Best encryption for PC?

Not all my clients have TPM chip.  What are some alternatives for encrypting files or drives for PC-based installations?
LVL 1
supportorangesAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave HoweSoftware and Hardware EngineerCommented:
Truecrypt is free (and offers both whole disk and mount-as-needed file encryption). You can also use Bitlocker with a removable (usb) device for the key storage.

for file encryption, you can use a variety of tools (7-zip for example does good archive encryption, but obviously you need to unarchive the files before you can use them)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
supportorangesAuthor Commented:
thank you!

truecrypt folks seem to be pulling out - see their website.

for bitlocker with usb key i still require TPM chip, right?

i will look into 7-zip.  is that preferred over winzip?
0
McKnifeCommented:
The decision whether to use a TPM or not is a tough one.
What some people don't realize: without a TPM, your users having a key to the drive can manipulate their own hard drives! They could for example make themselves administrators by mounting their drives to another machine and doing an offline attack. They cannot do this with a TPM.
0
Exploring ASP.NET Core: Fundamentals

Learn to build web apps and services, IoT apps, and mobile backends by covering the fundamentals of ASP.NET Core and  exploring the core foundations for app libraries.

EirmanChief Operations ManagerCommented:
Truecrypt is as good as is ever was when development & support ceased.
You can get the last version and documentation here.
It was never compromised.

However, my personal favourite encryption programs for corporate and personal use
are made by Jetico
0
Dave HoweSoftware and Hardware EngineerCommented:
TC7.1a is still fine - audit project has hired NCC to complete phase 2, and there are plenty of groups happy to continue development.  see https://www.grc.com/misc/truecrypt/truecrypt.htm for example ;)
0
Natty GregIn Theory (IT)Commented:
truecrypt and 7zip over winzip any day
0
Dave HoweSoftware and Hardware EngineerCommented:
Winzip is commercial software, and comes with support (at a price of course) - the Winzip encryption is every bit as good as 7z - in fact, you can get 7z to do Winzip encryption by selecting "AES-256" in Zip archive mode.  Conversely though, 7z is free, and its crypto is every bit as good as winzip :)

If you were going to go commercial, you would be better served looking at Winrar - its crypto is also good, and its ability to create self-healing archives can be a useful defense against data loss (see also though the "par" protocol, which allows you to add redundancy to arbitrary collections of files by calculating raid6 style parity blocks.

Regarding TC security, it would also be advised to keep an eye on This Site which tracks the status of the auditing effort :)
0
McKnifeCommented:
I tried to point out that one should go for tpm if you don't fully trust your employees (and who does ;) for security reasons.
So if your devices don't have a TPM (laptops usually will have one), you could arm your systems with one. Some mainboards let you place a TPM-Chip on an empty socket. Those can be very, very cheap, depending on the make, 10-50 USD.

So again, I would really recommend to use the TPMs whenever possible.
0
EirmanChief Operations ManagerCommented:
In your case, I don't recommend encryption programs intended for individual files/folders such as
Winzip, Winrar, 7zip etc. (These are very useful if you want encrypt individual file(s) before emailing).

In your case, I really think you should opt for Volume Encryption.
As the whole disk is encrypted, everything is automatically encrypted and there is no repeated entry of passwords.
Because the password is only entered once, you can make it long, which is important for effective security.
After that, the regular user can forget about security ...... it's all automatic.

Truecrypt, and Bestcrypt were mentioned above as good examples of Volume Encryption.
Others are also listed in the Wikipedia article.
0
supportorangesAuthor Commented:
Everyone was helpful, thank you!
0
EirmanChief Operations ManagerCommented:
A final comment supportoranges .....

Winzip, Winrar, 7zip etc. are not encryption programs!

They are primarily compression/decompression programs with encryption features.
0
supportorangesAuthor Commented:
Thank you for the clarity on that!
0
Dave HoweSoftware and Hardware EngineerCommented:
That is one of those complex questions, Firman. They are a program that can do encryption, and do it well (a lot of commercial encryption programs were shown to do it very poorly indeed). Most file encryption programs *also* compress, as that makes it just a little harder to determine what the original file was, or even its size.

Some courts have also taken a very very negative view to dedicated encryption programs, claiming that that makes the offence charged an aggravated instance, as obviously you are trying to hide it if you are encrypting (hopefully, as more people encrypt to avoid liability on loss of media, or the NSA having a good look, that attitude will change a bit)
0
EirmanChief Operations ManagerCommented:
Good points Dave,
At least in Ireland I am (more or less) beyond the long arm of the NSA and it's UK equivalent.
0
Dave HoweSoftware and Hardware EngineerCommented:
Sadly, the US believe they have a remit to hack any other country - and being in Ireland, GCHQ believe they are permitted to do so too.  But we would be getting all political going into that, and it doesn't help the OP.

Bottom line really is though, are Winzip or 7z good examples of encryption software, or bad? both do a good job (as does Winrar) although the downside of course is that you need to create unencrypted copies of the files before you can access them (as opposed to something that integrates to the file system and can use the files "on the fly" as though they were unencrypted)

I think everyone should have truecrypt and 7z (or the portable equivalents) in their toolkits, use *at least* TLS for internet and email, and know how to use (again, at least) s/mime - because its in nobody else's interests to promote your privacy, only yours.
0
McKnifeCommented:
Dave, please try to work on documents in a 7z-archive - it works without decrypting them, changes are saved. This is not possible with all compression software's, of course.
0
Dave HoweSoftware and Hardware EngineerCommented:
@McKnife - I recall looking at that a few years ago, and found that 7z in fact extracts a copy of the file in the windows temp dir, then opens that copy. Its possible that has changed of course.....
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Encryption

From novice to tech pro — start learning today.