Safety 

Data encryption methods - web programmer blog. Features of working with an encrypted disk. Disk encryption with third-party software

These days we constantly deal with information. Thanks to development information technologies, now work, creativity, and entertainment have largely become processes for processing or consuming information. And among this huge amount of information, some of the data should not be publicly available. Examples of such information include files and data associated with business activities; private archives.

Some of this data is not intended for the general public simply because “they don’t need to know about it”; and some information is vital.

This article is devoted to the reliable protection of vital information, as well as any files that you want to protect from access by others, even if your computer or storage media (flash drive, hard drive) falls into the hands of unauthorized persons, including those who are technically advanced and have access to powerful computing resources.

Why you shouldn't trust closed-source encryption software

In programs with closed source code“bookmarks” can be introduced (and don’t hope that they are not there!) and the ability to open encrypted files using a master key. Those. you can use any, even the most complex password, but your encrypted file can still be opened with ease, without brute-forcing passwords, using a “bookmark” or the owner of the master key. Manufacturing company size software for encryption and the name of the country does not play a role in this matter, since this is part of the state policy of many countries. After all, we are surrounded by terrorists and drug dealers all the time (what can we do?).

Those. Truly strong encryption can be achieved by properly using popular open source software and a crack-proof encryption algorithm.

Is it worth switching from TrueCrypt to VeraCrypt?

The reference program that has been providing very secure file encryption for many years is TrueCrypt. This program still works great. Unfortunately, development of the program has currently been discontinued.

Its best successor was the VeraCrypt program.

VeraCrypt is a free disk encryption software based on TrueCrypt 7.1a.

VeraCrypt continues the best traditions of TrueCrypt, but adds enhanced security to the algorithms used to encrypt systems and partitions, making your encrypted files immune to new advances in brute-force attacks.

VeraCrypt has also fixed many of the vulnerabilities and security issues found in TrueCrypt. It can work with TrueCrypt volumes and offers the ability to convert TrueCrypt containers and non-system partitions to the VeraCrypt format.

This improved security only adds some latency to opening encrypted partitions, without any performance impact during the encrypted drive phase. For a legitimate user this is an almost imperceptible inconvenience, but for an attacker it becomes almost impossible to gain access to encrypted data, despite the presence of any computing power.

This can be clearly demonstrated by the following benchmarks for cracking (brute force) passwords in Hashcat:

For TrueCrypt:

Hashtype: TrueCrypt PBKDF2-HMAC-RipeMD160 + XTS 512 bit Speed.Dev.#1.: 21957 H/s (96.78ms) Speed.Dev.#2.: 1175 H/s (99.79ms) Speed.Dev.#* .: 23131 H/s Hashtype: TrueCrypt PBKDF2-HMAC-SHA512 + XTS 512 bit Speed.Dev.#1.: 9222 H/s (74.13ms) Speed.Dev.#2.: 4556 H/s (95.92ms) Speed.Dev.#*.: 13778 H/s Hashtype: TrueCrypt PBKDF2-HMAC-Whirlpool + XTS 512 bit Speed.Dev.#1.: 2429 H/s (95.69ms) Speed.Dev.#2.: 891 H /s (98.61ms) Speed.Dev.#*.: 3321 H/s Hashtype: TrueCrypt PBKDF2-HMAC-RipeMD160 + XTS 512 bit + boot-mode Speed.Dev.#1.: 43273 H/s (95.60ms) Speed.Dev.#2.: 2330 H/s (95.97ms) Speed.Dev.#*.: 45603 H/s

For VeraCrypt:

Hashtype: VeraCrypt PBKDF2-HMAC-RipeMD160 + XTS 512 bit Speed.Dev.#1.: 68 H/s (97.63ms) Speed.Dev.#2.: 3 H/s (100.62ms) Speed.Dev.#* .: 71 H/s Hashtype: VeraCrypt PBKDF2-HMAC-SHA512 + XTS 512 bit Speed.Dev.#1.: 26 H/s (87.81ms) Speed.Dev.#2.: 9 H/s (98.83ms) Speed.Dev.#*.: 35 H/s Hashtype: VeraCrypt PBKDF2-HMAC-Whirlpool + XTS 512 bit Speed.Dev.#1.: 3 H/s (57.73ms) Speed.Dev.#2.: 2 H /s (94.90ms) Speed.Dev.#*.: 5 H/s Hashtype: VeraCrypt PBKDF2-HMAC-RipeMD160 + XTS 512 bit + boot-mode Speed.Dev.#1.: 154 H/s (93.62ms) Speed.Dev.#2.: 7 H/s (96.56ms) Speed.Dev.#*.: 161 H/s Hashtype: VeraCrypt PBKDF2-HMAC-SHA256 + XTS 512 bit Speed.Dev.#1.: 118 H /s (94.25ms) Speed.Dev.#2.: 5 H/s (95.50ms) Speed.Dev.#*.: 123 H/s Hashtype: VeraCrypt PBKDF2-HMAC-SHA256 + XTS 512 bit + boot-mode Speed.Dev.#1.: 306 H/s (94.26ms) Speed.Dev.#2.: 13 H/s (96.99ms) Speed.Dev.#*.: 319 H/s

As you can see, cracking encrypted VeraCrypt containers is several orders of magnitude more difficult than TrueCrypt containers (which are also not at all easy).

I published the full benchmark and description of the hardware in the article “”.

The second important issue is reliability. Nobody wants especially valuable and important files and the information was lost due to a program error. I knew about VeraCrypt as soon as it appeared. I followed her development and constantly looked closely at her. Over the past year I have completely switched from TrueCrypt to VeraCrypt. Over the course of a year of daily use, VeraCrypt has never let me down.

Thus, in my opinion, it is now worth switching from TrueCrypt to VeraCrypt.

How VeraCrypt works

VeraCrypt creates a special file called a container. This container is encrypted and can only be connected if the correct password is entered. After entering the password, the container is displayed as an additional disk (like an inserted flash drive). Any files placed on this disk (i.e., in the container) are encrypted. As long as the container is connected, you can freely copy, delete, write new files, and open them. Once a container is disconnected, all files on it become completely inaccessible until it is connected again, i.e. until the password is entered.

Working with files in an encrypted container is no different from working with files on any other drive.

When opening a file or writing it to a container, there is no need to wait for decryption - everything happens very quickly, as if you were really working with a regular disk.

How to Install VeraCrypt on Windows

There was a half-spy story with TrueCrypt - sites were created to “download TrueCrypt”, on them the binary file (well, of course!) was infected with a virus/Trojan. Those who downloaded TrueCrypt from these unofficial sites infected their computers, allowing attackers to steal personal information and facilitate the spread of malware.

In fact, all programs should be downloaded only from official websites. And this is even more true for programs that address security issues.

