Author Topic: Password Protect File Or Folder? (Read 20342 times)

siouxdax · « **on:** February 20, 2009, 08:08 PM »

Hello all:
I've been searching all over the site, but couldn't find what I'm looking for, which is an app that password protects a file and/or folder on my hard drive. I just need a simple app that won't open a file and/or folder without a password. Is there such an app?

Many thanks in advance!

Paul Keith · « **Reply #1 on:** February 20, 2009, 09:22 PM »

TrueCrypte is the most popular freeware but it's not exactly secure but most users consider it secure enough.

Here's also a more varied list: http://www.downloads...ta-privacy-day-2009/

Note that I haven't tried any of these.

siouxdax · « **Reply #2 on:** February 20, 2009, 10:18 PM »

Paul:
Thanks for the info. I've checked out the links, but I think they're too 'heavy' for my needs. I've read about TrueCrypt causing major problems after installation, so I don't want to chance it with that app. Is there any 'lightweight' apps that may do the trick. I don't necessarily need encryption, but merely a password-protected file/folder.

I hope I don't sound picky or whiny. LOL. I just think those apps are too much for me, if that makes any sense.

Paul Keith · « **Reply #3 on:** February 20, 2009, 11:23 PM »

Nah, they're too heavy for me either and it still scares me to try them. Unfortunately, these are all I know of.

The lightweight ones are often based around a specific file format or something close to that.

tsaint · « **Reply #4 on:** February 21, 2009, 12:50 AM »

Try looking thru the files here:
http://www.snapfiles...rch=Find+it&lc=1

bgd77 · « **Reply #5 on:** February 21, 2009, 01:17 AM »

This is not exactly what you have asked, but maybe you are interested in it.

http://www.cleanerso...free_hide_folder.htm

It hides the respective folder and, to unhide it, you have to enter a password in the program. This way other persons that use your computer won't even know that a folder exists.

I used it and I only had one problem: I forgot my password

siouxdax · « **Reply #6 on:** February 21, 2009, 01:39 AM »

Thanks for the links. Looks like Androsa FileProtector could be a candidate to solve my issue.

Thanks again! Cheers!

steeladept · « **Reply #7 on:** February 21, 2009, 01:47 AM »

TrueCrypte is the most popular freeware but it's not exactly secure but most users consider it secure enough.
-Paul Keith (February 20, 2009, 09:22 PM)

I am no expert, Paul, but I thought TrueCrypt was as secure as any consumer/enterprise security system available (note I am specifically excluding governments as they *MAY* have more secure algorithms). Why do you say it is not exactly secure?

Also, I can say from my experience that TrueCrypt is quite stable. The only time I ever had ANY issue with it dealt with entering a wrong password because I didn't realize I was adding non-printing characters somehow. (Actually I know how - NEVER copy and paste your password into it!) Once I passed that minor issue, it has worked flawlessly. Well provided access flawlessly. I sometimes have issues with the mounting of favorite partitions not working as smoothly as I think it should, but this has nothing to do with accessing it - only with accessing several mounts at once.

Paul Keith · « **Reply #8 on:** February 21, 2009, 03:57 AM »

Yes, that's what I meant by secure enough.

I would say the problem with privacy apps is that the inherent structure of Open Source doesn't yield as much benefit to this category of software compared to other categories. It's the same with Open Source Antiviruses. It's not that these aren't good enough for common usage especially when you're not being targeted but reactive countermeasures as well as the source being exposed means as soon as you get just bits of black sheeps bent on hacking it, you never know when you can be exposed and it becomes a battle of who gets victimized first and then reports it:

http://www.darkreadi...?articleID=211201156

This doesn't mean that commercial products are inherently superior though. I myself believe in this xkcd strip:

steeladept · « **Reply #9 on:** February 21, 2009, 04:11 AM »

Okay. I just read your post as TrueCrypt doesn't use the strongest available encryption, but that isn't what you said. I must say for clarity I don't believe there is any closed source or commercial software available to the public that has a better algorithm or better implimentation, just different ones. If this is not true, I am very interested to learn about the "better alternatives".

Thanks for the clarification.

BTW: Can't see the comic strip.

siouxdax · « **Reply #10 on:** February 21, 2009, 07:00 PM »

Well folks, it looks like Androsa FileProtector is the one I'm going with. A few too many advanced options, but I'm sure I will need them as I get more and more used to the app. Otherwise it's simple, lightweight and unobtrusive. Hurrah!

