Alright people I don't like people going into my hard drives or emails or flash drives etc, I want to know, how can i encrypt my stuff fairly easily? like not have to be a super techy dude to know how.

thanks

What exactly do you mean by this, and what system are you running?

(Assuming you're using Windows)
Select whatever folder(s) you want to encrypt, then right click, and go to 'Properties'.
Under 'Attributes' go to 'Advanced', then check the checkbox 'Encrypt contents to secure data'.
This will only work for local folders, you cannot do this to a flash drive as the encryption key (The thing used to decrypt what's in the folder) is stored locally on your computer.

If you have Windows Ultimate (7 or Vista), you can also use Bitlocker to encrypt your entire hard drive, and Bitlocker to-go to encrypt flash drives.

As far as encrypting your email, unless you're using a client to download your email to your machine locally, your email is already encrypted on whoever's servers you use. To read them through an encrypted connection though, that's as simple as going to https://mail.host.com/ instead of http://mail.host.com (So https instead of http).

There are also 3rd party alternatives, such as TrueCrypt (http://www.truecrypt.org/), which I haven't personally used, but they acomplish the same thing: encrypting your data.


Also, just so you know, if you encrypt a folder, make sure you keep a non-encrypted backup of it somewhere. If you ever have a major hardware failure (Major enough to require a re-install of Windows), or if Windows ever needs to be re-installed, you will permanently lose all of the encrypted data. (Unless of course you make a backup of the encryption key somewhere, which I would /highly/ recommend doing if you plan on encrypting things)

I HIGHLY recommend TrueCrypt over BitLocker for Full Disk encryption. You have choice between the hashing and encryption algorithms as well as hidden OS's (which you may never need). As well as being multi-platform for us Linux users :D It's certainly not as hard as it sounds either. Just download and click Encrypt Device. It'll guide you through it.

Email is a bit harder to encrypt if you're using a public service such as Hotmail and Gmail. You'd need to use PGP keys which have to be decrypted by the person receiving the mail and in the end. You probably don't have enough important info to bother encrypting email. But if you do, Google PGP encryption.

If you're more adventurous, you can try to use something called PGP encryption. I've never used it directly, as I'm not an "encryption-savvy" person, but I know that most email clients offer it as an option for mail encryption.

I personally agree that TrueCrypt is one of the better user-friendly options available. Not trying to start any wars here, but I just can't bring myself to trust most MS products and always prefer a third party option. Since TrueCrypt is open source, I trust it a lot more, and you can achieve military grade encryption with that. If you're using something like Ubuntu Linux, there are built-in encryption options also, which are better for a few reasons, but I won't go into that coz you're probably on Windows.

One thing to be careful of is that even using encryption to store your files, if they're copied to virtual memory (Windows) or swap space (Linux) they are then stored unencrypted and it is possible for someone with advanced know-how to access whatever is left hanging around there. On Linux you can also encrypt swap space, but I'm not sure on Windows. TrueCrypt also doesn't protect against this unless you're doing entire disk/OS encryption. However, using the built-in encryption options on new versions of Ubuntu does also encrypt swap data.

PGP is very cool for mail encryption because people can encrypt messages and attachments to you, without knowing your password etc. I'm not sure about recent versions, but most MS mail clients I ever used did NOT have FREE built-in functionality for this, while most common open source mail clients do (like Evolution and Thunderbird... I think its a plugin for Thunderbird). The only PGP plugins I found for MS mail clients were commercial and not free, but I haven't checked recently.

And for browsing security, Onion Routing (TOR) is awesome! It prevents anybody from seeing what sites you visit (if you use it properly) and it also allows you to get past most site filtering on school networks :)

If you're using something like Ubuntu Linux, there are built-in encryption options also, which are better for a few reasons, but I won't go into that coz you're probably on Windows.
Most distros come withi it nowadays.

One thing to be careful of is that even using encryption to store your files, if they're copied to virtual memory (Windows) or swap space (Linux) they are then stored unencrypted and it is possible for someone with advanced know-how to access whatever is left hanging around there.
Lolwut? The only way to get the information is to run a program that scans every single memory address -- which must be run as root -- and will take a long time.

On Linux you can also encrypt swap space, but I'm not sure on Windows.
Most of the time, swap is already binary files.

TrueCrypt also doesn't protect against this unless you're doing entire disk/OS encryption. However, using the built-in encryption options on new versions of Ubuntu does also encrypt swap data.