Official placements installation files VeraCrypt are:

Installing VeraCrypt on Windows

There is an installation wizard, so the installation process for VeraCrypt is similar to that of other programs. Is it possible to clarify a few points?

The VeraCrypt installer will offer two options:

  • Install(Install VeraCrypt on your system)
  • Extract(Extract. If you select this option, all files in this package will be extracted, but nothing will be installed on your system. Do not select this if you intend to encrypt the system partition or system drive. Selecting this option may be useful, for example, if you want to run VeraCrypt in the so-called portable mode. VeraCrypt does not require installation on the operating system in which it will run. After extracting all the files, you can directly run the extracted file "VeraCrypt.exe" (VeraCrypt will open in portable mode))

If you select the checked option, i.e. file association .hc, then this will add convenience. Because if you create a container with the .hc extension, then double click By this file VeraCrypt will start. But the downside is that third parties may know that .hc are encrypted VeraCrypt containers.

The program reminds you to donate:

If you are not short of money, of course, be sure to help the author of this program (he is alone) I would not want to lose him, like we lost the author of TrueCrypt...

VeraCrypt Instructions for Beginners

VeraCrypt has many different features and advanced features. But the most popular feature is file encryption. The following shows step by step how to encrypt one or more files.

Let's start by switching to Russian. Russian language is already built into VeraCrypt. You just need to turn it on. To do this in the menu Settings select Language…:

There, select Russian, after which the program language will immediately change.

As already mentioned, files are stored in encrypted containers (also called “volumes”). Those. you need to start by creating such a container; to do this, in the main interface of the program, click on the button “ Create Volume».

The VeraCrypt Volume Creation Wizard appears:

We are interested in the first option (“ Create an encrypted file container"), so we, without changing anything, press Further,

VeraCrypt has very interesting feature- the ability to create hidden volume. The point is that not one, but two containers are created in the file. Everyone knows that there is an encrypted partition, including possible ill-wishers. And if you are forced to give out your password, then it is difficult to say that “there is no encrypted disk.” While creating hidden section, two encrypted containers are created, which are located in the same file, but are opened with different passwords. Those. you can place files that look “sensitive” in one of the containers. And in the second container there are really important files. For your needs, you enter a password to open an important section. If it is impossible to refuse, you disclose the password from not very important disk. There is no way to prove that there is a second disk.

For many cases (hiding not very critical files from prying eyes) it will be enough to create a regular volume, so I just click Further.

Select file location:

The VeraCrypt volume can be located in a file (VeraCrypt container) on a hard drive, USB flash drive, etc. A VeraCrypt container is no different from any other regular file (for example, it can be moved or deleted like other files). Click the "File" button to specify the name and path to the container file to be created to store the new volume.

NOTE: If you select a file that already exists, VeraCrypt will NOT encrypt it; this file will be deleted and replaced with the newly created VeraCrypt container. You can encrypt existing files (later) by moving them to the VeraCrypt container you are creating now.

You can choose any file extension; this does not affect the operation of the encrypted volume in any way. If you select the extension .hc, and also if you associated VeraCrypt with this extension during installation, then double-clicking on this file will launch VeraCrypt.

The history of recently opened files allows you to quickly access these files. However, entries in your history like “H:\My offshore accounts of stolen dollars worth of dollars.doc” may raise doubts in the minds of outsiders about your integrity. To prevent files opened from an encrypted disk from going into history, check the box next to “ Don't save history».

Selecting encryption and hashing algorithms. If you are not sure what to choose, then leave the default values:

Enter the volume size and select units of measurement (kilobytes, megabytes, gigabytes, terabytes):

A very important step is setting a password for your encrypted disk:

Good password- it is very important. Avoid passwords with one or more words found in the dictionary (or combinations of 2, 3 or 4 such words). The password must not contain names or dates of birth. It should be difficult to guess. A good password is a random combination of upper and lower case letters, numbers and special characters (@ ^ = $ * + etc.).

Now you can again use Russian letters as passwords.

We help the program collect random data:

Note that here you can check the box to create a dynamic disk. Those. it will expand as it is filled with information.

As a result, I have created a test.hc file on my desktop:

If you created a file with the extension .hc, then you can double-click on it, the main program window will open, and the path to the container will already be inserted:

In any case, you can open VeraCrypt and select the path to the file manually (To do this, click the "File" button).

If the password is entered correctly, a new disk will appear in your system:

You can copy/move any files to it. You can also create folders there, copy files from there, delete them, etc.

To close the container from outsiders, press the button Unmount:

To regain access to your secret files, remount the encrypted drive.

Setting up VeraCrypt

VeraCrypt has quite a few settings that you can change for your convenience. I highly recommend checking the " Automatically unmount volumes when inactive for a period»:

And also set a hotkey for " Immediately unmount everything, clear the cache and exit»:

This can be very... VERY useful...

Portable version of VeraCrypt on Windows

As of version 1.22 (which is in beta at the time of writing), a portable option was added for Windows. If you read the installation section, you should remember that the program is already portable and allows you to simply extract your files. However, the standalone portable package has its own peculiarities: you need administrator rights to run the installer (even if you just want to unpack the archive), and the portable version can be unpacked without administrator rights - that's the only difference.

Official beta versions are only available. In the VeraCrypt Nightly Builds folder, the portable version file is VeraCrypt Portable 1.22-BETA4.exe.

The container file can be placed on a flash drive. You can copy it to the same flash drive portable version VeraCrypt - this will allow you to open an encrypted partition on any computer, including those without VeraCrypt installed. But be aware of the dangers of keystroke hijacking - an on-screen keyboard could probably help in this situation.

How to Use Encryption Software Properly

Some tips to help you keep your secrets better:

  1. Try to prevent unauthorized persons from accessing your computer, including not checking laptops in luggage at airports; if possible, send computers for repair without a system hard drive, etc.
  2. Use a complex password. Don't use the same password you use for mail etc.
  3. Don't forget your password! Otherwise, the data will be impossible to recover.
  4. Download all programs only from official sites.
  5. Use free programs or purchased (do not use hacked software). And also do not download or run dubious files, since all such programs, among other malicious elements, may have kilologgers (keystroke interceptors), which will allow an attacker to find out the password from your encrypted container.
  6. Sometimes, as a means of preventing keystrokes from being intercepted, it is recommended to use on-screen keyboard- I think this makes sense.

With CyberSafe you can encrypt not only separate files. The program allows you to encrypt an entire partition hard drive or all external drive(for example, a USB disk or flash drive). This article will show you how to encrypt and hide an encrypted partition of your hard drive from prying eyes.