Thanks for all of the input!

mouser · « **Reply #11 on:** February 21, 2009, 07:02 PM »

That cartoon is so accurate it's scary.. People need to remember that encryption is only good against people who don't have physical access to you.

f0dder · « **Reply #12 on:** February 21, 2009, 09:29 PM »

I would say the problem with privacy apps is that the inherent structure of Open Source doesn't yield as much benefit to this category of software compared to other categories. It's the same with Open Source Antiviruses. It's not that these aren't good enough for common usage especially when you're not being targeted but reactive countermeasures as well as the source being exposed means as soon as you get just bits of black sheeps bent on hacking it, you never know when you can be exposed and it becomes a battle of who gets victimized first and then reports it:
-Paul Keith (February 21, 2009, 03:57 AM)

Imho this is wrong. The only thing closed-source gains you is obscurity - and everybody who's into security is going to say that security through obscurity never works. For stuff like encryption, having the source code open inspires more trust than depending on bugs (and backdoors?) not being discovered.

I wouldn't use anything else than TrueCrypt (or linux kernel-crypto) for filesystem encryption (and fSekrit for random small notes, of course

).

BTW the url is only about breaking the "hidden filesystem" capability of TrueCrypt, it doesn't target the encryption security at all.

Paul Keith · « **Reply #13 on:** February 21, 2009, 11:33 PM »

@steeladept

You could do a search for Crypto-Nerd's Imagination and then add XKCD to Google.

@fodder

That's true. Security through obscurity ALONE isn't security but remember we're talking about privacy here not which apps is flawed or we should and shouldn't use. Obscurity helps alot when dealing with privacy. That's one other thing a commercial model theoretically has: accountability...plus increasing resources from profits.

This doesn't mean that there is one true commercial alternative that is inherently better for being closed source on it's own. It does mean however that if someone wants to provide as secure a privacy app, then the more resources they have from the profits the better experts they can hire to improve an application. This isn't focused on encryption programs per se. I was thinking less of the specifics of TrueCrypt when I posted the url but more on the general concept of the term "privacy app". Simply put a privacy company who's core goal is the privacy of it's customer base can take more risks in implementing newer and better programs while being better at remaining obscure. They're also the ones who's goal is more focused in that area because they aren't there to satisfy the current status quo feel of privacy but rather they sail or sink based on how well they provide that service to their customers.

That's why I used the analogy of the open source Antivirus.

This doesn't mean an open source Antivirus can't be good enough and certainly a large enough community can still make up for any lack of resources but at the same time when you factor in innovations in the antivirus software category, it will not only come first from someone with more resources and more passion for that category but they also aren't limited to the software model and they can utilize such techniques as cloud computing with more trust because they are holding people's money and if they fail at that service, it would ruin them.

It doesn't mean it exists now and true enough Open Source programs gain more trust but I think the trust there also trickles down to blind faith as the userbase becomes bigger and hence more ignorant and therefore it is negated in the end.

This is why as steeladept pointed out: I wasn't talking about encryption. TrueCrypt is valuable but when it's value becomes so much that tech users go "TrueCrypt is secure" anytime someone asks for how to keep their data private then really we as a society are basically telling them to stay clueless and use this and believe in what you believe even though that's not really most TrueCrypt fans' goals. Of course at the same time, I think evangelizing this point especially when someone isn't looking to stay private but just wants a program to set passwords for their files as well as me being not a security expert is overtly rubbing my face in other people's business so I feel the words "not secure enough" should be short and concise enough and people should decide on their own from there.

However I do think that eventually the day will come when this must be brought out and not only among security experts but to people who are simply looking to retain their privacy or else privacy apps will stagnate and instead become more about software loyalty apps because we didn't brought it up and only felt in defending TrueCrypt's quality as a software (or even worse, TrueCrypt's quality as open source) rather than helping people become more secure in their lives through educating them not only on how to remain private (especially if that is their goal) but ultimately in creating a community where we value privacy to the point that most everyone understands privacy rather than through erecting an idol and saying "if you want computer privacy, then download this one." "If you want <insert other areas> privacy, then worship this one."

