I was wondering, this being the home of multitudinous members of the geekish persuasion (i love the english language :D ), if anyone could let me know of a good folder (not file) encryption program to be had for free on the web. Most of those i find either charge exorbitant fees encrypt only files, not folders, or take longer than my sister in the shower. I ask this because i'm sick of aforementioned sister pretending to be an uber-hacker and messing with my files after she 'cracks' my Windows profile. No matter how many times i tell her that its not that hard, she still insists on adding her little 'tags' in all my uni documents, and i'm getting close to committing fratricide. :mad: :mad: :mad:

Any help would be appreciated.

Siblings. sheesh. :rolleyes:

I assume it's Windows 9x seeing as you haven't yet protected with permissions. First thing I'd do is password protect my documents, but remembering to remove it on the official document if handed in in the soft form.

As for what you're directly after, I have not had much experience with such programs, so unfortunately I cannot help out.

CES encryption (http://download.com.com/3000-2092-10132997.html?tag=lst-0-4)

That was just a quick find

Easy workaround: Compress using a standard utility (like WinZIP etc) and set a password on the file.

Breaking a winzip password is easy beyond belief - If you wan't to protect your stuff from people with more ability than your Mum, then you'd better use somethiung else...

PGP is pretty good - it use pulic/privte certificate encryption and is pretty much impossibgle to crack through brute force or otherwise, and you can use it to encrypt emails and VPN stuff as well....:)

Originally posted by Buffalo
...

PGP is pretty good - it use pulic/privte certificate encryption and is pretty much impossibgle to crack through brute force or otherwise, and you can use it to encrypt emails and VPN stuff as well....:)


pgp is very good. the fbi have 2 "palm pilots" (or similar) owned by the italian red brigade. the data is encrypted with pgp and all the resources of the US govt and italian govts combined cant crack it.

From what I remember (usually very little) PGP uses an encryption level of around 4096 bits, Though i'm probably way off the mark. :confused:

The amount of bits in the key is not the only remarkable factor but the algorithm too. Public key encryption methods need a very long key to be secure. When using a nice secret key algorithm like IDEA, RC4 or Rijndael anything after 256 bits is a waste of your time. Public key schemes are also very slow.

The slowness is why PGP and any sensible program using a public key scheme are actually hybrids like implied earlier in this thread. They encrypt the actual data with a secret key algorithm of your choice and only use RSA, elliptic curve cryptography, or other public key methods to distribute the key(s) of that secret key algorithm. Also, the keylength in a public key scheme needs to be bigger than the length of the data you encrypt.

I use GPG myself (check the signature for links), usually for encrypting e-mail. Using encryption to Scythe's problem seems a bit overkill though. File permissions and other readily available tricks should be enough.

Bear in mind that 3DES has been brute forced relatively quickly, so it is not really _that_ safe against things like governments.

Originally posted by slaine1
Bear in mind that 3DES has been brute forced relatively quickly, so it is not really _that_ safe against things like governments.

Do you mean DES? It can be broken reasonably fast but 3DES isn't automatically weak just because single DES is. It has 3 different keys (hence longer key length) and the 3 passes mangle the bits quite well. AFAIK there are no known good attacks against 3DES. It is impossible to use a brute force approach with current computing power.

Originally posted by druid
Do you mean DES? It can be broken reasonably fast but 3DES isn't automatically weak just because single DES is. It has 3 different keys (hence longer key length) and the 3 passes mangle the bits quite well. AFAIK there are no known good attacks against 3DES. It is impossible to use a brute force approach with current computing power.

Oh yes, had a brain freeze. So used to typing 3DES that the 3 just slipped in on its own. I mean of course that the 56bit DES has been brute force fairly quickly, but 3DES would still take an unfeasably long time to crack (assuming you use different keys of course).

One thing that I am curious about is how they determine the time it takes to crack by brute force, when people say "oh, it'd take x number of centuries to crack". Is it a maximum, or an average?

I mean, it possible (but unplausible) that, in your brute force attempt, you manage to guess the sequence of a 1TB key on your first go. Which wouldn't take the "the end of the universe would have been some kind of ancient history, under current computing power" duration you'd get people fumbling over superlatives to describe, were you to ask them.

Originally posted by scathing
One thing that I am curious about is how they determine the time it takes to crack by brute force, when people say "oh, it'd take x number of centuries to crack". Is it a maximum, or an average?


It can be both. Usually (bar generic articles) it's quite clear what they mean. These days averages, i.e. meet-in-the-middle scenarios are used for predicting the result quite often instead of presenting the time required to exhaust the entire keyspace. Whether the time for the entire keyspace or just half of it is presented because both times are huge.


Originally posted by scathing
I mean, it possible (but unplausible) that, in your brute force attempt, you manage to guess the sequence of a 1TB key on your first go.

It is but usually there are safeguards in programs to prevent trivial keys like that slipping through.

And just to provide you with the superlatives you love, a measure of feasibility I like is the amount of resources available in the universe.

Take the my favorite cipher IDEA for example:

IDEA's key length is 128 bits. Assuming that a brute-force attack is the most efficient, it would require 2^128 (10^38) encryptions to recover the key. Design a chip that can test a billion keys per second and throw a billion of them at the problem, and it would still take 10^13 years - that's longer than the age of the universe. An array of 10^24 such chips can find the key in a day, but there aren't enough silicon atoms in the universe to build such a machine. Another approach could be to calculate how much energy one computation would require in terms of changing a few bits in the memory. We'd run out of energy too. :D