Skip the navigation

Review: 3 encryption apps keep your data safe

Mobile computing means the possibility of loss or theft. These 3 apps keep your data safe and secret.

By Frank Ohlhorst
February 9, 2010 06:00 AM ET

Computerworld - Laptop computers have become mobile stores of massive amounts of information. Add to that the proliferation of removable hard drives, and it becomes crystal clear how much sensitive data is on the move in the world, most of it woefully underprotected.

Many users have tried to safeguard their data with system passwords or other mechanisms. But the cold hard truth is that those protection schemes give a false sense of security. Windows desktop passwords are easily defeated with third-party boot-up tools, which provide access to any file on a drive partition, while other tools exist that can crack passwords on most applications.

A better alternative is to protect the contents of a storage device using a reliable encryption utility, making it almost impossible for a third party to access your data files. There are several ways to do this — some utilities will encrypt single data files, while others may encrypt directories or archives, and a few will encrypt a complete drive partition.

What you choose to encrypt is only part of the story, though. How the data is encrypted is just as important.

There are several levels of encryption available, and the major difference them is the complexity of the encryption. Simply put, the more complicated the encryption scheme, the more secure your data will be. However, before selecting the most complex, most secure encryption scheme available, you should take into account another factor — the processing power needed to encrypt or decrypt the data. More complexity means more security, but it also equals more demands on hardware.

Until recently, an inexpensive, easy-to-use, reliable drive-encryption utility was hard to come by. Either the tools available were too complex or expensive to be used by a nontechnical individual, or they impacted performance so severely that the PC slowed to a crawl. Luckily, much has changed over the last few years, and many new and improved products have come to market.

In this roundup, I've looked at three encryption packages: Microsoft's BitLocker, PGP Corp.'s Whole Disk Encryption, and TrueCrypt from the TrueCrypt Developers Association.

BitLocker is the easiest to obtain, at least for Windows users — it's included with the Enterprise and Ultimate versions of Windows Vista and Windows 7. TrueCrypt is an open-source freeware application that is used by several universities and nonprofit agencies. For users looking for an affordable third-party encryption product that includes support from a leading vendor, Whole Disk Encryption (at $149 per seat) is a top contender.

I installed each product on a Lenovo T61p notebook computer and a Toshiba Portege R600 ultralight notebook. I used a Fujitsu M2010 netbook to read the encrypted storage devices and encrypted files. All three systems were running Windows 7 Ultimate Edition.

I also tested each encryption product with a few Corsair USB drives of varying sizes and a 60GB external Verbatim USB hard drive.

Types of encryption

The two leading types of encryption are private key (also called symmetric key) cryptography and public key cryptography. In private key, a single key is used for both encryption and decryption. Private key algorithms are generally very fast and easily implemented in hardware, so they are commonly used for bulk data encryption.

Public key cryptography involves the use of two distinct but mathematically related keys: a public key and a private key. The public key is not secret and can be shared with anyone; it is used to encrypt data meant for the holder of the private key. The private key (or secret key) is used to decrypt any data encrypted by the public key. Public key cryptography is primarily used for e-mail messages, file attachments, digital signatures and other transaction-related processes.

Most file, directory and partition encryption products rely on private key scenarios, encrypting data files using a single secret key, which only the owner of the data knows. There are two general categories of private key algorithms: stream ciphers and block ciphers.

A stream cipher encrypts each byte of the data stream individually. Stream ciphers are commonly used for wireless communications. For example, A5, the algorithm used to encrypt GSM communications, is a stream cipher. The RC4 cipher and the one-time pad (OTP) are also stream ciphers.

On the other hand, block ciphers encrypt one block of data at a time and are used more often for data encryption. There are several block ciphers used today, all with variations in their approach, such as DES, AES, RSA and Diffie-Hellman.

Many encryption products that use block cipher encryption can integrate with a PC's Trusted Platform Module (TPM). TPM is a published specification detailing a secure crypto-processor that can store cryptographic keys that protect information. A TPM chip handles the secure generation of cryptographic keys using a hardware pseudo-random number generator. TPM also includes capabilities such as remote attestation (which creates a nearly unforgeable hash key summary of the hardware and software configuration) and sealed storage.

Our Commenting Policies