Spies, paranoids and ordinary users

Who will benefit from the ability to encrypt partitions? Let's discard spies and paranoids right away. There are not so many of the former, and their need for data encryption is purely professional. The second one just wants to encrypt something, hide it, etc. Although no real threat no, and the encrypted data is of no interest to anyone, they encrypt it anyway. That is why we are interested in ordinary users, of whom, I hope, there will be more than paranoid spies.
A typical partition encryption scenario is sharing computer. There are two options for using the CyberSafe program: either each of the users working at the computer creates a virtual disk, or each one allocates a partition on the hard drive for storing personal files and encrypts it. About creation virtual disks has already been written, but in this article we will talk specifically about encrypting the entire section.
Let's say there is HDD 500 GB and there are three users who periodically work with the computer. Despite the fact that the NTFS file system still supports access rights and allows you to limit one user's access to another user's files, its protection is not enough. After all, one of these three users will have administrator rights and will be able to access the files of the remaining two users.
Therefore, the hard drive disk space can be divided as follows:
  • Approximately 200 GB - shared partition. This partition will also be the system partition. It will install the operating system, the program and store common files of all three users.
  • Three sections of ~100 GB each - I think 100 GB is enough to store each user’s personal files. Each of these sections will be encrypted, and only the user who encrypted this section will know the password to access the encrypted section. In this case, the administrator, no matter how much he or she wishes, will not be able to decrypt another user’s partition and gain access to his files. Yes, if desired, the administrator can format the partition and even delete it, but he will only be able to gain access if he tricks the user into getting his password. But I think this will not happen, so encrypting the partition is a much more effective measure than differentiating access rights using NTFS.

Partition encryption vs virtual encrypted disks

What is better - encrypting partitions or using encrypted virtual disks? Here everyone decides for himself, since each method has its own advantages and disadvantages. Partition encryption is as secure as virtual disk encryption and vice versa.
What is a virtual disk? Look at it as an archive with a password and a compression ratio of 0. Only the files inside this archive are encrypted much more securely than in a regular archive. A virtual disk is stored on your hard drive as a file. In the CyberSafe program, you need to open and mount the virtual disk and then you can work with it like a regular disk.
The advantage of a virtual disk is that it can be easily copied to another hard drive or flash drive (if the size allows). For example, you can create a 4 GB virtual disk (there are no restrictions on the size of a virtual disk, except for natural ones) and, if necessary, copy the virtual disk file to a flash drive or external hard drive. You won't be able to do this with an encrypted partition. You can also hide the virtual disk file.
Of course, if necessary, you can create an image of the encrypted disk - in case you want to make one backup copy or move it to another computer. But that's a different story. If you have a similar need, I recommend the Clonezilla program - it is already a reliable and proven solution. Transferring an encrypted partition to another computer is a more complex undertaking than transferring a virtual disk. If there is such a need, then it is easier to use virtual disks.
With partition encryption, the entire partition is physically encrypted. When mounting this partition, you will need to enter a password, after which you can work with the partition as usual, that is, read and write files.
Which method should I choose? If you can afford to encrypt the partition, then you can choose this method. It is also better to encrypt the entire section if the size of your secret documents quite big.
But there are situations when using the entire section is impossible or makes no sense. For example, you have only one partition (drive C:) on your hard drive and for one reason or another (no rights, for example, because the computer is not yours) you cannot or do not want to change its layout, then you need to use virtual disks. There is no point in encrypting the entire partition if the size of the documents (files) you need to encrypt is small - a few gigabytes. I think we’ve sorted this out, so it’s time to talk about which partitions (disks) can be encrypted.

Supported drive types

You can encrypt the following types of media:
  • Hard drive partitions formatted in FAT, FAT32 and NTFS file systems.
  • Flash drives, external USB drives excluding discs representing Cell phones, digital cameras and audio players.
Cannot encrypt:
  • CD/DVD-RW disks, floppy disks
  • Dynamic disks
  • System drive (from which Windows boots)
Starting with Windows XP, Windows supports dynamic disks. Dynamic disks allow you to combine multiple physical disks. hard drives(analogous to LVM in Windows). It is impossible to encrypt such disks with the program.

Features of working with an encrypted disk

Let's imagine that you have already encrypted a hard drive partition. To work with files on an encrypted partition, you need to mount it. When mounting, the program will ask you for the password to the encrypted disk that you specified when encrypting it. After working with an encrypted disk, you must immediately unmount it, otherwise the files will remain available to users who have physical access to your computer.
In other words, encryption only protects your files when the encrypted partition is unmounted. Once the partition is mounted, anyone with physical access to the computer can copy files from it to an unencrypted partition, USB drive, or external hard drive and the files will not be encrypted. So, when you are working with an encrypted drive, make it a habit to always unmount it every time you leave your computer, even for a short time! Once you have unmounted the encrypted drive, your files will be securely protected.
As for performance, it will be lower when working with an encrypted partition. How much lower depends on the capabilities of your computer, but the system will remain operational and you will just have to wait a little longer than usual (especially when you copy large files to the encrypted partition).

Getting ready for encryption

The first thing you need to do is get a UPS somewhere. If you have a laptop, everything is fine, but if you have a regular desktop computer and you want to encrypt a partition that already has files, then encryption will take certain time. If the power goes out during this time, you are guaranteed to lose data. Therefore, if a UPS that can withstand several hours battery life If you don't have one, I recommend doing the following:
  • Back up your data, for example on an external hard drive. Then you will have to get rid of this copy (it is advisable to wipe the free space with a utility like Piriform after deleting data from an unencrypted disk so that it is impossible to restore deleted files), since if it is present, there is no point in having an encrypted copy of the data.
  • You will transfer data to the encrypted disk from the copy after the disk is encrypted. Format the drive and encrypt it. Actually, you don’t need to format it separately - CyberSafe will do it for you, but more on that later.

If you have a laptop and are ready to continue without creating a backup copy of your data (I would recommend doing one just in case), be sure to check the disk for errors, at least standard utility Windows. Only after this you need to start encrypting the partition/disk.

Partition encryption: practice

So, theory without practice is meaningless, so let's start encrypting the partition/disk. Launch the CyberSafe program and go to the section Disk encryption, Encrypt partition(Fig. 1).


Rice. 1. List of partitions/disks of your computer

Select the partition you want to encrypt. If the button Create will be inactive, then this partition cannot be encrypted. For example, this could be a system partition or a dynamic disk. Also, you cannot encrypt multiple drives at the same time. If you need to encrypt several disks, then the encryption operation must be repeated one by one.
Click the button Create. Next a window will open Kripo Disk(Fig. 2). In it you need to enter a password that will be used to decrypt the disk when mounting it. When entering a password, check the case of characters (so that the key was not pressed Caps Lock) and layout. If there is no one behind you, you can turn on the switch Show password.


