want to use it.
If you want to encrypt data, but the requirements do not allow, then best solution will be BitLocker. It's not as strict and works best if your computer has a TPM. It will require one of latest versions Windows. This program is available for Windows users 10 from Pro, Enterprise, Education versions. Windows 8.x also has Pro and Enterprise versions, but for Windows 7 and Windows Vista Ultimate and Enterprise editions required. The program is completely incompatible with the Home and Bing versions, since they are outdated and came out even before the Vista versions of Windows.
To run BitLocker on any compatible version of Windows, go to Control Panel, click BitBlocker Drive Encryption. If you have TPM, then you can save the data recovery key on an external drive or in your Microsoft account, click on the necessary windows and encrypt the laptop. You can choose to encrypt data at a space already used on the disk (leaving free place unencrypted) or encrypt the entire drive.
Most business laptops from the 2000s and the latest ultrabooks tend to have a TPM, although it was never a key Windows requirement. Usually in the section device manager(Device management) they have entry points to the module if you want to check if your computer has it or not.
With CyberSafe, you can encrypt more than just individual files. The program allows you to encrypt an entire partition hard drive or all external drive(for example, a USB disk or flash drive). This article will show you how to encrypt and hide an encrypted hard drive partition from prying eyes.
Spies, paranoids and regular users
Who will benefit from the ability to encrypt partitions? Spies and paranoids will be discarded immediately. There are not so many of the first ones, and the need for data encryption is purely professional. The second is just to encrypt something, hide it, etc. Although there is no real threat and the encrypted data is of no interest to anyone, they still encrypt it. That is why we are interested in ordinary users, which, I hope, will be more than paranoid spies.A typical partition encryption scenario is sharing computer. There are two options for using the CyberSafe program: either each of the users working on the computer creates a virtual disk, or each assigns a partition on the hard disk to store personal files and encrypts it. It has already been written about creating virtual disks, and in this article we will focus on encrypting the entire partition.
Let's say there is HDD 500 GB and there are three users who periodically work with the computer. Despite the fact that the NTFS file system still supports access rights and allows you to restrict one user's access to files of another user, its protection is not enough. After all, one of these three users will have administrator rights and will be able to access the files of the remaining two users.
That's why disk space The hard drive can be divided as follows:
- Approximately 200 GB is a common partition. This partition will also be the system partition. It will install the operating system, the program and will store shared files all three users.
- Three ~100 GB partitions - I think 100 GB is enough to store each user's personal files. Each of these sections will be encrypted, and only the user who encrypted this section will know the password for access to the encrypted section. In this case, the administrator, with all his desire, will not be able to decrypt the section of another user and gain access to his files. Yes, if desired, the administrator can format the partition and even delete it, but he will be able to gain access only if he tricks the user into deceiving his password. But I don't think this will happen, so partition encryption is a much more effective measure than NTFS access control.
Partition encryption vs virtual encrypted disks
Which is better - encrypt partitions or use virtual encrypted disks? Here everyone decides for himself, since each method has its own advantages and disadvantages. Partition encryption is as secure as virtual disk encryption and vice versa.What is a virtual disk? Look at it as an archive with a password and a compression level of 0. But the files inside this archive are encrypted much more securely than in a regular archive. The virtual disk is stored on the hard drive as a file. In the CyberSafe program, you need to open and mount a virtual disk, and then you can work with it like a regular disk.
The advantage of a virtual disk is that it can be easily copied to another hard drive or flash drive (if size allows). For example, you can create a 4 GB virtual disk (there are no restrictions on the size of a virtual disk, except for natural ones) and, if necessary, copy the virtual disk file to a USB flash drive or to external hard disk. You can't do this with an encrypted partition. You can also hide the virtual disk file.
Of course, if necessary, you can create an image of an encrypted disk - just in case you want to make it backup or move to another computer. But that's another story. If you have such a need, I recommend the Clonezilla program - already a reliable and proven solution. Transferring an encrypted partition to another computer is a more complicated undertaking than transferring a virtual disk. If there is such a need, then it is easier to use virtual disks.
In the case of partition encryption, the entire partition is physically encrypted. When mounting this partition, you will need to enter a password, after which you can work with the partition as usual, that is, read and write files.
