What is Encryption?
Almost since the beginning of the written word, people have been trying to conceal what they were writing. In the 15th century, DaVinci wrote his notes using his peculiar backwards script.
From then on, various techniques were used for concealment, like numbering words from a well-known book. The bible was a very popular choice for this. e.g.. Mark 23, 34, 118, 119 decodes to “Send the wild honey”. This was tedious and prone to error.
As the centuries wore on, and writing became more prolific; faster and more secure methods were needed. The easiest thing was letter substitution. Write the alphabet, then substitute another letter for the original, e.g. “c” for a, “d” for b, “e” for c and so on. “dqqm” translates to “book”. As you can see, unless you use a more sophisticated substitution method this is fairly easy to crack.
During World War II, the Germans invented the Enigma machine that did just that. It made letter substitutions from a very complex formula. The British intercepted the coded messages and proceeded to spend thousands of man-hours to crack the code. They were finally successful. The rest is history.
Along came the computer and the encryption industry exploded. You can program a computer to do a thousand steps to substitute an encryption letter for a “plain text” and it will do it for each and every letter, number or picture pixel in a message. It will do it tirelessly and over and over as necessary. And the beauty of that is it will do it in the blink of an eye.
Which brings us to where we are today. Encryption programs are doing gyrations and stunts to words and pictures unheard of just 30 years ago. It’s called the Encryption Algorithm. Pick the best and you will have incredible security.
Computer Security; How Easy or Hard Can it Be?
OK. You’ve been toying with the notion that there are some things on your computer that are private and should not be viewed by just anyone. If someone were to see those files there would be hell to pay. There are many ways to prevent that from happening. Not the least of which is hiding your computer. Don’t laugh.. You don’t need passwords or any sophisticated apps to do that. Of course, if that's not practical, you should consider encrypting the sensitive files. Encryption programs range from the simple and ineffectual to the very complex and very pricey.
What are your Options?
How do you provide privacy? Password protection? Windows has had that for years. Unfortunately, it blocks access to your entire computer and it has been a favorite of hackers so as to be comparatively easy to get around.
Windows 10 has an encryption scheme called BitLocker Drive Encryption which is incredibly secure. As the name implies, it is for the whole Hard Drive. Alas, you can only do the encryption if you have the Pro edition along with the Trusted Platform Module (TPM) chip. This is a special microchip that enables your device to support advanced security features. There are other stumbling blocks to BitLocker like converting the file system to FAT32 on flash drives. Most of us are using NTFS since we have files larger then 4GB.
Choose an encryption program that uses known and proven encryption algorithms.
If your sensitive files consist of pictures, there are encryption programs with built in picture viewers. They are designed to allow the pictures to be viewed while the file itself stays encrypted.
Some apps offer to suggest a password. Many people defeat a perfectly good security system by using a password like, “123456”, “password”, “qwerty” or their name or nickname. Get a program that suggests good passwords and use it!
Consider a program that will automatically send an email with a Public Key encrypted file attached. All the algorithms and procedures for doing this are very involved and heavy on the abbreviations: CMS, CRL, Hash, HMAC, OCSP, PEM files, PFX, RNG, RSA Keys, RSA (Raw), Triple DES (TDEA), X.509 Certificates. So choose a program that insulates you from all this and does its job seamlessly.
- Ease of installation
- Easy file selection
- Picture viewer.
- Deniable encryption
- Password generation
- Public Key Email
What to be Wary Of
First and foremost, skip any encryption application that says they have “unbreakable encryption”. The developers that wrote that may not be able to break their own program, but professional Cryptographers would pick it apart in seconds.
If the program says their encryption algorithm is secret and therefore it is secure, be alert. That is no guarantee of protection. Anything secret is a challenge to would-be hackers.
Programs that assume you are a computer geek. Deep into cryptography, there are terms like CRC-32, key derivation, PRF, HMAC-SHA-512. They go on and on. If you need to know what these terms mean to operate an encryption program, then select another. The best app is one in which you select a file or two or more, give it your password and it is done!
Also know that outrageous claims on key length, special internal mathematics, one time pads and cracking contests are red flags.
