A few facts
Inconvenient fact #1 - Cryptography is harder than it looks: Not just any encryption program will do. Most any competent programmer could grab the open-source code for a block cipher (cryptographic protocol) -- say AES -- and put together an encryption process to get from password entry to ciphertext.
But there is a special Murphy's Law for budding cryptographers: Somewhere else in the naive coder's encryption process - key generation, random number generation, hash processes, etc. - there will almost certainly be one or more fatal flaws. A skilled hacker can often find and break process vulnerabilities without much effort. Do-it-yourself encryption is much like thinking you could be competitive with Bobby Fischer or Garry Kasparov [more]
As Bruce Schneier puts it in Security Pitfalls in Cryptography:
A cryptographic system can only be as strong as the encryption algorithms, digital signature algorithms, one-way hash functions, and message authentication codes it relies on. Break any of them, and you've broken the system. And just as it's possible to build a weak structure using strong materials, it's possible to build a weak cryptographic system using strong algorithms and protocols.
Just because an encryption program works doesn't mean it is secure. What happens with most products is that someone reads Applied Cryptography, chooses an algorithm and protocol, tests it to make sure it works, and thinks he's done. He's not.
Functionality does not equal quality, and no amount of beta testing will ever reveal a security flaw. Too many products are merely "buzzword compliant"; they use secure cryptography, but they are not secure.
Example: The temptation to use proprietary, closed-source cryptology leads to persistent folly:
"Even the strongest of the encryption algorithms can be defenseless, if it is implemented with errors, or used inappropriately, and that is the illness of the proprietary software. Microsoft is especially infamous for that, as virtually each of its cryptographic solutions had serious vulnerabilities, often breakable in a trivial manner. One need not venture far for the examples, — Kerberos, encryption of Microsoft Office documents, PPTP VPN, NTLM authentication protocol, SysKey, EFS encryption in Windows 2000, RNG implementations in Windows 2000/XP/Vista. As history shows, that company is unable to learn on its own mistakes, therefore it is better to use anything, but the Microsoft's cryptography, since, even if you would want to, you will find no worse reputation, than the one enjoyed by the Microsoft." ~Mycotopia Forum
Inconvenient fact #2 - Operating systems are messy: They leave behind echoes (cleartext) of the data you access or process - swap files, temp files, hibernation files, browser cache files, and other artifacts.
Windows Volume Shadow Copy Service presents a special problem. Even if you wipe the file after encrypting it, the cleartext copy of previous versions remain on the drive. Even though they are hidden, it is easy enough to find and restore them.
Many simple encryption programs simply encrypt from and/or decrypt to a cleartext file. Yes, some of them delete the cleartext file after you close the program, but they may not securely purge the file (make it unrecoverable).
Using a compression -- e.g. Zip -- program for encryption can be particularly hazardous. Unless you can create, open and save files directly in the encrypted archive you'll leave clear-text version of files behind on the host computer. You must purge (not just delete) those working files. You did know that deleted files are not actually erased didn't you?
If you lose your computer, or if anyone - burglar, snatch thief, snoopy co-worker - gains access to your computer, running or not, they are likely to find cleartext echoes of your encrypted data. You may want to use full-drive encryption to prevent that. All those cleartext echoes will be encrypted when your computer is off. Be sure your program also encrypts the whole hard drive when your laptop lid is closed, not just when you turn it off.
- From the TrueCrypt manual:
"System [full-drive] encryption provides the highest level of security and privacy, because all files, including any temporary files that Windows and applications create on the system partition (typically, without your knowledge or consent), hibernation files, swap files, etc., are always permanently encrypted (even when power supply is suddenly interrupted). Windows also records large amounts of potentially sensitive data, such as the names and locations of files you open, applications you run, etc. All such log files and registry entries are always permanently encrypted as well."
