Search The Web

Today's Headlines

Friday, June 12, 2009

Thoughts On Encryption

I have always had an interest in keeping secrets. Even when I did not really have any secrets to keep. Maybe it is part of my daydreaming persona when I imagine I am a swashbuckling spy carrying deadly secrets back and forth in a dangerous world. When I was young, I invented my own code made up of circles, squares and triangles that I thought up and meticulously mapped to English letters so that I could write in code that only I would be able to read. I even wrote a couple of diary pages in this script. The process was very cumbersome, to put it mildly, and I could not read it back to make any sense of it later. So, that was abandoned, but it sat in the back of my mind for quite a while.

Then, with the advent of computers (that is, their advent in my life. To put some explanation on that, I did not own a computer until I came to this country and even then I owned one only after the mid-90's), I figured out I could do with some encryption. So, I started doing some research on this.

I started out reading some basic books on encryption. I am not very good with high-level mathematics, so some of the stuff even in the most basic books did not make much sense to me. But I gathered some basic facts that would enable me to move in the right direction. I learnt for example, that one of the basic problems with most early encryption schemes was that the frequency of letter usage in any language is not uniform. Simple substitution ciphers and even some complicated ones could be broken simply by doing a frequency analysis of the encrypted text and making some intelligent guesses about the substitution based on this analysis.

I actually made up my own new code in MS Access where I mapped letters and phrases in English to 4-digit numbers such that more frequently used letters and phrases got lots of different 4-digit codes and lesser used letters got fewer codes. The resulting encryption was actually not very bad from a frequency analysis standpoint.

Even though I could not actually understand it, I realized that experts in this field had pretty much created unbreakable schemes like 256-bit AES by the early part of this century. At that point, I put an end to cooking up my own schemes and concentrated on picking out software that will do the work for me quickly and efficiently.

You might be wondering what I have to hide on my computer that would require encryption. As I said before, I probably would have been fascinated with encryption even if I were pure as the driven snow and did not have anything on my computer at all. But, we all grow up and develop tastes that others may consider illegal or embarassing. Let's just say, I have may own share of those tastes. I have a pretty large collection of pornography that is obviously not fit for general consumption. I have children at home whom I don't want exposed to this even by accident (they will have all the time in the world to grow up and figure out what their own vices should be).

I don't have much illegal music on my computer because I was never a big audiophile. Most of the music on my computer is from ripping my own CD collection. But my ebooks are a different issue altogether. Most of them would be considered questionable in terms of copyrights and other intellectual property.

So, how do I make sure things on my personal computer stay personal? There are actually two solutions to the problem and a combination of the two that is even better.

The first is individual file encryption. There is very good software available that will take any file you give it and encrypt it with a password so that nobody without the password can open it or use it. The software solutions in this arena are myriad. You can actually use a zip utility like winzip or 7-zip (which is free and open-source and many times more powerful and versatile than winzip) to zip your files or even just store them with no compression with a password added. The file will probably also become at least a little smaller than it currently is (which is an added bonus if you are running low on disk space). As long as you choose a good, strong password (or better yet, a pass-phrase), you should be fine.

But it is a little cumbersome using the files after this. You first have to unzip them before you get to open them in their native applications. So, a better solution is provided by an application called AxCrypt. This program encrypts a file in place and gives it an extension of .ax. When you double-click on such a file, AxCrypt first opens up and asks for the password. Once the file is decrypted with the password, the file is automatically opened with its native applications without any further user intervention. This is better than the zip solution in many ways. First, it is fewer mouse-clicks to accomplish what you want. More importantly, the decrypted contents of the file are never written in an obvious way to disk. They may be written to disk as part of memory caching operations, but essentially, the decryption and opening of the file happens purely in RAM. This makes the whole set up a lot more secure. The interesting thing is that during the process of encryption or even later, AxCrypt can also give your file a totally random name so that nobody can even guess what was encrypted without the password. A side-benefit of the encryption with AxCrypt is that it also often reduces the size of the encrypted file to some extent.

The second type of solution is to create encrypted containers in which you place files or whole folders. The container is completely impregnable without the password. Once the container is open, all the files and folders in the container are freely available for use as if they were unencrypted. Opening the container is referred to as mounting it and once you dismount it, your files are untouchable once again. The best software that implements this concept is TrueCrypt. As you might have started guessing, I am a big fan of free software and truecrypt is no exception. Truecrypt can create file containers, partition containers or disk containers.

Truecrypt comes with a thick user manual which people should go through and understand before they start dabbling with the software. When people dabble with the software without doing that, they end up with encrypted containers that they can't get into. Suddenly, the most important things they wanted to safekeep are not accessible to them, and as you can imagine, it is quite traumatic to people. Most of the conversations in the Truecrypt forums are about people trying to salvage what they can from botched encryptions if they can. And many of them don't have any backup copies either. Oh, the things I could say about backups. In a later post maybe...

But the forums have also been very useful in providing general computer security guidelines that I have adopted over the years. I never run my computer without an updated anti-virus on it. Never connect to the internet without a good firewall operational. Do not enable autorun on any optical drives. Good tips for choosing and using long, strong passwords. More about these in a later post also.

The combined solution that is really outstanding is to AxCrypt the individual files and then place them in a Truecrypt container. Maybe this will be too inconvenient for some people, requiring too many password entries, but I really like this solution.

Truecrypt can also encrypt the entire hard drive of your compute if you please and will not even let you boot up the operating system without the entry of a password (pre-boot authentication or PBA). I have not gone that far because I am a little cautious about what happens in case something goes wrong with this scheme and I have to reinstall the OS from scratch and so on. But given the reliability of the software so far (I think there have been 3 or 4 versions of the software that have come out after the introduction of PBA), I might try this out on the next laptop I buy.

Given the ease of use and free availability of these solutions, I am constantly amazed at all these idiots carrying sensitive information around, unencrypted, on their laptops and then losing them at inconvenient times. Entire databases with addresses and social security numbers, files with medical information. You would think they would learn after the first couple of high-profile cases, but no. They never do. That is what makes them idiots, I guess. And you and I wouldn't be considered very intelligent if there were no idiots around to compare us with!

1 comment:

Anonymous said...

Agree completely that too many people are seriously complacent about their computer (and internet) security.

I use whole disk encryption (PGP, Mac OS X version).

Never had any trouble with it, and do not notice it at all, runs completely in the background, except for initial authorisation at boot up. I have no doubt that TrueCrypt is just as good and reliable, and of course it is free! (The OS X version of TrueCrypt does not do WDE. Otherwise I would use it.)

I feel (and actually am) a LOT more secure with it. No more worrying if the techs at the computer repair store, or the local computer thieves are rummaging around in your personal, work, or financial life. Encrypting individual files or using encrypted containers is fine, especially for carrying relatively small amounts of data around. But it is way more convenient to use WDE.

Main down side for me is that PGP is the only WDE program for OS X, and it ain't cheap. But it is high quality software, and good security is not really luxury any more. Money well spent.

Also, initial encryption of larger drives can take quite a while, like 2-3 days.

(Apple, for reasons best known only to themselves, have not yet included WDE in their otherwise fine system. There is no reason they can't, as far as I know, they just haven't. Which is pretty pathetic these days.)

Visitors Country Map

Free counters!

Content From

In the News

Article of the Day

This Day in History

Today's Birthday

Quote of the Day

Word of the Day

Match Up
Match each word in the left column with its synonym on the right. When finished, click Answer to see the results. Good luck!



Spelling Bee
difficulty level:
score: -
please wait...
spell the word:

Search The Web