Which way to choose? If you can afford to encrypt the partition, then you can choose this method. It is also better to encrypt the entire section if the size of your secret documents is quite large.
But there are situations when it is impossible to use the entire section or it makes no sense. For example, you have only one partition (drive C:) on your hard drive and for one reason or another (no rights, for example, because the computer is not yours) you cannot or do not want to change its layout, then you need to use virtual disks. It makes no sense to encrypt the entire partition if the size of the documents (files) that you need to encrypt is small - a few gigabytes. I think we figured it out, so it's time to talk about which partitions (disks) can be encrypted.
Supported disc types
You can encrypt the following media types:- Hard disk partitions formatted in FAT, FAT32 and NTFS file systems.
- Flash drives, external USB drives, with the exception of drives representing Cell phones, digital cameras and audio players.
- CD/DVD-RW discs, floppy disks
- Dynamic disks
- System drive (from which Windows boots)
Features of working with an encrypted disk
Let's imagine that you have already encrypted a hard disk partition. To work with files on an encrypted partition, you need to mount it. When mounting, the program will ask you for the password to the encrypted disk, which was specified during its encryption. After working with an encrypted disk, you must immediately unmount it, otherwise the files will remain available to users who have physical access to your computer.In other words, encryption only protects your files when the encrypted partition is unmounted. Once a partition is mounted, anyone with physical access to the computer can copy files from it to an unencrypted partition, USB drive, or external hard drive, and the files will not be encrypted. So when you're working with an encrypted drive, make it a habit to always unmount it every time you leave your computer, even for a little while! After you have unmounted the encrypted disk, your files will be under reliable protection.
As for performance, it will be lower when working with an encrypted partition. How much lower depends on the capabilities of your computer, but the system will still work and you just have to wait a little longer than usual (especially when you copy large files to the encrypted partition).
Getting ready for encryption
The first step is to get a UPS somewhere. If you have a laptop, everything is fine, but if you have a regular desktop computer and you want to encrypt a partition that already has files on it, the encryption will take some time. If during this time the power is turned off, then you are guaranteed data loss. Therefore, if a UPS capable of withstanding several hours battery life If you don't, I recommend doing the following:- Make a backup copy of your data, for example, on an external hard drive. Then you will have to get rid of this copy (preferably after deleting data from an unencrypted disk, wipe the free space with a utility like Piriform so that it is impossible to restore deleted files), because if it is present, it makes no sense to have an encrypted copy of the data.
- You will transfer the data to the encrypted disk from the copy after the disk is encrypted. Format the drive and encrypt it. Actually, you don't need to format it separately - CyberSafe will do it for you, but more on that later.
If you have a laptop and are ready to continue without creating a backup of your data (I would recommend doing it just in case), be sure to check the disk for errors, at least the standard Windows utility. Only after that you need to start encrypting the partition/disk.
Partition Encryption: Practice
So, theory without practice is meaningless, so let's start encrypting a partition / disk. Launch the CyberSafe program and go to the section Disk encryption, Encrypt partition(Fig. 1).
Rice. 1. List of partitions / disks of your computer
Select the partition you want to encrypt. If the button Create is inactive, the partition cannot be encrypted. For example, it could be system partition or dynamic disk. Also, you cannot encrypt multiple drives at the same time. If you need to encrypt several disks, then the encryption operation must be repeated one by one.
Click the button Create. Next window will open Kripo Disk(Fig. 2). In it you need to enter a password that will be used to decrypt the disk when it is mounted. When entering a password, check the character case (so that the Caps Lock key is not pressed) and the layout. If there is no one behind you, you can turn on the switch Show password.
Rice. 2. Crypto Disk
From the list Encryption type you need to choose an algorithm - AES or GOST. Both algorithms are reliable, but in government organizations it is customary to use only GOST. On your own computer or in a commercial organization, you are free to use any of the algorithms.
If there is information on the disk and you want to keep it, turn on the switch. Please note that in this case, the disk encryption time will increase significantly. On the other hand, if the encrypted files are, say, located on an external hard drive, then you still have to copy them to an encrypted drive to encrypt them, and copying with on-the-fly encryption will also take some time. If you haven't backed up your data, be sure to check the box to turn on the radio button Preserve file structure and data otherwise you will lose all your data.
