 Number 271 - December 2005 |
|
| Which Encryption Type? | |
|
by Vinny La Bash, vlabash@home.com, Sarasota Personal Computer Users Group, Inc. | |
|
Not all data protection
schemes are equally effective. Some are highly effective, others offer
little, if any security. How can you tell if an encryption program does
what its proponents claim? By their very nature, encryption programs
defy comparison because even the most experienced computer people find
it all but impossible to analyze them. Even most professional IT
managers lack the expertise to make sound judgments about an encryption
scheme. How easily can any specific encryption program be defeated? How
are we to know? Blind faith is a scary option and should not be
required.
This sounds like a good argument for Linux or any other Open Source Operating System. Source code is available to anyone who cares to examine it, and software authors can't make false claims about its ability to shield your data. You're also protected if the vendor goes out of business or "updates" the program without notifying you. It's hard to think of anything worse than being locked out of your own data. Nevertheless, most Linux users are still those with a Unix background, and most of us mere mortals use Windows-based systems. With that in mind, we will confine our discussion to the Windows environment. Back in the stone age of computing, the most widely used method to protect data was with ZIP tools. These utilities compressed your data, offered password protection, and "disguised" your files in a rudimentary fashion. Knowledgeable users could easily defeat it, and gradually ZIP files gave way to more sophisticated methods of protection and encryption. What can you do to prevent your data from being stolen or otherwise compromised without driving yourself crazy or wrecking your bank account? In Microsoft Word, you can create a password that will prevent others from opening or changing the document unless they know the password. That creates a basic layer of protection that guards you from amateur snoops and opportunists. This is like locking your doors and windows when leaving your home. WinZip has evolved over the years into a more heavy duty tool, and you can use it to compress your Word file, encrypt it with WinZip's 256 bit AES encryption scheme, and give it another password for an additional layer of protection. Not only have you locked your doors and windows, you've installed an alarm system and activated it. We are probably stating |
the obvious at this point, but please don't
use the same password as you did to open the Word file. Don't write the
password on a post-it note and past it to your monitor either. You may
as well leave the keys in the front door along with the alarm
deactivation code.
How far you want to take this depends on your degree of paranoia. Find a third-party Blowfish type encryption tool, encrypt the WinZip file, and you have a level of protection that would make the CIA beam with pride. You've locked up the place, activated the alarm, and hired an armed guard to patrol the property. The next steps are for the hopelessly paranoid and former submarine commanders. Create an NTFS folder, store your valuable data within, and encrypt the folder. This is like having additional armed guards with watch towers and automatic weapons guarding the place. Realistically, all most of us should ever need is a reliable encryption utility with a well-constructed password for any information we regard as private or sensitive. What tool should you use? Google is a good place to start. Use the search term "encryption algorithm" or "encryption tools". Other good sites to search are www.pcmag.com, www.pcworld.com, and www.smart computing.com/ . There are many other sites, but these are all you need. Your search will undoubtedly result in a list of similar products. Look for those with 256 bit encryption schemes as they are the most difficult to crack. Anything less is subject to being defeated by a good "brute force" program. Whatever tool you decide meets your needs, don't throw all your precautions in the garbage can with a lousy password. If you choose your pet's name, your grandchild's name, or you spouses birthday as your password, you've defeated yourself. Choose your password well, and all should be well. Copyright 2005. This article is from the October 2005 issue of the Sarasota PC Monitor, the official monthly publication of the Sarasota Personal Computer Users Group, Inc., P.O. Box 15889, Sarasota, FL 34277-1889. Permission to reprint is granted only to other non-profit computer user groups, provided proper credit is given to the author and our publication. |
|
Number 271 - December 2005
|
|