Rice. 2. Crypto Disk

From the list Encryption type you need to choose an algorithm - AES or GOST. Both algorithms are reliable, but government organizations It is customary to use only GOST. On your own computer or in a commercial organization, you are free to use any of the algorithms.
If there is information on the disk and you want to save it, turn on the switch. Please note that in this case the disk encryption time will increase significantly. On the other hand, if the encrypted files are, say, on an external hard drive, then you will still have to copy them to the encrypted drive to encrypt them, and copying with on-the-fly encryption will also take some time. If you haven't backed up your data, be sure to check the Enable radio button Save file structure and data, otherwise you will lose all your data.
Other parameters in the window Crypto Disk can be left as default. Namely, the entire available size of the device will be used and quick formatting V file system NTFS. To start encryption, click the button Accept. The progress of the encryption process will be displayed in the main program window.


Rice. 3. Progress of the encryption process

Once the disk is encrypted, you will see its status - encrypted, hidden(Fig. 4). This means that your drive has been encrypted and hidden - it will not show up in Explorer and other high-level file managers, but it will be seen by programs for working with the partition table. There is no need to hope that since the disk is hidden, no one will find it. All hidden by the program the drives will be displayed in the snap-in Disk Management(see Fig. 5) and other programs for disk partitioning. Please note that in this snap-in, the encrypted partition is displayed as a partition with a RAW file system, that is, without a file system at all. This is a normal phenomenon - after encryption Windows partition cannot determine its type. However, hiding a partition is necessary for completely different reasons, and then you will understand exactly why.


Rice. 4. Disk status: encrypted, hidden. Partition E: not visible in Explorer


Rice. 5. Disk Management snap-in

Now let's mount the partition. Select it and click the button Resurrection to make the partition visible again (the disk state will be changed to just " encrypted"). Windows will see this partition, but since it cannot recognize its file system type, it will offer to format it (Fig. 6). This should not be done under any circumstances, since you will lose all data. This is why the program hides encrypted drives - after all, if you are not the only one working on the computer, another user can format a supposedly unreadable partition of the disk.


Rice. 6. Suggestion to format the encrypted partition

Of course, we refuse formatting and press the button Montirov. in the main CyberSafe program window. Next, you will need to select the drive letter through which you will access the encrypted partition (Fig. 7).


Rice. 7. Selecting a drive letter

After this, the program will ask you to enter the password necessary to decrypt your data (Fig. 8). The decrypted partition (disk) will appear in the area Connected decrypted devices(Fig. 9).


Rice. 8. Password for decrypting the partition


Rice. 9. Connected decrypted devices

After this, you can work with the decrypted disk as with a regular one. In Explorer, only drive Z: will be displayed - this is the letter I assigned to the decrypted drive. The encrypted E: drive will not be displayed.


Rice. 10. Explorer - viewing computer disks

Now you can open the mounted disk and copy all the secret files to it (just don’t forget to delete them from the original source and wipe out the free space on it).
When you need to finish working with our section, then or click the button Dismantler., and then the button Hide or simply close the CyberSafe window. As for me, it’s easier to close the program window. It’s clear that you don’t need to close the program window during the operation of copying/moving files. Nothing terrible or irreparable will happen, just some of the files will not be copied to your encrypted disk.

About performance

It is clear that the performance of an encrypted disk will be lower than that of a regular one. But how much? In Fig. 11 I copied my user profile folder (where there are many small files) from the C: drive to the encrypted Z: drive. The copy speed is shown in Fig. 11 - approximately at the level of 1.3 MB/s. This means that 1 GB of small files will be copied in approximately 787 seconds, that is, 13 minutes. If you copy the same folder to an unencrypted partition, the speed will be approximately 1.9 MB/s (Fig. 12). At the end of the copy operation, the speed increased to 2.46 MB/s, but very few files were copied at this speed, so we believe that the speed was 1.9 MB/s, which is 30% faster. The same 1 GB of small files in our case will be copied in 538 seconds or almost 9 minutes.


Rice. 11. Speed ​​of copying small files from an unencrypted partition to an encrypted one


Rice. 12. Speed ​​of copying small files between two unencrypted partitions

As for large files, you won't feel any difference. In Fig. Figure 13 shows the speed of copying a large file (400 MB video file) from one unencrypted partition to another. As you can see, the speed was 11.6 MB/s. And in Fig. Figure 14 shows the speed of copying the same file from a regular partition to an encrypted one and it was 11.1 MB/s. The difference is small and is within the error limit (the speed still changes slightly as the copy operation progresses). Just for fun, I’ll tell you the speed of copying the same file from a flash drive (not USB 3.0) to a hard drive - about 8 MB/s (there is no screenshot, but trust me).


Rice. 13. Large file copying speed


Rice. 14. Speed ​​of copying a large file to an encrypted partition

This test isn't entirely accurate, but it can still give you some idea of ​​performance.
That's all. I also recommend that you read the article

I would like to start a small series of articles dedicated to computer security. For now, I will not talk about how to put a password on a folder or file, but I will talk about encrypting data so that people from outside cannot get to it. Of course, you can bypass any protection, but not everyone can do this. IN this material I'll look at a couple of ways using third-party software. Surely much of this will be familiar to you. Here we go!

How to encrypt a file or folder on a computer?

Using an archiver (WinRAR/7-Zip)

Encrypting data using an archiver is easy. You will not need to encrypt files separately each time; everything can be stored in one archive. If the data is important to you, but you rarely use it, you can archive it and set a password.

I'll show you how to do this with an example. Select a file or several files and click right click mice one at a time. Next, point the mouse at the 7-Zip item and in the submenu that appears, select "Add to archive".

Next, you configure the settings as needed. The main section in this window is “Encryption”. Enter the password twice, preferably a complex one, and select the encryption type. Then click OK. When opening the archive, you will be prompted to enter a password.

There are many encryption software available. Similar to them is TrueCrypt. The peculiarity is that it encrypts not only individual files, but also entire partitions or USB flash drives.

Don’t worry that when you open an encrypted disk, the files will not be available to you right away, because it happens that the files are decrypted gradually, and even slowly. In this case, the information will be available to you immediately after entering the key.

Note that the main factor in encryption with this program is the password, which must have at least 20 characters.

I will analyze the use of the program more fully.


A similar utility that can encrypt any data. The procedure takes place in a couple of clicks, so you can protect files that the user works with daily.

AxCrypt also has a Portable version, which you can put on a flash drive and use on any computer.

The program is quite easy to work with. After installation, you will see in the context menu (when you right-click on the file) the addition of the AxCrypt item, and to encrypt the data just click on the item "Encrypt". After this, you need to enter the password twice.

You can also use this utility to delete files; they will no longer be recoverable. To do this, select « "Shred and Delete". Sometimes this action can also be important.

