Recommendation for encryption software solution without these issues


  1. Posts : 11
    Windows 10
       #1

    Recommendation for encryption software solution without these issues


    Hi all,

    I have found the following major security issues with all the encryption software I have tried thus far:

    1.
    The original encrypted file is decrypted when using the software by entering the encryption password, and when shutting down the app the file is re-encrypted. However, in the event of an unexpected termination of the software (power loss, battery failure, app crash, etc.) the app does not re-encrypt the decrypted file (and cannot re-encrypt it, as it has terminated unexpectedly), and it thus sits there on your hard drive in unencrypted form until you hopefully notice that it didn't get re-encrypted.

    2.
    Upon entering the decryption password, the software creates a temporary file copy of the decrypted file and stores it in AppData or Temp or some other place, leaving the original file safely encrypted. However, in the event of an unexpected termination of the software (power loss, battery failure, app crash, etc.) the app does not delete this temporary file (and cannot delete it, since it has terminated unexpectedly), and it thus the temp file sits there on your hard drive in unencrypted form until you hopefully notice that it didn't get deleted.

    Additionally, almost all apps seem to require an online sign-in, which I don't want either.

    In summary, I'm looking for encryption software which meets the following requirements:

    1. Can encrypt selected files//folders, and does not require entire partitions/drives to be encrypted.
    2. Does not suffer the above problems from unexpected shutdowns. Veracrypt for example gets around this by only opening files in RAM (in unencrypted form). No temp files etc. The problem with Veracypt, as I understand it, is that you can't encrypt selected files and folders around your hard drive. You have to encrypt a whole drive.
    3. Encrypts and decrypts locally. No internet connection or sign-in to company servers required.
    4. Open source.
    5. Available on Windows.

    Preferably the following if possible:

    6. Automatically re-encrypts open files if lockscreen is shown, or is PC goes to sleep or hibernates.
    7. Re-encrypts automatically after optional time period eg. 5 hours.
    8. Portable version available.

    Thanks for any suggestions.
      My Computer


  2. Posts : 282
    Windows 10 Pro
       #2

    No, you have Veracrypt wrong. You can create encrypted containers. Please read the ENTIRE Veracrypt manual. I highly recommend it.

    Having said that, what is your use for encryption? There maybe other methods...

    Full disclosure, I have been using Truecrypt (Veracrypt is based on Truecrypt) for years and years so know how it's used. I once used Veracrypt for full disk encryption (FDE), but it took FOREVER to boot the computer and got tired of that crap. Especially when I have an NVMe. Though, with the use of FDE the speed is practically cut in half using an NVMe.

    There are a few security flaws with Truecrypt, but can be mitigated - nothing major. I followed the Truecrypt audit very closely and watched the DEFCON presentation on YouTube. It was very interesting because it was at that same time Truecrypt suddenly shut the door to the website and forum (which I was a member) and proudly proclaimed Truecrypt was not secure and to use Bitlocker instead. To most of us tech geeks, that sounded like a Lavabit scenario.

    PGP (Pretty Good Privacy) encryption can be used for files and text. For Windows check out Gpg4win. But it has a learning curve and you MUST keep the secret key in a good password safe... I chose Keepass with ChaCha20 encryption and the Argon2 hash, and I periodically backup its database all over hell and back. I highly recommend ChaCha20 and Argon2 because I have broken a Keepass password manager password because it was using AES. I don't think John The Ripper or Hashcat can break a ChaCha20/Argon2 encrypted Keepass vault that I know of as of this post. Plus, if you up the iterations like I do, brute forcing even on the best GPU now-a-days is still next to impossible if the password is long and complicated. Like: &88H{dj5667782iHG7&%)0. Lets just say it takes at least ~20 seconds to load my password vault thanks to all the freaking iterations. That means it'll slow down a GPU's cracking more than a snail moving through molasses.

    Anyway...
      My Computer


  3. Posts : 11
    Windows 10
    Thread Starter
       #3

    F22 Simpilot said:
    Having said that, what is your use for encryption? There maybe other methods...
    Thanks for the suggestions. I'll try them out. Will also look further into VeraCrypt containers. This sounds promising.
    It's encryption for personal use. I just want a secure encryption method which doesn't leave these unencrypted files all over the place after unexpected termination. Was kinda shocked when I realized this was happening with the software I was using. I hadn't looked into how they worked well enough, but I'm seeing almost all of them seem to have some variation of the same basic flaw.

    F22 Simpilot said:
    To most of us tech geeks, that sounded like a Lavabit scenario.
    Your feeling is that Truecypt was closed down by US authorities, for not handing over encryption keys/user data or something like that? Very interesting learning about this affair. Was just watching this: Lavabit's Ladar Levison on Snowden, Why He Shut Down, and How to Beat the NSA - YouTube
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 00:56.
Find Us




Windows 10 Forums