[QUOTE=monkeydo;1608496]PGP is very cool for mail encryption because people can encrypt messages and attachments to you, without knowing your password etc.
Most of the time, you don't give other people your email password anyways ;)

I'm not sure about recent versions, but most MS mail clients I ever used did NOT have FREE built-in functionality for this, while most common open source mail clients do (like Evolution and Thunderbird... I think its a plugin for Thunderbird). The only PGP plugins I found for MS mail clients were commercial and not free, but I haven't checked recently.
Well, it's Microsoft. They're out there to get money -- and honestly speaking, who can blame them?

<-------->
I can actually give you a simple encrypter, using the Perl module Crypt::RC4 (http://search.cpan.org/perldoc?Crypt::RC4):

#!/usr/bin/perl -w
use Crypt::RC4;

my $passphrase = "mypass1234"; #Change this to a passphrase of your choice.
my $rc4 = Crypt::RC4->new;

my $encrypted_data = $rc4->RC4( "any data you want encrypted. This can be a string or binary data. Data structures must be serialized" );

print $encrypted_data, "\n"; #Print the encrypted data.

And to decrypt:

#!/usr/bin/perl -w
use Crypt::RC4;

my $passphrase = "mypass1234"; #Change this to the passphrase you encrypted with
my $rc4 = Crypt::RC4->new;

my $decrypted_data = $rc4->RC4( $encrypted_data ); #The encrypted dat could have been obtained from a file, the command line, STDIN, etc.

print $decrypted_data, "\n"; #...and your original data is back!

Not too difficult to implement.

Lolwut? The only way to get the information is to run a program that scans every single memory address -- which must be run as root -- and will take a long time.
Still doable, and there do exist programs which do roughly this. I don't know how Linux/MSWin clears swap but that could exist between boots on the disk if the system is not properly shut down, yes?


Most of the time, swap is already binary files.??? How does this protect swap data?

...
I can actually give you a simple encrypter, using the Perl module ...
Not too difficult to implement.
Of course, you don't want to store the encryptor/decryptor with the passwords in them (since this would negate your security)

Well, you could add BIOS encryption, that's pretty easy. Just go into your Computers BIOS setup and add it there.

And for flash drives, you can password protect them with U3, I know that. Or do what was said above and use folder encryption too.

Lolwut? The only way to get the information is to run a program that scans every single memory address -- which must be run as root -- and will take a long time.



Memory addresses don't actually come into at all because the data is stored on disk and can be read raw, and will remain on the disk until it is overwritten. If you need further clarification on the very real risks of unencrypted data being read from swap space, Google is your friend :) I never said it would be easy to do, but it is definitely possible and is a security vulnerability, and I think therefore worth mentioning.


Most of the time, you don't give other people your email password anyways ;)


I wasn't talking about handing out your email password. I was referring to other mail encryption applications which require a password to be communicated to the recipient, since the encryption is based on a single password in those cases rather than public/private key pairs used by PGP. So PGP is preferable to those applications because no passwords need to be sent to the recipient, which therefore avoids the potential risk of having such a password being intercepted. Sorry if I wasn't clear enough on that ;)

Running Ubuntu I can easily encrypt my flashdrives, CD-WRs, Hardrives and about any other thing that I can partition. All I have to do is change the Encryption setting to true and enter the password I want to use. I do know mac has a program with a simular name to Partition editor.

One way to encrypt you emails is to make a self encoding program that encodes and decodes text, I can easily make a java based encrypter on ubuntu then combile into a .exe but that kind of script causes serious lag for my computer to show in block form (I write in text form then converge over to the visual form that scratch uses. the site for that is scratch.mit.edu

Please don't double post. Use the Edit button if you have something to add. ~TheMatrix

Memory addresses don't actually come into at all because the data is stored on disk and can be read raw, and will remain on the disk until it is overwritten. If you need further clarification on the very real risks of unencrypted data being read from swap space, Google is your friend :) I never said it would be easy to do, but it is definitely possible and is a security vulnerability, and I think therefore worth mentioning.


If you're doing a full disk encryption you wouldn't have anything un-encrypted except for RAM (I assume this is where thematrix pulled memory addresses from). Which you can extract data from (cold boot attacks) but it's nearly impossible if the computer has been shut off for more than a few seconds. If you mean you just copied a file to an unencrypted USB and deleted it normally then yes, the file is still there until overwritten. But really, if you're going through the trouble of doing full disk encryption, you'd probably mount all un-encrypted disks as read-only to avoid that problem.

I agree and know exactly what you're talking about with the PGP public/private keys though. Use them personally.

Still doable, and there do exist programs which do roughly this. I don't know how Linux/MSWin clears swap but that could exist between boots on the disk if the system is not properly shut down, yes?
??? How does this protect swap data?
You would have to find out which file belongs to which program. Often times, the filesystem is not ext4 or ext3(or FAT, FAT32, etc) -- rather it is a swap filesystem, which of course stores data differently.
I don't do direct interaction with swap space, as that is the job of the operating system, so I don't know about storage in the swap partition.

