There are lots of options out there for protecting your data against prying eyes. Recently getting news coverage is Microsoft's Private Folder application, a freeware and unsupported add-on. If you are using Windows XP Pro (not Home... sorry, MS doesn't think you need this feature) you can use the built-in encrypted folders feature. The most powerful and universal solution I've found is TrueCrypt, which is open-source freeware.
Use of data encryption is especially critical for laptops. Even if the computer is never used in public or while traveling, its mobility makes it an easy target for theft in home and business environments. Laptops sometimes grow legs and "walk off"; all of a sudden you've lost control of your trade secrets, personal information, private documents, and/or financial information. The same argument can be made for data stored on USB memory sticks and external hard drives; they are so portable that theft of the physical device cannot easily be discounted. Desktop computers aren't as easy to carry away, but one must be aware of the threat of malware that can give out your personal information or even full control of your computer.
The key advantage to XP Pro's encrypted folders is that it's part of the OS so that it can be shared over a network with read-write access to all participants. TrueCrypt supports read-write sharing to a single user, or read-only access to unlimited users. Beyond this one point, TrueCrypt is far superior.
TrueCrypt:
- Data is encrypted using the user's choice of encryption methods, including the government standard AES encryption, which is approved for protecting Top Secret data.
- Files can be stored within either an encrypted file-volume, partition-volume, or within unpartitioned space on a drive.
- In any configuration, contiguous unused space within the encrypted outer volume can be used to hold a separately encrypted inner volume. Inner volumes can contain their own inner volume(s) in a cascading fashion. If the inner volume is set up as a hidden volume, it is impossible to prove it even exists, let alone determine what is in it without its independent password.
- A USB memory stick can be used as a physical key. Store a "keyfile" on the device that is required for decrypting the secured files on your hard drive. (Keep a secure backup of that keyfile! If you lose it, you can't retrieve your data; it's just like forgetting your password.) Using a keyfile keeps your data secure in case someone installs a keylogger on your computer and figures out your password. Only with both the password and the keyfile can the data be accessed. Use of a keyfile is optional when setting up the encrypted volume; by default only a password is needed.
- A USB memory stick can hold encrypted data, both in the file system or in the unpartitioned space. After all, a USB drive can behave just like a hard drive.
Because the US (and other countries) requires the surrender of passwords to encrypted data in a court of law, all single-tier encrypted volumes are not entirely safe. Using cascaded encrypted volumes allows one to surrender the password to the outer volume, but not admit to the existence of any inner volume(s). When set up properly, there is no means to statistically prove that an inner volume exists, as it can be designed to be invisible and appear as unused space of the outer volume. That is probably the most powerful feature of TrueCrypt. Not only can the data be encrypted, but the fact that the data even exists can be hidden.
For "normal" users like myself, setting up an inner volume and taking care to never damage it by writing to the outer volume without protecting the hidden inner volume (Oops, you just overwrote a few sectors of your hidden important data, thereby corrupting the entire hidden inner volume) is probably not worth the extra effort. Sticking to a single-tier volume is a lot safer for every-day use, but doesn't provide data security in a court of law.
As with all data, it's important to keep backups. This is doubly so with encrypted data. In the case of TrueCrypt, if the volume header is corrupted, all data within the volume is irretrievable. It's comparable to a hard drive failure. The best solution is to backup the entire encrypted volume, which backs up the encrypted files and the encryption volume header (necessary to decrypt any of the data). If that isn't possible (I'm not sure why you'd put yourself in this situation), it is possible to execute a "backup volume header" in TrueCrypt to protect the ability to decrypt the data... but the data itself isn't backed up.
No matter which solution you think is best for you, it's a good idea to use *some* method to encrypt any information you wouldn't want some stranger to have. And while you're at it, make sure you do regular backups, or even use an automated backup solution.
&Keywords=encryption&BANNER_STYLE=1&FOOTER_GRADIENT=0)
As with most religions, one has to expect a certain amount of disagreement. And if you post an email address, you're going to get hatemail.
A 