- Full-drive encryption may not be though. Some full-drive encryption is vulnerable to attack by someone who can gain repeated physical access to your computer. [Evil-maid attack]
- Best Free Drive Encryption Utility
- 8 Reasons for Full Disk Encryption
- Bruce Schneier is a data-security expert, who recommends the PGP Whole Disk Encryption program.
- Full-Disk Encryption Suites
- Comparison of disk encryption software
- Filesystem-level encryption
Inconvenient fact #3: Any encryption program can have a secret backdoor. The backdoor may be government-mandated, or provided for convenience in recovery and other administrative functions. Other than government access, the primary hazard is that backdoors are often easily hacked by attackers.
Inconvenient fact #4: Malware presents another threat: If any computer you use to access your data is infected by spyware, the cleartext (decrypted) data can be transmitted to an exploiter over the Internet. Encryption doesn't do a thing for you in this case. Your computer security system (or lack thereof) is what lets you down.
Final worry: Your computer and/or storage devices may be subject to search. It may be better to not have your sensitive data with you if you're traveling by air. Consider storing your data in the cloud (online in encrypted form) or accessing it over a VPN when you need it.
- The program must not rely on a proprietary cipher (encryption algorithm): It must use a time proven algorithm that has been extensively reviewed by the cryptographic community. Examples are AES (Rijndael), Twofish, and Serpent, plus combinations of these used in cascade. But that's just the first hurdle.
- I'm highly skeptical of programs offered by individual authors, or as a feature of software that has another primary purpose. Encryption is naturally intriguing, there are excellent public algorithms available for anyone to use, but inexperienced implementation is almost always fatally flawed. In many cases, there are clear warning signs that these programs are not secure at all.
- I look for software that has been proven over time. The program should ideally have been used for several years without being breached. Even though a new encryption program uses a time-proven cipher, implementation of the rest of the cryptology has not been demonstrated.
- Open-source software is a better choice than closed-source software, particularly if the software has been actively used by commercial entities.
- Does the software have a backdoor? Other than government access, the primary hazard is that backdoors are often easily hacked by attackers.
Pismo File Mount Audit Package provides a useful example of my approach to vetting encryption software, based on the factors in above.
I like the Private Folder feature of this audit package. It allows you to quickly access an encrypted file that you convert to an encrypted folder using a context menu command in Windows Explorer. There is no program to open. The big advantage other than convenience is that you can read and write to this folder, completely avoiding the problem of plain-text residue on your hard drive. But is the encryption robust?
- Does the program rely on a proprietary encryption algorithm? No, they state that “Private Folder utilizes AES encryption and PKCS5v2 key generation.” So far, so good.
- Is the program offered by an individual author? It is offered by a commercial enterprise. That's good.
- Is it a feature of software with another primary purpose? Encryption is a recently added feature to software that has a more general primary purpose. Not so assuring.
- Has the software been proven over time? The program has been available for some time, but the encryption feature is recent. Also, I was unable to find any reviews by competent examiners. Not yet proven I guess.
- Open-source software is a better choice than closed-source software: Source code is not available for the audit package itself, but source code is available for the core functions that the audit package uses. Good sign.
- Does the software have a backdoor? In my opinion, based on the nature of the product, probably not.
- Conclusion: There are better alternatives.
Fatal backup trap:
Encryption programs that create encrypted "volumes" (files that contain encrypted files) do not change the size of the container file, and often intentionally do not change "date modified", even though files in the volume have been changed or added. The purpose is to maintain plausible deniability, but the result can be that your backup service or software will not recognize that the volume file has changed. If you use incremental backup for example, the volume file would be skipped after the first time.
TrueCrypt is an example of a program that does not change the modified date. However, some cloud backup services - Dropbox for example - check the hash value of volume files, not the date, and if they change Dropbox stores a new copy of the volume file. TrueCrypt is thus a good way to implement client-side encryption for your most sensitive files if you're using Dropbox for backup. SkyDrive, for example, uses the modified date - not a hash value - so TrueCrypt volumes will not be backed up by SkyDrive after they change.
Similar information on the pitfalls of encryption: