S
Svante
Paul Johnson said:
Hello,
Before wrapping this up for good...
I am the author of AxCrypt and just noticed this thread, and I think
that labelling AxCrypt as a joke may be a slightly harsh judgement.
You do not need to like it, try it, want it, or use it but it is for
free and 10's of thousands of users appear happy with it and
understand what it does - and what it does not. Let me explain...
There are many types of programs available, for free or purchase, that
attempt to protect privacy in various ways. Some are:
- File encryption - Encryption, i.e. scrambling of the contents of a
single file with a password - irreversible unless the password is
known. Suitable for mailing, remote storage, backup, and local privacy
to an extent. Examples are AxCrypt, File2File, Blowfish Advanced CS to
name a few very similar programs. They all do basically the same thing
- although of course I'd like to think AxCrypt does it better than the
others... ;-)
- Disk encryption - Encryption of the entire disk. Suitable for
laptops for example. I know of no free such software.
- Encrypted Virtual disks - A file that you can mount in your computer
as if you had an extra disk. Will, when mounted, appear as X: for
example. Most suitable for local privacy on one computer - not so
suitable for e-mail, remote storage etc. PGPDisk, BestCrypt etc are
examples.
All of the above types of programs do, when properly implemented and
used:
+ Protect your contents from viewing by anyone who do not know or get
the passphrase or key, including government agencies and other
organizations with massive monetary resources. Strong encryption is
the only currently known technology which does this.
They will NOT:
- Hide the fact that you actually have private data. Anyone can by
inspecting your hard disk find the encrypted files or virtual disk
containers, or recognize the encrypted disk for what it is. (There are
some who implement what is called plausible deniability which actually
mask which program was used to encrypt to the extent that it's even
not possible to prove that the data found on the disk is not just a
file full of random bits. Then again - who's going to believe that you
keep a 200Mb file of random bits around just for fun, especially as
you most likely happen to have such a program installed in the same
machine... Still, there may be uses for such technology).
There are programs that purport to 'hide' your data, either inside
other files or simply hide the files themselves from viewing in
Windows Explorer.
This is called steganography, not encryption although they frequently
are combined, and is very seldom used for serious purposes although
it's an interesting concept. The reason it's hard to use is that you
can't really hide any significant amounts of data. A megabyte is kind
of hard to hide... Most programs available are usually toys or falsely
labelled as 'hiding your data undetectably'. There are two categories
of such programs which may at first glance appear useful:
- Hide-in-picture type of programs. Purports to hide your data inside
other files undetectably. Real such programs will only be able to hide
a few percent of the container size, i.e. perhaps 5 kilobyte in a
500Kb JPG. Fake such programs just attach your data at the end of the
picture or whatever, and fall for trivial attacks. ("Hmm, let's see...
Why is that JPG 16Mb? When I view it, it's just a picture that
normally occupies 500Kb... Oh, I see, there's 15,5 Mb of weakly
'encrypted' interesting stuff attached at the end!")
- Hide-from-view type of programs. These are mostly just variants on
the 'hide' bit that is already available in all Windows versions. What
they do is add code to your system that actively hides certain files
when marked for hiding, or possibly tweak your disk so that the OS
does not 'see' the data. These programs generally fall to trivial
attacks such as just not starting the program that does the hiding,
viewing the disk with an OS booted from CD-ROM, or killing the
process. They may be useful to hide files from a casual viewer such as
a 7-year old - but a computer savvy 10-year old may well find them...
;-) If that is the level of protection you're after, go for it. It
looks nice and is easy to use. Just don't think that you've gotten any
more than you actually get.
Then there are countless variations and combinations on the above
themes, more or less ambitious.
AxCrypt does not hide encrypted files - and this is for a reason.
Actually two.
1 - It can't be done. Not really. AxCrypt is intended to be a serious
program for serious use, not a toy.
2 - There are too few use-cases where there's a legitimate need to
hide the fact that the private data is there at all. This thread
touched upon the subject of porn, and this is probably the most common
perceived need to actually hide the fact that the data exists at all.
Unfortunately there is a lot of material produced that is not only
explicit, but in fact illegal to produce, distribute and own. When
implementing features in AxCrypt I always ask the question 'why is
this needed, and who wants it', and then rate pros and cons. Certain
features are really only useful for illegitimate purposes, and such
will not be implemented in AxCrypt. It's not enough that there is one
legitimate use-case, if there's a hundred or a thousand non-legit uses
that outweigh it. That is why AxCrypt does not hide it's data, nor
attempt to give 'plausible deniability' as mentioned above, nor
include embedded picture and movie-viewers (there are quite a few such
available, labelled to use to 'protect your family album' from prying
eyes. Really. Sure.)
For your stated purpose of maintaining your privacy concerning
financial statements, tax returns etc AxCrypt and similar programs
such as those mentioned above are probably just what you need, or
possibly virtual disk containers such as PGPDisk.
You do need to understand the usage paradigm for each program though,
otherwise you may be lulled into a false sense of security. If you do
not feel up to gaining that level of understanding, I suggest either
not keeping the data on a computer, or simply physically locking the
machine or disk up in a box or a locked room and not attach it to the
Internet. In many cases this is the most practical and easy kind of
security for personal or corporate privacy. It's the model used by
most security conscious military and research organizations - at the
end of the day the disks are removed and locked up in a safe. Simple
and safe.
Best regards,
Svante