Other options in the window Crypto Disk can be left as default. Namely, the entire available size of the device will be used and a quick format will be performed to the NTFS file system. Click the button to start encryption. To accept. The progress of the encryption process will be displayed in the main program window.
Rice. 3. Progress of the encryption process
After the disk is encrypted, you will see its status - encrypted, hidden(Fig. 4). This means that your drive has been encrypted and hidden - it will not show up in Explorer and other high-level file managers, but programs for working with the partition table will see it. No need to hope that since the disk is hidden, no one will find it. All hidden by the program disks will be displayed in the snap Disk Management(see Fig. 5) and other disk partitioning programs. Note that in this snap-in, the encrypted partition appears as a partition with a RAW file system, that is, no file system at all. This is normal - after encryption Windows partition cannot determine its type. However, hiding the partition is necessary for completely different reasons, and further you will understand why.
Rice. 4. Disk status: encrypted, hidden. Section E: Doesn't show up in File Explorer
Rice. 5. Snap Disk Management
Now let's mount the partition. Select it and click the button Restored to make the partition visible again (the disk state will be changed to just " encrypted"). Windows will see this partition, but since it cannot recognize the type of its file system, it will offer to format it (Fig. 6). You should never do this, because you will lose all data. That is why the program hides encrypted disks - after all, if not only you work at the computer, another user can format the allegedly unreadable partition of the disk.
Rice. 6. Suggestion to format the encrypted partition
From formatting, of course, we refuse and press the button Montirov. in the main window of the CyberSafe program. Next, you will need to select the drive letter through which you will access the encrypted partition (Fig. 7).
Rice. 7. Drive letter selection
After that, the program will ask you to enter the password needed to decrypt your data (Fig. 8). The decrypted partition (disk) will appear in the area Connected decrypted devices(Fig. 9).
Rice. 8. Password to decrypt partition
Rice. 9. Connected decrypted devices
After that, you can work with the decrypted disk as with a normal one. Only drive Z will be displayed in Explorer: - this is the letter I assigned to the decrypted drive. Encrypted Drive E: Will not be displayed.
Rice. 10. Explorer - view computer disks
Now you can open the mounted drive and copy all the secret files to it (just don't forget to delete them from the original source later and wipe the free space on it).
When you need to complete work with our section, then either click the button Dismantled. and then the button Hide or just close the CyberSafe window. As for me, it's easier to close the program window. Of course, you don't need to close the program window during the copy/move operation. Nothing terrible and irreparable will happen, just some of the files will not be copied to your encrypted disk.
About performance
It is clear that the performance of an encrypted disk will be lower than a normal one. But how much? On fig. 11 I copied my user profile folder (where there are many small files) from the C: drive to the encrypted Z: drive. The copy speed is shown in fig. 11 - approximately at the level of 1.3 MB / s. This means that 1 GB of small files will take approximately 787 seconds to copy, which is 13 minutes. If you copy the same folder to an unencrypted partition, then the speed will be approximately 1.9 MB / s (Fig. 12). At the end of the copy operation, the speed increased to 2.46 MB / s, but very few files were copied at this speed, so we believe that the speed was at the level of 1.9 MB / s, which is 30% faster. The same 1 GB of small files in our case will be copied in 538 seconds, or almost 9 minutes.
Rice. 11. The speed of copying small files from an unencrypted partition to an encrypted one
Rice. 12. Speed of copying small files between two unencrypted partitions
As for large files, you will not feel any difference. On fig. Figure 13 shows the speed of copying a large file (400 MB video file) from one unencrypted partition to another. As you can see, the speed was 11.6 MB/s. And in fig. Figure 14 shows the speed of copying the same file from a regular partition to an encrypted one, and it was 11.1 MB/s. The difference is small and is within the margin of error (still, the speed changes slightly during the copy operation). For the sake of interest, I'll tell you the speed of copying the same file from a USB flash drive (not USB 3.0) to a hard drive - about 8 MB / s (there is no screenshot, but trust me).
Rice. 13. Large file copy speed
Rice. 14. Speed of copying a large file to an encrypted partition
Such a test is not entirely accurate, but still allows you to get some idea of \u200b\u200bperformance.
