Product Comparison: Personal File Encryption

There are several good file encryption programs are on the market today. This section discusses and compares some of the popular ones for personal use. For a business setting or a multiuser environment that requires centralized administration, several products exist that will not be discussed here, such as F-secure's FileCrypto and RSA's Keon system. If you're looking for a solution to fit a medium-sized office environment, have a look at systems like these.

Table 12.4 lists some of the highlights of each product discussed.

Table 12.4. Encryption Products

Product	URL	Pros	Cons	Operating Systems	Price
PGP Freeware	www.pgpi.com	Full-featured functionality	Difficult for novice users	Windows, Linux, Macintosh	Free for personal, noncommercial use
Encryption Plus Folders	http://www.pcguardian.com/software/folders.html	User account management, password recovery	Clumsy interface	Windows	Freeware version or $49.95
Scramdisk	http://www.scramdisk.clara.net/	On-the-fly encryption, stenography, share encrypted folders with others	Complex interface	Windows	$20
Jetico BestCrypt	http://www.jetico.sci.fi/home.htm	Simple to use and effective	Basic functionality	Windows, Linux	$89.95 for Windows

PGP

PGP is a wonderful product that has been around for many years. Its creator, Phil Zimmerman, first released it as a freeware product in 1991. Ten years later, it has undergone several rewrites through a team of devoted professionals, who want the value of PGP to be accessible to everyone worldwide. The freeware version of PGP is still available to the public, courtesy of Network Associates, who now owns the rights to PGP software. Network Associates also sells it as a commercial product, called PGP Desktop Security. The commercial version of PGP includes the PGPdisk software, whereas the freeware version does not. PGPdisk is the software similar to Jetico BestCrypt. It allows you to keep multiple files encrypted in a virtual disk, which appears to the operating system as any other partition. You actually can still obtain the last PGP freeware version, PGP 6.0.2i, to have included the PGPdisk software. Get it from http://www.pgpi.org/products/ for both Windows and the MacOS.

The current free version, PGP Freeware v6.5.8, runs on Windows, Macintosh, Linux, Solaris, HP-UX, and AIX. It is available for personal, non-commercial use from www.pgpi.com or the MIT distribution site at http://web.mit.edu/network/pgp.html. The interface for PGP is somewhat difficult to use because of its many features. However, wizards exist to help simplify the process for new users. The features vary across operating systems. We will focus on the Windows version here:

• Secure e-mail— You can do the following with this feature:

  • Exchange encrypted e-mail with other people who use PGP.

  • Have support for Outlook, Outlook Express, Eudora, Lotus Notes, and Claris E-mailer.

  • Digitally sign e-mail messages to ensure the identity of the sender.

• Secure files— You can do the following:

  • Encrypt and decrypt individual confidential files on your computer.

• Key ring— This feature enables you to do the following:

  • Consolidate all of your friends' and associates' public keys into a single key ring.

  • Search public PGP key servers such as http://pgpkeys.mit.edu:11371/ directly from the PGP software application.

• PGPnet— This feature does the following:

  • Can be configured for use between PGPnet-enabled computers, as well as several standard VPN servers

  • Provides an encrypted tunnel that secures all TCP/IP traffic sent between two computers

• Self-Decrypting archives— This feature enables you to do the following:

  • Encrypt individual or multiple files into a single, encrypted file that anybody—even non-PGP users—can decrypt with just a passphrase.

The commercial version of PGP is available from Network Associates at www.pgp.com. It represents a suite of the preceding features, plus PGPdisk, a firewall, an intrusion detection system, and a plug-in for ICQ. With the commercial product, you get the benefit of support from Network Associates.

PGP freeware uses industry-standard algorithms of CAST, IDEA, 3DES, Twofish, Rijndael, RSA, and Diffie-Hellman.

BestCrypt

Jetico (www.jetico.sci.fi) is a company based in Finland that provides well-known security products such as BestCrypt and BCWipe worldwide. As we saw in the section “Securing Files on the System,” BestCrypt provides a great method for easy and strong file encryption. The interface is intuitive and easy to use. It works by creating a container on your computer. You access the container with your password, and the Windows operating system sees it as another hard drive partition. You put files that you want to be encrypted into the container. When you open the container with your password, all files are accessible and require no further decryption. When you close the container, all files are encrypted and secured as a single file.