Any user has confidential information on their computer, and, naturally, no one wants it to become available to other users who also have access to this computer. A similar situation can arise at home, when, for example, it is necessary to protect a child from unnecessary information, and at work, where even if each user has his own computer, situations are possible when he has to let another employee use his computer. In both cases, you absolutely don’t want to show your work materials to strangers, and not at all because they are classified as “top secret.” Everything is much simpler - everyone has the right to privacy. There is also a more serious side to the issue. Can you always safely entrust your materials to anyone? Most likely not - after all, you can never be sure that your files and folders will not suddenly be deleted or changed by pure chance by an unprepared user. At the same time, by blocking access to information, you can be sure that nothing will happen to your documents due to the fault of another user. In addition, you should not discount the fact that if your materials are of some commercial value, then it is quite possible that they will want to use them. Moreover, all this applies not only to information stored on the hard drive, but also to that located on the laptop or on some removable media, the possibility of unauthorized access to which is even higher - after all, any of these devices can be lost or stolen. So protect sensitive data stored on mobile devices, no less relevant.

Ways to protect data from unauthorized access

There are several options for solving these problems: you can compress folders and files in a password-protected archive, or hide and place them in a secret folder, access to which for other users will be blocked with a password, or encrypt them, or create a virtual encrypted disk on which to write your secret materials. The choice of the most preferable method depends on the specific situation.

Password archiving is only suitable for protecting rarely used files and folders because this method not very convenient for the user himself, because to work with archived data they will have to be unzipped each time. In addition, the reliability of this protection option directly depends on the attentiveness of the user (he needs to constantly remember that each time at the end of work he must again archive the data and delete the source files), on the type of archiver (different archivers support data encryption methods with different levels of reliability), as well as the password itself. The last point is very relevant, since choosing a short or trivial password can negate all the user’s efforts to protect data.

Another simple and affordable way to protect your personal folders and files from prying eyes is to hide them. This can be done either using built-in Windows tools or using specialized solutions. Hiding files and folders using OS tools is done by marking the corresponding objects as hidden, which is implemented through their properties (Fig. 1). Folders and files hidden in this way will not be visible in Explorer to other system users, but only if the user has the “Do not show” checkbox enabled. hidden files and folders" (Fig. 2). In principle, this may be quite enough to protect your data from the most unprepared audience. However, it is worth keeping in mind that objects hidden in this way will be perfectly visible in other applications, such as FAR, Total Commander etc., which do not use a standard dialog to display files and folders. Therefore, such protection cannot be considered reliable.

Rice. 1. Setting a ban on displaying hidden
objects in Windows

To hidden folders were not visible when you disabled the “Do not show hidden files and folders” checkbox, you must use solutions specifically designed for this. With their help, you can ensure that protected data is truly not visible to other users. Such solutions are mostly affordable and very easy to use, and therefore are quite suitable for most users. True, two points must be taken into account here. First, some solutions of this class provide data hiding only during normal OS loading, but when booting Windows V safe mode(SafeMode) hidden folders will be visible. This can be explained very simply: in a safe Windows mode loads only the drivers necessary for the system to operate, and skips all additional ones (including those responsible for hiding data), which leads to a similar result. Secondly, quite often (but not always) data hidden in this way can be seen by logging into the system as an administrator. Therefore, when choosing a solution for hiding data, you should give preference to those in which such situations are excluded. At the same time, it should be noted that hiding data even in the best of such solutions does not ensure it complete safety, since there are always options to bypass this type of protection - for example, booting the PC in another operating system (if there are several of them installed on the computer) or loading another OS from a CD-ROM. A similar situation is possible when removing the HDD and connecting it to another computer.

Rice. 2. Enable the “Do not show hidden” checkbox
files and folders"

A more reliable option for protecting data is encryption, when the protected information is converted using special encryption algorithms, after which it can only be read with a password (in some solutions, a USB key). Perhaps this is both through the built-in Windows tools, and using solutions from third-party developers. For this purpose, Windows OS provides an encrypted file EFS system(Encrypting File System), allowing the user to encrypt files by simply turning on the “Encrypt contents to protect data” option for them in Explorer (Properties => General => Advanced) - fig. 3. After this, the owner of the files can safely continue working with them, since absolutely nothing will change for him - the encrypted files will be displayed in folders almost the same (though in a different color). But any user who logs in under a different account, will no longer gain access to protected data. However, EFS allows you to protect folders and files only in the file NTFS system, and protected files will be clearly visible to other users (although inaccessible), which, of course, is undesirable. Of course, you can hide them using the built-in Windows capabilities, but we have already talked about the disadvantages of this method.

Rice. 3. Setting up file encryption in Windows

It is much more convenient to use one of the specialized solutions for data encryption. There are several types of such programs: some are designed to encrypt files, others allow you to encrypt both files and folders (and sometimes even entire disks), and others are focused strictly on creating protected disks or partitions. However, such applications, as a rule, provide data protection from all users, including the administrator, even when Windows boots in safe mode. And some protect data even if booted in another operating system and on another computer (if you first install a hard drive with protected information on it). If desired, among such solutions you can find those that are designed for a wide range of users - we will focus on them.

Rules to follow when protecting data

Hiding operations, and even more so encryption, are dangerous because due to the user’s carelessness, a situation may arise where even he himself will not be able to access the data. In addition, there may be problems with the operation of the OS and/or applications. Therefore, the use of such solutions should be taken extremely seriously and a number of important rules should be observed:

  1. Without a password (or USB key), it is impossible to access encrypted data. And forgetting a password is as easy as shelling pears, because trivial (that is, those that are easy to remember) passwords cannot be used due to their unreliability. And there are plenty of opportunities to lose a USB key - it can be stolen, it can be lost, USB drive flash may fail. Therefore, you need to foresee such a situation in advance and have a copy of the password (USB key) stored in a place inaccessible to other users.
  2. When uninstalling software that was once used on the computer to hide/encrypt data, the protection will not be disabled, and therefore it will not be possible to access the protected data after uninstallation. Therefore, before uninstalling such an application, you must disable protection directly in the application itself.
  3. Should not be blocked or encrypted system files and application files, as this will make it impossible normal operation behind the computer, and if the partition with the operating system is encrypted, it will not even allow it to be loaded.

Disk and partition encryption solutions

Solutions for encrypting disks and partitions are indispensable if you want to not only hide some of your document folders, but also completely protect your working disks from other users, so that the latter cannot access the data even by connecting the disk to another computer. There are many applications of this kind on the market - we will look at the Russian-language packages Cryptic Disk, Disk Password Protection and Rohos Disk. The first two are focused on protecting physical disks or the partitions on them. At the same time, Cryptic Disk is somewhat more expensive, but with its help you can organize access to protected disks/partitions for many users, granting them various privileges (Table 1). The second is attractive in price and, in addition to protecting partitions, allows you to install low-level protection for hard drives. The third does not protect the entire disk, but creates one or more protected virtual disks on it (available when connected to the system as logical ones), allows you to use a USB key instead of a password, and has special protection tools USB flash drive.