- Secret proprietary algorithms
- Internal mathematic Matrices
- Chaotic mathematical equations
- Neural networks
- SHA-1 Hash Function
- Mathematic coding theory
- Zeta functions
- One-time pads
- Cracking contests
Any web site using these terms as a selling point for their program is selling “snake oil”.
What to Look For:
The main thing is the encryption algorithm. The endorsed standard is the Advanced Encryption Standard (AES) by the National Institute of Standards and Testing (NIST). It was determined that an algorithm devised by Dr. Joan Daemen and Dr. Vincent Rijmen which they called Rijndael, met all their criteria for the best and fastest.
Some programs will offer different algorithms. Forget them. AES (Rijndael) is the way to go.
Also look that Rijndael is implemented with 256 bit keys, in counter mode and with non duplicated 256 bit Nonce (number used once). Check the specification page even if some of the terms are foreign to you.
Look at the screen shot of the main program. Does it show all the functions you need? Is it void of technical jargon? Are there functions that are too technical?
Financial considerations: There should be a one time charge for the program. Upgrades should be available and cost a modest amount. Ongoing annual fees will run into substantial sums. Programs that emphasize that they are free invariably have some hook that will grab you for money.
Sending encrypted messages via email involves public keys. Public keys are very involved and use prime numbers, internal hashes and a myriad of other super geek procedures. The best encryption program for sending messages will do all this out of your view. It will just ask you to click a single button to generate your public key and email it to the guy who will be sending you the encrypted message. It should also include the Self Signed x509 Certificate to verify that the Recipient is actually the one who sent the Public Key. VERY IMPORTANT.
Look for the option where you can either preserve the file name after it is encrypted or have each encrypted file given an anonymous name. i.e. E0001.AAA, E0002.AAA
A real convenient option is if the app automatically encrypts files as they are added to a folder. It would work in the background.
Look for other file and folder handling capabilities, allowing you to add, delete and change.
As you are probably aware, when you conventionally delete a file in Windows, it winds up in the Trash Bin. Open the Trash Bin and you or anyone can restore that file with a single click. Most programs will have ways to delete files with various levels of secure deletion. Slightly secure, moderately secure and totally destructed. What a pain! Select the program that quickly and efficiently totally destroys the selected file each and every time. Trash Bin sees nothing and knows nothing of the permanently removed file.
There are many ways to have encrypted files hidden from view. Some apps get right into the mechanics of your computer system and hide a portion of your hard drive. (Hiding a Volume). The less the app gets into the guts of your computer, the less problems you will have. Others will use a Steganography approach to hide an encrypted file in a picture or even in the first byte of each line of data on your computer. Each of these methods has flaws: Someone may say he has a court order or may simply require you to give your password to expose the hidden volume or special picture. The first byte in each line of data is a very elegant way to hide encryption, but it has flaws; defragging destroys it and file size needs to be very small.
The best way to have “deniable encryption” is to get the encrypted files off your computer. This is easily done with a USB flash drive. But then the encryption program must have the ability to do files directly onto the flash drive leaving no trace on your hard drive. That brings us back to the opening paragraph of this piece, where we joked about “hiding your computer.” That doesn’t seem so far-fetched now. USB flash drives are easy to conceal and there are no sensitive files on your computer.
Finally, a nice convenient gadget in the encryption program is to give you possible passwords. Anyone can write a gadget that comes up with a password like uXoCw2d9r9. That’s lovely but try to remember it. It’s useless. If the password generator comes up with, "Ganebigade" or "Wobolowiss" now you are onto something. They are almost real looking, they are unguessable and they can be memorized. Google “unguessable passwords” for more on this.
- Rijndael (AES) encryption algorithm in Counter mode with Nonce.
- Automatic x509 Certificate generation
- Easy to understand file, folder and encryption functions.
- Financial: price around $19.95. No fixed annual fees. Inexpensive upgrades around $9.95
- Sending encrypted messages in email with Public Key.
- Flexibility in file names.
- Automatic encryption in the background.
- File and folder handling capabilities
- Permanently delete files.
- Deniable encryption using USB Flash Drive.
- Unguessable Password generator.
Richard Bennice is owner and programmer of BMC Engineering. He specializes in encryption programs and has been writing them for 24 years.
See our YouTube video, "The Easiest Way to Email an Encrypted Message."
Permission is hereby granted to copy and publish the contents of this page provided all links are included.