Of course, you don't want to store the encryptor/decryptor with the passwords in them (since this would negate your security)
It was kind of implied that you get the password from user input.

Well, you could add BIOS encryption, that's pretty easy. Just go into your Computers BIOS setup and add it there.
All that does [in most cases] is prevent that computer from starting. The disk can still be removed, unless you have the BIOS encrypt it for you.

Memory addresses don't actually come into at all because the data is stored on disk and can be read raw, and will remain on the disk until it is overwritten. If you need further clarification on the very real risks of unencrypted data being read from swap space, Google is your friend :) I never said it would be easy to do, but it is definitely possible and is a security vulnerability, and I think therefore worth mentioning.
If what you say is true, then a malicious person would have to cut power to a building(thereby also raising other people's attention), and then steal the disks. If it were as easy as you make it seem, then it would happen daily. It requires root access anyways, which you usually grant programs that don't need it ;)

I wasn't talking about handing out your email password. I was referring to other mail encryption applications which require a password to be communicated to the recipient, since the encryption is based on a single password in those cases rather than public/private key pairs used by PGP. So PGP is preferable to those applications because no passwords need to be sent to the recipient, which therefore avoids the potential risk of having such a password being intercepted. Sorry if I wasn't clear enough on that ;)
Keys are a sort of password.

Running Ubuntu I can easily encrypt my flashdrives, CD-WRs, Hardrives and about any other thing that I can partition. All I have to do is change the Encryption setting to true and enter the password I want to use. I do know mac has a program with a simular name to Partition editor.
Oh, many distros come with their own utilities. SUSE has it, although I never bother to use it. Most of the data I send isn't so important that it requires encryption. It can be useful, though.

One way to encrypt you emails is to make a self encoding program that encodes and decodes text, I can easily make a java based encrypter on ubuntu then combile into a .exe but that kind of script causes serious lag for my computer to show in block form (I write in text form then converge over to the visual form that scratch uses. the site for that is scratch.mit.edu
Cool. That's very nice. You've seen mine. A Curses interface isn't too hard to add.

If what you say is true, then a malicious person would have to cut power to a building(thereby also raising other people's attention), and then steal the disks. If it were as easy as you make it seem, then it would happen daily. It requires root access anyways, which you usually grant programs that don't need it ;)


Not really sure what the point of this is, because if someone removed the hard drive and plugged it into another machine, this could still be done and my point is still 100% valid. And by saying this:


All that does [in most cases] is prevent that computer from starting. The disk can still be removed, unless you have the BIOS encrypt it for you.


... you have just proved that removing hard drives is an option and that this defeats the purpose unless the entire drive is encrypted.

Since you quite rightly state that the drive can be removed (and plugged into another computer), this also makes the point of root access null and void, since they would presumably have root access on whichever computer they connect it to anyway. Cutting power has nothing to do with it, especially if its a laptop that could easily be stolen. And if it isn't, while its a far stretch of the imagination (hint of sarcasm there) they could just turn off the computer without killing power to the whole building, yes? The whole point of using encryption is to protect your data, which immediately implies that the person wanting to do so is at least a little paranoid and suspects that someone might be accessing their data - in which case, none of this is far fetched and I'm totally failing to see the point of your argument, other than um... just to argue :)


Keys are a sort of password.


Not really since keys are randomly generated and it is very possible and easy to have a key pair that does not include a pass phrase (commonly done with SSH keys which work on exactly the same principles). However, that's besides the point anyway since with PGP you would only distribute the public key (not the private) so who care's if its intercepted? That's the whole beauty of the PGP implementation. All they would be able to do by intercepting the public key is encrypt a message to YOU that ONLY YOU can decrypt with the private key. Clearly very different from the other apps I mentioned that would require sharing of an actual password.

Anyhow, I'm tired of this pointless "debate" and still stand by everything I said, since it hasn't been disproved at all, so I'm done replying. Readers and OP can Google it themselves to find the elusive truth, since I'm clearly making this all up just to look intelligent :lol:

The disk can still be removed, unless you have the BIOS encrypt it for you.


Ya, that's what I meant :)

I'm clearly making this all up just to look intelligent

lmao.... ok whoever gave me a minus rep for this, I wasn't making it up.... its called sarcasm (saying one thing and meaning another thing just to make a point). I give up... I just shouldn't try to help anybody :lol:

Hahahaha I just can't get over this. Made my day. :)