Cryptic Disk 2.4.9

Developer: EXLADE, Inc.

Distribution size: 2.35 MB

Work under control: Windows 2000/XP/2003/Vista

Distribution method: shareware (demo version that does not allow you to change the demo password - http://www.exlade.ru/download/crdisksetup.zip)

Price:$49.95 (for Russian-speaking users: home license - 990 rubles, business license - 1290 rubles)

Cryptic Disk is a convenient solution for preventing unauthorized access to data by placing it on encrypted disks or in encrypted sections of regular (that is, unencrypted) disks. All types of drives are supported: regular and dynamic hard disks, USB External HDD, Flash Drive, Flash Card, etc.

Encrypted disks/partitions are invisible in the system, and to access the data located on them, the disks/partitions must be connected by specifying a password (Fig. 4). After this, they will be displayed in the system as logical drives, and the data located on them can be worked with in the usual way. Access is closed manually or automatically upon completion of the user session. If in progress automatic shutdown encrypted disk, it will be discovered that it contains open files, then it will not be disabled, which will prevent the loss of unsaved data (only if the corresponding checkbox is enabled in the program settings). There is a function to automatically connect all encrypted disks/partitions at once - this is convenient, as it allows you to specify a password only once (and not multiple times, which would be required when opening each specific disk/partition in turn). Without knowing the password, it is impossible to access the data (even by installing the disk on another computer). If the password is known, then using the information from the encrypted disk on another computer will not be difficult - just install the Cryptic Disk program on it and connect the disk in the usual way. The password can be saved in a file (both when creating an encrypted disk/partition, and later) - this will avoid a situation where access to the disk becomes impossible due to loss of the password.

Rice. 4. Working with encrypted disks
in Cryptic Disk

Encryption is performed in real time using the AES algorithm with a key length of 256 bits. Multi-user access is provided (up to 256 users) with different levels of access available to users (read, read/write and unlimited access).

Disk Password Protection 4.8.930

Developer: EXLADE, Inc.

Distribution size: 2.11 MB

Work under control: Windows 9x/NT/2000/XP/2003

Distribution method: shareware (30-day demo version that does not allow you to change the demo password - http://www.exlade.ru/download/dppsetup.zip)

Price:$49 (for Russian-speaking users: home license - 690 rubles, business license - 890 rubles)

Disk Password Protection is a tool for comprehensive protection data from unauthorized access through password access. This solution allows you to:

protect the loading of operating systems - in this case, booting the computer from a protected disk (regardless of the number and type of operating systems) will begin only after entering the correct password;

protect sections of hard or removable disks (Flash Drive, USB External Hard Disk, etc.) - such partitions are invisible on the disk and are not available for read/write operations; To gain access to a protected partition, you must remove protection from it; after completing work with the partition, protection is reinstalled;

organize low-level disk protection - a hard disk protected in this way is blocked at the hardware level from all read/write operations; this type protection is only supported by hard drives that comply with the ATA-3 specification and higher.

Installing and removing boot protection and partition protection (Fig. 5) is done manually from the program or using a wizard. When you try to protect the partition that contains the files used in this moment files, the program will display a warning and you can cancel the operation (this will avoid losing unsaved files). Installing/removing low-level disk protection is done only from real mode operating system MS-DOS. The behavior of a system with a low-level protected disk depends on the motherboard. If it supports low-level protection (that is, it can detect disk is protected or not), then upon boot the system will ask for a password for the protected disk. If motherboard does not have support for low-level protection, the system will not recognize the protected disk (and therefore will not ask for a password) - in this case, to work with the disk you will have to disable protection from the main Disk Password Protection window. There is no need to enable low-level disk protection after finishing work, since the disk is automatically locked after turning off the power. Please note that to activate/deactivate this type of protection you may need to complete shutdown computer power (you will need this operation or not - depends on the equipment).

Rice. 5. Partition protection with Disk Password Protection

Access passwords are encrypted and stored in protected areas of the disk, so the protection will work even if you install the protected disk on another computer. Without knowing the password (for example, if you have forgotten it), it is impossible to access protected data - to avoid data loss in similar situations The program provides the ability to enter a password hint (only for boot protection and partition protection).

Rohos Disk 1.18

Developer: Teslain ltd

Distribution size: 1.29 MB

Work under control: Windows 2000/XP/2003/Vista

Distribution method: http://www.rohos.ru/rohos.exe)

Price:$35 (for CIS countries users - $29)

"Rohos Disc" - convenient program to organize the protection of confidential data stored on a hard drive or USB drives (Fig. 6). With its help, you can create one or more virtual encrypted disks (they are displayed in the system as logical drives), into which protected data is copied or moved. When moving, the original data can be destroyed by the built-in shredder. You can also install programs on virtual disks that should not be accessible to other users. It is possible to create an encrypted and password-protected partition on a USB drive - gain access to classified information on such media you can use it on any computer (even one where the Rohos Disk program is not installed).

Rice. 6. Protect data using "Rohos Disk"

Encrypted disks are invisible in the system, and to access the data on them, the disks must be connected by specifying a password, or you can use a USB key, which can be a working USB flash drive used for transferring information. The password entry window is called up manually or automatically immediately after the system boots. After connecting the encrypted disk, you can work with the data on it in the usual way, and from MS Office programs and Explorer, access to the encrypted disk is carried out with one click, since “Rohos Disk” is built into the MS Office load/save windows and context menu conductor. Disconnection of the disk is carried out by hotkey, when disconnecting the USB key, as well as after finishing work in Windows and turning on sleep mode. If there is unsaved data on the disk at the time of shutdown, the latter will not be lost, but only if installed additional program Rohos Logon Key (http://rohos.ru/welcome/), which will delay turning off the disk until the data is saved.

Data encryption is carried out in real time using AES or Blowfish algorithms. The encrypted disk is one big file, matching in size to the information placed in it, is the so-called disk image. If necessary, the image can be hidden in a large media file (AVI, MP3, etc.), which will still be opened and played. In addition, it is possible to protect the disk image from accidental deletion, but only if Rohos Logon Key is installed. To prevent the loss of a USB key, there is a function to create a duplicate of it, and to protect the USB key from unauthorized use, you can use a PIN code, thanks to which the key is blocked after three unsuccessful attempts to enter the PIN code.