That's all. I also recommend that you read the article
Data encryption is extremely important to protect privacy. In this article, I will talk about various types and encryption methods that are used to protect data today.
Did you know?
Back in Roman times, Julius Caesar used encryption to make letters and messages unreadable to the enemy. It played an important role as a military tactic, especially during wars.
As the possibilities of the Internet continue to grow, more and more of our businesses are being recruited online. Among these, the most important are Internet banking, online payment, e-mails, exchange of private and official messages, etc., which involve the exchange of confidential data and information. If this data falls into the wrong hands, it can harm not only the individual user, but the entire online system business.
To prevent this from happening, some online security measures have been put in place to protect the transmission of personal data. Chief among these are the processes of encrypting and decrypting data, which is known as cryptography. There are three main encryption methods used in most systems today: hashing, symmetric, and asymmetric encryption. In the following lines, I will talk about each of these types of encryption in more detail.
Encryption types
Symmetric encryption
In symmetric encryption, normal readable data, known as plain text, is encoded (encrypted) such that it becomes unreadable. This data scrambling is done using a key. Once the data is encrypted, it can be securely transferred to the receiver. At the recipient, the encrypted data is decoded using the same key that was used for encoding.
Thus it is clear that the key is the most important part of symmetric encryption. It should be hidden from outsiders, since anyone who has access to it will be able to decrypt private data. This is why this type of encryption is also known as a "secret key".
AT modern systems ah, the key is usually a string of data that comes from a strong password, or from a completely random source. It is fed into symmetric encryption software, which uses it to secure the input. Data scrambling is achieved using a symmetric encryption algorithm such as Data Encryption Standard (DES), Advanced Encryption Standard (AES), or International Data Encryption Algorithm (IDEA).
Restrictions
The weakest link in this type of encryption is the security of the key, both in terms of storage and transmission of the authenticated user. If a hacker is able to get his hands on this key, he can easily decrypt the encrypted data, destroying the whole point of the encryption.
Another drawback is due to the fact that software, which processes data cannot work with encrypted data. Therefore, to be able to use this software, the data must first be decoded. If the software itself is compromised, then an attacker can easily get the data.
Asymmetric encryption
An asymmetric encryption key works similarly to a symmetric key in that it uses a key to encrypt the messages being sent. However, instead of using the same key, it uses a completely different one to decrypt this message.
The key used for encryption is available to any and all network users. As such it is known as the "public" key. On the other hand, the key used for decryption is kept secret and is meant to be used privately by the user himself. Hence, it is known as the "private" key. Asymmetric encryption is also known as encryption with public key.
Since, with this method, the secret key needed to decrypt the message does not have to be transmitted every time, and it is usually known only to the user (receiver), the likelihood that a hacker will be able to decrypt the message is much lower.
Diffie-Hellman and RSA are examples of algorithms that use public key encryption.
Restrictions
Many hackers use "man in the middle" as a form of attack to bypass this type of encryption. In asymmetric encryption, you are given a public key that is used to secure exchange data with another person or service. However, hackers use deception networks to trick you into communicating with them while making you believe you are on a secure line.
To better understand this type of hacking, consider the two interacting parties Sasha and Natasha, and the hacker Sergei with the intention of intercepting their conversation. First, Sasha sends a message over the network meant for Natasha, asking for her public key. Sergei intercepts this message and obtains the public key associated with her and uses it to encrypt and send a fake message to Natasha containing his public key instead of Sasha's.
Natasha, thinking this message came from Sasha, now encrypts it with Sergey's public key and sends it back. This message was again intercepted by Sergey, decrypted, modified (if desired), encrypted again using the public key that Sasha had originally sent, and sent back to Sasha.
Thus, when Sasha receives this message, he has been led to believe that it came from Natasha and continues to be unaware of the foul play.
Hashing
The hashing technique uses an algorithm known as a hash function to generate a special string from the given data, known as a hash. This hash has the following properties:
- the same data always produces the same hash.
- it is not possible to generate raw data from a hash alone.
- It's not worth trying different combinations input to try to generate the same hash.
