dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
8
share rss forum feed


2kmaro
Think
Premium,ExMod 1 BC
join:2000-07-11
ColossalCave
kudos:1
reply to inGearX

Re: How to protect data if lost...

For your really sensitive files, you might take a look at this ABSOLUTELY FREE Java based tool developed by the Department of Defense to encrypt/decript your data files.
EW-Public is available to anyone and is free and requires nothing more than a current copy of Java on your computer:
»www.spi.dod.mil/ewizard.htm

Basically it's just a Java application, just put a copy of the .jar file on your computer and double-click it to open and run. Drag non-encrypted files into it, hit the [Encrypt] button, enter a password, and an encrypted copy of that file is placed into the same folder (option available to delete the in-the-clear original). Decrypting is the same: drag encrypted file into it and it asks for password, you give it, it puts in-the-clear file in same folder.

It does not keep track of your passwords, so either pick one or two you'll never forget or record it/them somewhere physically separated from the computer.

For Windows users, after opening the EW-Public app the first time, there is an "Install" option under its Tools menu. This simply sets up file associations with its filetypes (.wzd, .wza and one other) in the Registry so that later you can simply double-click on an encrypted file to have the app open up ready to decrypt it.

How secure is it? I'm going out on what I think is a pretty thick and sturdy limb here and say that it would suffice to meet FIPS 140-2 requirements for data in transit and data at rest. "At rest" means stored on a device such as a hard drive, thumb drive, CD / DVD, etc. Naturally part of the security is using a good strong password (minimum 8 characters, mixture of UPPERandlower case, a couple of special characters and a number or two) such as
Will_WORK4food!

Back to the FIPS 140-2 stuff: The EW-Public version is not certified, but the EW-Govt version is, and the encrypted files made by one can be decrypted with the other. This tells me they are both using the same encryption/decription algorithm. The trick here is that the EW-Govt version is using some code that they leased from a 3rd party that has been through the FIPS certification testing, while I'm thinking that in the EW-Public version, they emulate that same algorithm using regular Java commands and capabilities.

So, how would you use it? First, probably big task, would be to encrypt all of the files you want kept hush-hush that are on the drive (it will encrypt/decript more than one at a time) and then delete the in-the-clear copies on the machine (you might consider having a backup of them in-the-clear elsewhere). You go on the road with nothing but encrypted data files. When you need one or some, you decrypt them at the time, keeping the encrypted copy. When you're done with them, perhaps even after making changes to them, you encrypt them again - overwriting the original encrypted file and choosing the "don't keep" option to remove the in-the-clear copy/copies that you used.

HAVE I used it? Yes, I actually started with the EW-Public version and then determined that it was possible for me to get the EW-Govt version for my office computer along with other computers used by my day-job employer. So at one point I had both versions on a computer and did testing to verify that they could communicate to one another without problem. I've also examined the before and after results of a simple Notepad .txt file and I certainly couldn't make much out of the encrypted results: I could see where they have the information header and such, but it was total gobbeldeegook after that and I wouldn't want to try to figure it out, even with the original source file to refer to.
--
...then THINK! again.