Programs for hiding and encrypting folders and files

For most users, applications for hiding/encrypting folders and files are more convenient (than the solutions discussed above), since they do not completely close the drives (although some of them have a similar feature). This means that other users will not even notice that a couple of folders hidden from them have appeared on the disk, and they will not ask unnecessary questions or take any steps. In addition, these solutions are easier to learn and use and do not require prior creation of virtual disks.

There are a lot of similar applications on the market, and the level of protection implemented in them varies markedly. Some solutions provide only banal hiding of folders, others support not only hiding, but also full encryption, implemented at a high level, which ensures data protection even when booted in another operating system, installing a disk on another computer, etc. As examples we will look at packages Folder Lock, Universal Shield and Hide Folders XP. The first of them provides the most high level protection of encrypted data (Table 2), and the second is distinguished by its support for multiple encryption methods and the ability to assign different levels of access to data. The Hide Folders XP package, of course, is noticeably inferior to the named solutions in terms of its capabilities (it can only hide and block folders and files, and not encrypt them), but it has a Russian-language interface and is offered to Russian-speaking users at a very attractive price.

Folder Lock 5.8

Developer: NewSoftwares.net, Inc.

Distribution size: 2.22 MB

Work under control: Windows (all versions)

Distribution method: shareware (20-day demo - http://dl.filekicker.com/nc/file/130083-0M78/folder-lock.exe)

Price:$35

Folder Lock is an effective and reliable solution for protecting personal files, folders and disks (Fig. 7) by setting them with a password, hiding and encryption (Blowfish algorithm with a 256-bit key), and the data can be located not only on the hard drive, but and on USB flash drives, memory cards, CD-RW disks, floppy disks and laptops. The program supports major file systems (FAT16, FAT32, NTFS) and differs high speed work. It can be applied directly to a large number files and folders - the maximum total size of simultaneously processed files is 25 MB, and their number can reach 250. Protected files are not displayed either in Explorer or in applications, cannot be deleted and are completely inaccessible, since they cannot be accessed, even by booting into DOS, Windows safe mode, another OS, or installing the disc on another computer. In case users have forgotten the password used to protect data, it is possible to gain access to data using a registration key. If necessary, the data blocking process can be performed automatically - this is convenient for those users who finish working on the computer at the same time.

Rice. 7. Working with folders and files in the Folder Lock package

As an additional functionality, Folder Lock allows you to guarantee the destruction of files and folders with the required level of security and remove traces remaining on the computer after installing data protection. In addition, for greater security, the program keeps a record of all passwords entered unsuccessfully to remove protection, which allows the user to understand in time that his computer has begun to attract unhealthy interest, for example, among colleagues.

Universal Shield 4.1

Developer: Everstrike Software

Distribution size: 1.76 MB

Work under control: Windows 2000/XP/2003 Server

Distribution method: http://www.everstrike.com/download.htm)

Price:$34.95

Universal Shield is a convenient tool for protecting personal files, folders and drives (including network drives) in FAT16, FAT32 and NTFS file systems by hiding and encrypting them (eight encryption algorithms are supported, including AES and Blowfish) - fig. 8. The number of simultaneously hidden files is unlimited, and masks can be used to highlight groups of hidden files. It is possible to set various access rules (read, write, visibility and delete), which allows you to choose a variety of combinations of parameters, for example, you can make files accessible for reading and writing and prohibit their deletion. This access option allows you to prevent the deletion of not only personal data, but also application files, which is no less important. Protected data will not be accessible to other users, including the administrator, even when Windows starts in safe mode. If no actions have been taken on the computer for a certain period, then data blocking may occur automatically. For greater security, you can use the special Stealth Mode. It hides all user-visible information about the installation of Universal Shield - the program shortcut on the desktop and in the Start menu, as well as the corresponding folder in Program Files. Access to the program in this mode is possible only by pressing a predetermined key combination.

Rice. 8. Encrypt files manually and using a wizard
in Universal Shield

Additionally, Universal Shield allows you to restrict access to special Windows folders(“My Documents”, “Favorites”, Control Panels, etc.), protect the desktop from changes, restrict access to the Control Panel and prevent changes to the date and time on the computer.

Hide Folders XP 2.9

Developer: FSPro Labs

Distribution size: 1.21 MB

Work under control: Windows 2000/XP/2003/Vista

Distribution method: shareware (15-day demo - http://www.fspro.net/downloads.html)

Price:$29.95 (in the Softkey.ru store - 400 rubles)

Hide Folders XP - simple program to protect folders and files in the FAT, FAT32 and NTFS file systems from unauthorized access by hiding and/or blocking them (Fig. 9). The number of simultaneously protected files and folders is unlimited. Protected folders will not be accessible to other users, including the system administrator, even when Windows boots in Safe Mode (however, hiding in SafeMode must first be configured through the settings). In this case, it will be impossible to delete not only protected folders and files, but also the folders containing them.

Rice. 9. Working with protected files in the Hide Folders XP environment

In addition to hiding/blocking data, the program allows you to delete traces remaining on the computer after enabling data protection, and can hide itself - it may not display its shortcut in the Start menu, hide the installation/uninstallation line in the control panel, and when working in Stealth mode mode will also not be in the list of running processes.

File encryption programs

It is inconvenient to use file encryption programs to protect large amounts of data, since specifying many files in different folders will take a lot of time. However, these solutions are indispensable if it is necessary to transmit confidential information by mail or on any media (CD/DVD, USB drive, floppy disk, etc.). However, some similar programs allow the recipient to decrypt data without installing it on his computer. This is convenient because the sender can, for example, send an encrypted document via e-mail(having previously agreed on a password with the recipient) and not worry about whether the recipient has the appropriate encryption/decryption software, since the latter will still be able to decrypt the document simply by providing the password.

As examples of such solutions, we will consider the Max File Encryption and Animabilis RS File Encryption programs. The first is more functional, as it allows you not only to encrypt documents, but also to hide them using shorthand. But the second one has a Russian-language interface, which is attractive for Russian-speaking users.

Max File Encryption 1.8

Developer: Softeza.com

Distribution size: 1.09 MB

Work under control: Windows 95/98/Me/NT/2000/XP/2003

Distribution method: shareware (15-day demo - http://www.softeza.com/download/mfesetup.exe)

Price:$29.95 (residents) Russian Federation and CIS countries - 300 rub.)

Max File Encryption is a convenient program for encrypting files of any type (including Word documents, Excel and PowerPoint) using the Blowfish algorithm (Fig. 10). It can be used to encrypt multiple files at once and allows you to encrypt even very large files (up to 4 GB). Encrypted files are saved in the program's own format or in EXE format - the latter option allows you to decrypt files if Max File Encryption is not installed on your computer. In addition, encrypted files can be hidden in ordinary files (so-called media) - graphic, audio and video files, and even in applications and Dll files, while the media files of encrypted information remain fully functional.