Thus, the main difference between hashing and the other two forms of data encryption is that once the data is encrypted (hashed), it cannot be retrieved in its original form (decrypted). This fact ensures that even if a hacker gets their hands on the hash, it will be useless to him, as he will not be able to decrypt the contents of the message.
Message Digest 5 (MD5) and Secure Hashing Algorithm (SHA) are two widely used hashing algorithms.
Restrictions
As previously mentioned, it is nearly impossible to decrypt data from a given hash. However, this is only true if strong hashing is implemented. In the case of a weak implementation of the hashing technique, using enough resources and brute force attacks, a persistent hacker can find data that matches the hash.
Combination of encryption methods
As discussed above, each of these three encryption methods suffers from some disadvantages. However, when a combination of these methods is used, they form a reliable and highly effective system encryption.
Most often, private and public key techniques are combined and used together. Method secret key allows fast decryption, while the public key method offers a safer and more convenient way to transmit the private key. This combination of methods is known as the "digital envelope". The PGP email encryption program is based on the "digital envelope" technique.
Hashing finds use as a means of checking the strength of a password. If the system stores the hash of the password instead of the password itself, it will be more secure, because even if this hash falls into the hands of a hacker, he will not be able to understand (read) it. During verification, the system will check the hash of the incoming password, and see if the result matches what is stored. This way, the actual password will only be visible in the brief moments when it needs to be changed or verified, greatly reducing the chance of it falling into the wrong hands.
Hashing is also used to authenticate data with a secret key. The hash is generated using the data and this key. Therefore, only the data and the hash are visible, and the key itself is not transmitted. This way, if changes are made to either the data or the hash, they will be easily detected.
In conclusion, these techniques can be used to efficiently encode data into an unreadable format that can ensure that it remains secure. Most modern systems typically use a combination of these encryption methods along with a strong implementation of algorithms to improve security. In addition to security, these systems also provide many additional benefits, such as verifying the user's identity and ensuring that the data received cannot be tampered with.
Encrypting files allows you to add another layer of protection, thereby guaranteeing that the file will only be read by its creator. If this object is opened by any other user, even those with administrative privileges, then a blank screen or a meaningless set of characters will appear in front of him. In other words, the encrypted data cannot be read unless you are logged into the system under your personal account. Let's consider the related issues in more detail.
Encrypting files and folders is a very convenient method of protection. But if both unencrypted and encrypted data are stored on the same drive, this can cause unpredictable results.
For Windows 7 users, there is a special tool called BitLocker. This application moves all information from the disk into one massive archive, which is later accessed in the same way as a virtual hard disk. If you access encrypted files in the operating system explorer, the process of encryption and decryption occurs in that is, you do not perceive it. The huge advantage of the BitLocker program is that it encrypts files (including system files), and this makes it difficult to crack the password, as well as into the system from the outside. If you are encrypting the entire disk, then there is no need to encrypt individual files.
To do this, you need to open the "Disk Encryption" page in the program - it is located on the control panel. If you see a message stating that TPM was not found, then you need to check if there is an appropriate one with TPM support for your computer.
The TPM is a microchip located on motherboard where is the key BitLocker encryption, which allows the computer to boot from the encrypted disk. If the BIOS does not support TPM at all, then a regular USB drive is quite capable of serving as such a microcircuit. The user is only required to mark the file as intended for encryption, and the operating system will perform the encryption and decryption operation in the background when the file is created or viewed. Sometimes this type of encryption brings surprises that are incompatible with maximum security.
File encryption is a feature that is simply not available in other file systems. This indicates that the copied encrypted file on USB disk or the CD will not be decrypted, because such devices simply do not support such a file system.
File encryption: sequence of actions
If we are talking about Windows 7, then there is a completely simple and logical sequence of user actions that allows you to get the desired result.
To get started, you need right click manipulator, click on the necessary files in the explorer, then select from context menu object properties. On the "General" tab, select the "Advanced" item. After these manipulations, in the window that opens, you should check the box "Encrypt contents to protect data." After clicking "OK" all changes will take effect.
Like any other action, this one assumes some specific ones. In this case, we are talking about the approach to the very process of obtaining encrypted files. With respect to such objects, it is appropriate to use keyed cryptography, as well as several other methods.
