02:07 PM
Fred Langa
Fred Langa

Langa Letter: Easy Encryption

Fred Langa looks at the universe of products that help you protect sensitive files and data from prying eyes and hackers.

Microsoft's Encrypting File System
Perhaps the most widely available (though not most widely used) encryption tool is Microsoft's EFS--the Encrypting File System--that's built into New Technology Filesystem (NTFS) and supported by Windows 2000 and XP Professional. It's a form of public-key cryptography and provides a basic level of protection.

It couldn't be simpler to use: You right-click on any file or folder you want to encrypt, select Properties/General/Advanced and then click the "Encrypt contents to secure data" check box. That's it; you're done.

But there are major limitations to this built-in method. For one thing, it's designed to be "transparent," so that an authorized user doesn't have to do anything unusual to decrypt a file or folder to use it: Once logged into the system, the user can see and use the encrypted data exactly the same way as any other file. This means the security provided by EFS is really only as strong as the security of the user accounts on a system: Once logged in as a valid user, all that user's EFS-encrypted files are available with no further security checks.

EFS also isn't very good for file-level security. Re-saving, E-mailing, copying, or moving an EFS-encrypted file may cause the encryption to be lost. Because of this, EFS defaults to folder-level encryption--you're warned against encrypting a single file, if that's what you try to do. With folder-level encryption, all files in the folder remain encrypted, even if they're saved, altered, or copied within the same folder. (Moving the files to a nonencrypted area of the drive still will cause the files to lose their encryption, however.)

EFS also is incompatible with NTFS's file-compression feature. A file can be compressed or encrypted by NTFS, but not both at the same time.

Finally, there are myriad cracking tools and "key recovery utilities" available for bypassing EFS. Some of these have a benign use: They're meant to allow the IT department to recover encrypted files when, say, an employee has left an organization. But the same tools also can be used to gain illicit access to EFS-protected files.

For all these reasons, I regard EFS as a lightweight security tool, at best, and not the best choice in cases where security really matters.

Third-Party Tools: A Sampling

  • ScramDisk lets you employ any of a variety of encryption methods in 64- or 128-bit cipher strengths, which is enough for many routine uses. The free version of ScramDisk is no longer supported--it's still available for download, and still works, but you're on your own when you use it. The successor product is called DriveCrypt. It offers up to an incredible 1,344 bit military-strength encryption cipher; it costs $50.
  • AxCrypt uses AES 128-bit file encryption. It's a free tool, published under the terms of the GNU General Public License of the Free Software Foundation.
  • WinZip 9.0 is currently in late beta, and finally brings serious 128- and 256-bit AES encryption to this popular method of file compression. The original Zip encryption method is trivially easy to crack, and really offers no significant security. In contrast, 256-bit AES, locked by a well-chosen passphrase, should be proof against all but the most determined levels of attack.
  • Dekart's Private Disk and Private Disk Lite allow you to create a virtual disk, protected with AES encryption.
  • PGPdisk is a multiplatform tool (Windows, Mac) that lets you create encrypted disk partitions using the PGP (Pretty Good Privacy) encryption method.
  • SecureAge offers a variety of tools from free personal-use utilities up to large-scale suites and toolboxes.

2 of 3
Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.