Rice. 10. File encryption/decryption
in Max File Encryption

Animabilis RS File Encryption 1.3

Developer: AES Software

Distribution size: 1.1 MB

Work under control: Windows 98/2000/NT/Me/XP

Distribution method: shareware (30-day demo version - http://www.rsfileencryption.com/rus/file/RSFileEncryption_rus.exe)

Price: 300 rub.

Animabilis RS File Encryption is a simple tool for encrypting files of any type, including Word, Excel and PowerPoint documents using the Blowfish algorithm (Fig. 11). Encrypted files are written in the program's own format or converted to a self-extracting EXE format, which allows you to decrypt files if Animabilis RS File Encryption is not installed on your computer. After encryption, the program can ensure the deletion of the original files by writing a random set of characters to the appropriate area of ​​the disk a specified number of times.

Rice. 11. Encrypt/decrypt files in Animabilis
RS File Encryption

The principle of modern cryptographic protection is not to create encryption that is impossible to read (this is practically impossible), but to increase the cost of cryptanalysis.
That is, knowing the encryption algorithm itself, but not the key, an attacker must spend millions of years decrypting it. Well, or as much as you need (as you know, information ceases to be important after the death of your loved ones and yourself), until x-files lose their relevance. At the same time, complexity conflicts with ease of use: data must be encrypted and decrypted quickly enough when using a key. The programs that were included in today's review generally satisfy the two mentioned criteria: they are quite easy to use, and at the same time they use moderately robust algorithms.

We'll start with the program, which in itself is worthy of a separate article or a series of articles. Already during installation I was surprised additional opportunity creating a false operating system. Immediately after completing the conversation with the installation wizard, DriveCrypt suggested creating a key storage. Any file can be selected as storage: file, picture, mp3. After the path to the storage is specified, we enter passwords, of which we have two types: master & user. They differ in access to DCPP settings - the user does not have the ability to change anything, he can only view the specified settings. Each type can consist of two or more passwords. Actually, access to the security installation can be provided either by the master password or by the user password.

Before encrypting any drives, you need to check that boot protection is installed correctly. Be careful, if you do not check that the boot protection is working correctly and immediately encrypt the disk, it will be impossible to restore its contents. After verification, you can proceed to encrypting the disk or partition. To encrypt a disk or partition, you should
select Disk Drives and click Encrypt. The Disk Encryption Wizard will open a window asking you to select a key from the storage. The disk will be encrypted with this key and the same key will be required to further work with disk. Once the key is selected, the disk encryption process will begin. The process is quite long: depending on the size of the encrypted disk or partition, it can take up to several hours.

In general, all this is quite simple and standard. It is much more interesting to work with the false axis. Let's format and distribute the hard drive in FAT32 (it seems that rumors about the death of this file system were greatly exaggerated
:)), install Windows, install DriveCrypt. The created false operating system should look like a working one, constantly used. Once the hidden operating system is created, booting and running the fake OS is extremely dangerous as there is a possibility of corrupting the data of the hidden operating system. Having thrown all kinds of garbage into the system, we create a new storage,
Log in to DCPP, switch to the Drives tab, select the section where the false operating system is installed and click HiddenOS. The settings window will open. Everything is simple here: we indicate the path to the newly created storage, passwords, the label of the hidden disk, its file system and the number free space, which will separate the false operating system from the hidden one. After clicking the Create Hidden OS button, the process of creating a hidden partition will start and all the contents of the system partition will be copied to the hidden partition. The program will create a hidden partition, the beginning of which will be within the space of free space specified when creating the hidden partition from the end of the false partition. Reboot and
We authorize by entering the passwords that were specified when creating the hidden section. The contents of the false operating system will not be visible when working in a hidden OS, and vice versa: when working in a false operating system, the hidden OS will not be visible. Thus, only the password entered when turning on the computer determines which operating system will be loaded. After completing the creation of the hidden operating system, you need to enter it and encrypt the system partition.

Using DriveCrypt, you can encrypt any hard drive or removable storage device (except CDs and DVDs) and use it to exchange data between users. An undoubted advantage of exchanging data on a fully encrypted medium is the impossibility of detecting any files on it; the medium appears unformatted. Even if you have information that the media is encrypted, if the key is missing, the data will be impossible to read.

DriveCrypt encrypts an entire disk or partition, allowing you to hide not only important data, but also the entire contents of the disk or partition, including the operating system. Unfortunately, this level of security comes at the cost of a significant drop in file system performance.

Here we encounter a rather original encryption algorithm with a private key ranging from 4 to 255 characters in length, developed by the authors of the program themselves. Moreover, the key password is not stored inside the encrypted file, which reduces the possibility of hacking it. The principle of operation of the program is simple: we indicate the files or folders that need to be encrypted, after which the program prompts you to enter a key. For greater reliability, the key can be selected not only on the keyboard, but also using a special panel. This panel, it seems, was blatantly stolen from MS Word (insert
- symbol). By confirming the password, we will force the program to encrypt the file, assigning it the extension *.shr.

Files Cipher is capable of compressing encrypted files using a built-in archiving algorithm. Moreover, after encryption original file can be deleted from the hard drive without the possibility of recovery.
The program works with files of any type, and also supports files larger than 4 Gb (for NTFS). Wherein system requirements to the computer are very modest and, unlike the frontman, they eat nothing at all.

PGP implements encryption using both open and proven symmetric
keys: AES with encryption up to 256-bit, CAST, TripleDES, IDEA and Twofish2. To manage encryption keys, there is the PGP Keys option, which displays a window displaying user keys and those added to the list public keys. Scheme of operation of the module for encrypting PGP Disk disks... mmmmm... how can I say this? Ah, elementary. Again, create a Key Storage file (I call it Key Manager to myself), enter passwords. Moreover, when specifying a password, a special indicator of strength (quality) is displayed, which, by the way, clearly demonstrates the relevance of complex passwords: for example, the strength of a password consisting of eight digits is approximately equal to the strength of a six-letter or four-digit one, which contains one special character (exclamation mark) and three letters.

I really liked that the creators also thought about ICQ (whoever read Stalker’s logs after the motherfucker’s defacement will understand... or were they not in ASI and am I confusing something?). After installation, a special icon appears in the ICQ window, with the help of which session protection is enabled.

As for the most painful topic - information leakage through a swap file - the authors themselves admitted that they were unable to completely block this leakage channel due to the peculiarities of the operating system. On the other hand, measures have been taken to reduce this threat - all important data is stored in memory no longer than necessary. After the operation is completed, everything is critical important information is deleted from memory. Thus, this vulnerability exists, and to eliminate it you need to either disable virtual memory (which can lead to a noticeable deterioration in the operation of the OS) or take additional security measures.