Key cryptography is an algorithm in which the key is known only to the sender and receiver. Symmetric encryption uses the same key for encryption and decryption. Asymmetric encryption involves the use of a public key for encryption and a private key for decryption.
Editor's Choice
File encryption programs
Encrypt everything!
Every time a scandal is leaked onto the internet about important documents being leaked somewhere, I ask myself why they weren't encrypted? Document protection should be everywhere, after all.
Encryption algorithms
The encryption algorithm is like a black box. A dump of a document, image, or other file that you upload to it, you get back. But what you see seems to be nonsense.
You can turn this gibberish back into a normal document through a window with the same password that you entered when encrypting. This is the only way you will get the original.
The US government has recognized the Advanced Encryption Standard (AES) as a standard, and all products that are compiled here support the AES encryption standard.
Even those who support other algorithms generally recommend using AES.
If you're an encryption expert, you might prefer another algorithm, Blowfish, and perhaps even the Soviet government's GOST algorithm.
But this is for fans of extreme entertainment. For the average user, AES is just a great solution.
Public key cryptography and exchange
Passwords are important and you should keep them private, right? Well, not when using the public key infrastructure (PKI) that is used in cryptography.
If I want to send you a secret document, I simply encrypt it with the public key. Once you receive it, you can use it to decrypt the document. Everything is simple!
Using this system in reverse, one can create digital signature, which confirms that your document came from you and has not been modified. How? Just encrypt it with your private key.
The fact that your public key decrypts it is proof that you have the right to edit it.
PKI support is less common than support for traditional symmetric algorithms.
Many products allow the creation of self-extracting executable files.
You may also find that the recipient may use a free decryption-only tool.
What's better?
There is now a huge selection of products available in the field of encryption.
Everyone just has to choose the solution that will be convenient in terms of functionality, practical and stylish in terms of the interface of the main program window.
The CertainSafe digital safe goes through a multi-stage security algorithm that identifies you to the site. You will have to go through several authentications each time.
Your files are encrypted, if they are hacked, they will crumble into pieces, and no one can recreate them. In this case, there is a certain risk, but at the same time, the level of reliability is very decent.
Each piece of the file is then stored on a different server. A hacker who was able to break into one of the servers would not be able to do anything useful.
Lock can encrypt files or just lock them up so no one can open them. She also offers encrypted lockers to keep personal information secure.
Among many others useful features it is possible to note the possibility of grinding, shredding free space, secure network backup and self decrypting files.
VeraCrypt (Windows/OS X/Linux)
VeraCrypt supports truecrypt encryption, which was discontinued last year.
The development team claims that they have already addressed the issue raised during the initial audit of truecrypt and believe that it can still be used as an available version for , OS X and .
If you are looking for a file encryption tool that really works, then this is it. VeraCrypt supports AES (the most commonly used algorithm).
It also supports TwoFish and Serpent encryption ciphers, and supports the creation of hidden encrypted volumes.
The program code is open, most of the code base consists of Truecrypt.
The program is also constantly evolving, with regular security updates and independent audits at the planning stage (according to the developers).
Those of you who have already tried it have praised it for the fact that the on-the-fly encryption tool works great, and your files are decrypted only when they are needed. So the rest of the time they are stored in encrypted form.
Especially users note that the program is a powerful tool that is easy to use and always in place. Yes, it lacks a pretty interface or a ton of bells and whistles.
AxCrypt (Windows)
AxCrypt is free program, with open source code GNU licenses.
A GPL-licensed encryption tool for Windows that prides itself on being simple, efficient and reliable to use.
It integrates beautifully with the Windows shell so that you can right-click on the file you want to encrypt and issue a command.
Or you can just set up the executable code so that the file will be locked if not used for certain period time. It can be decrypted later, or when the recipient notifies of receipt.
Files with AxCrypt can be decrypted on demand or kept decrypted while in use and then automatically encrypted.
It supports 128-bit AES encryption, provides protection against hacking attempts. It is very lightweight (less than 1 MB.)
Everyone decides for himself which program to use, but if your data is worth anything to you, be sure to think about the fact that you need an encryption program.
Encrypt files and folders in Windows
File Encryption Software: Which is better to choose?