BestCrypt monitors access to the container files. The container files have a .jbc file extension. BestCrypt prevents you from accidentally deleting a container file. You must explicitly delete the file through the BestCrypt interface as long as the software is active on your computer.

BestCrypt provides strong encryption algorithms: Blowfish, Twofish, GOST, and DES. The key generator it provides is a hashing algorithm, either SHA-1 or GOST.

Similar to other software, BestCrypt is completely transparent to the applications you use. Transparency means that your other programs such as Quicken or Microsoft Word operate normally, and you access files in your container just as you would normally access any file. If you store Microsoft Word files in your container, Word is not affected in any way. Your files are kept confidential, and you can still use them as you normally do.

BestCrypt is inexpensive and well worth the price. The interface is easy to understand and the documentation is clear and concise, making BestCrypt extremely user friendly.

The latest version of BestCrypt is v7.0. It has some notable new features, including the following:

• Swap file encryption

• Centralized, network-wide BestCrypt management

• Multiple passwords per container, which enables multiple people to share a single container without sharing passwords

Encryption Plus Folders

Encryption Plus is also simple to install. It uses the Blowfish block cipher.

To start using encryption, you create a folder on your hard drive that will be the encrypted folder, or you can use one that already exists. Through the EP interface, you select the folder you want to encrypt by clicking the Protected Folders button, and then selecting the folder. You can alternatively unprotect the folder at any time through the same interface.

Encryption Plus transparently protects data with on-the-fly encryption. Whereas other programs offer on-the-fly encryption by decrypting on demand entire files, EP decrypts only the portion of the file that is in use, which adds extra security.

EP operates completely transparently to your other programs. Microsoft Word for example, is unaffected when you are accessing a file stored in an Encryption Plus protected folder.

EP also includes a password-protected screensaver for unattended computer security. EP includes a password recovery feature, which is unique. When you first enter your password, you are given the option to create three personal questions and answers. EP will keep these safe, and if you should forget the password you used, you can answer these three questions to retrieve it.

With the licensed version of EP, you can create multiple users and share encrypted folders between users that you specify. This sharing does not work across the network, but is simply local to the computer.

EP prevents users from accidentally deleting the protected folders by locking the folders when the Windows operating system is loaded. EP allows for encrypted folders to be transferred to removable media devices such as floppy drives or zip drives; be aware, however, that it cannot protect files on removable media from being deleted.

Scramdisk

Scramdisk is similar to BestCrypt. It uses the container concept to provide a single file that is opened by a password. This container file is seen by the operating system as another drive partition. That is, after the container is open, the container appears as another drive letter in Windows.

Scramdisk provides for many industry standard encryption algorithms, including 3DES, IDEA, MISTY1, Blowfish, TEA, and Square, as well as a proprietary algorithm called Summer, which is fast algorithm intended for low security needs. We will, however, always recommend using widely tested industry standard algorithms over proprietary algorithms.

Scramdisk provides some unique functionality. Not only can you encrypt with the container concept similar to BestCrypt, but you can also hide your encrypted disks inside of picture or sound files. This practice is known as steganography. Steganography hides messages inside harmless looking files, such as images. Unless you know to look for the message, it is transparent to you. Scramdisk allows you to use up to four different passwords to protect a container. The container is really a file on your hard drive with a .svl extension.

Scramdisk also includes a wiping utility to securely wipe files from your disk. This wiping technique is similar to the functions that are built into BCWipe and PGP. It is an alternative to simply using Delete in Windows, which doesn't actually remove the file from the disk, but rather unlinks it.

The interface for Scramdisk is a bit difficult to navigate at first, but knowing the concepts of how the program works makes it easier. In addition to creating, mounting, and dismounting protected container files, Scramdisk provides some additional functionality, including access to Windows Disk Defragmenter, ScanDisk, and volume labels.

Another cool feature, in addition to steganography, is the ability to create an SFK file. You can distribute this file to other users, and it acts as a key to unlock your protected containers. By using this file, other people can unlock your containers, without knowing your password. Your passwords are kept safe, and your encrypted files can be shared.