Of course I think I'm also at fault for seemingly trying to just focus on Open Source but really I'm not educated enough to know what specific angle to focus on in this case. I only know that we're slowly becoming a society who want privacy but is slowly not valuing enough our own wants that even our best tools to remain private are slowly becoming our worst enemies as we transform them into our "miracle pill" to prescribe to clueless people and hence even though the tools become better, we become less private as the net effect of our society not valuing true privacy gets exposed.

P.S.

@siouxdax

Apologies for causing the thread to be hijacked.

steeladept · « **Reply #14 on:** February 22, 2009, 12:11 AM »

Thanks. Turns out the site is being blocked by our firewall and that appears to be why I can't see it.

f0dder · « **Reply #15 on:** February 22, 2009, 05:15 AM »

I don't believe that open-source automagically means "more secure" than closed-source... just look at how long the chunked-transfer exploit bug was in Apache until it was found & patched.

However, I strongly believe that you should never used closed-source version of systems like TrueCrypt, because that's one field where Security Through Obscurity fails miserably. Sure, a company making money off a product might have greater interests at stake, but that doesn't stop them from writing shitware and trying to cover up the facts behind code obfuscation etc. Anybody remember the Diebold voting machine horror stories? Or the gaping security holes in Skype that were found even through skype is heavily obfuscated? (thankfully it wasn't exploited on the massive scaled that I had predicted). Microsoft uses code reordering to make it harder to detect what's patched in their hotfixes in order to make exploit-writing harder, but bindiff was constructed in order to overcome that... There's a lot of other examples as well.

Yes, there's more to security than "just using TrueCrypt", but if somebody needs decent encryption it really is the best choice (for several reasons), and a sentence like "but it's not exactly secure but most users consider it secure enough." is plain wrong and misleading. It's not fanboyism, it's just the product being the best choice. Might be overkill for what siouxdax needs, but I can't advocate using software that gives a false sense of security

PS: I've never had any stability issues with TrueCrypt, and it's definitely not heavy-weight either.

Paul Keith · « **Reply #16 on:** February 22, 2009, 12:16 PM »

I would say that the difference between a privacy encryption app like TrueCrypt and the examples you've used are that the ones you listed especially with the DieBold machines which centers around voting rather than privacy all revolve around the flaw of being translucent rather than transparent in their execution of their jobs where as a privacy app need not be that way. It simply needs to be 1. effective and 2. not be as you pointed out "shitware"

In fact such examples though different in category highlight what happens when people become apathetic towards the value by which they claim to cherish and then only find out later on that they have been screwed yet continued to bitch about it rather than make a difference because the technology forced them to remain clueless yet paranoid. A common result when people are led to believe in technology blindly (sometimes not even led, just apathetic to any cons technology brings which isn't help by ones own subconscious apathy towards the voting system)

I would also say that the flaw of saying something is the best at what it does must still assume that the user wants to have the best encryption program rather than the best way to keep their privacy. This leads to two major flaws IMO:

a) By saying that you are merely pointing out to what you consider the best choice totally throws out your earlier argument of Open Source vs. Closed Source:

Imho this is wrong. The only thing closed-source gains you is obscurity - and everybody who's into security is going to say that security through obscurity never works. For stuff like encryption, having the source code open inspires more trust than depending on bugs (and backdoors?) not being discovered.

Why? Because you are inherently comparing the best Open Source model in TrueCrypt and justifying the model of Open Source through that one app rather than addressing the actual model of Open Source.

I don't think that opinion is wrong and I did hint of it's popularity in my reply but it still does throw out the open source model and rather makes a case that the popular optimum model is the best choice when choosing a privacy app and that being Open Source only has relevance to it because the current popular program happens to be one.

b) By assuming it is the best choice, such attitudes (especially when it becomes one adapted by a group large enough) becomes the very influencing factor in convincing people (especially people ignorant of the backbones of privacy applications) to assume that it is the sole Holy Grail of privacy apps and yet even as you point to it being what you perceived as the best choice, you also allude to it only to being a "decent" encryption program (something I disagree with btw, I think most apps have reached that stage of being great encryption programs for their purposes) and also that there is more to security than it alone.

Words like those in my opinion only prove that TrueCrypt isn't exactly secure but only considered secure enough by the majority of tech users. Words like those also hide the fact that TrueCrypt still requires improving so even though it is the best choice considered by many currently, it is only if you enforce that belief from the software design and effectiveness perspective rather than the privacy perspective that it becomes "secure enough".

nosh · « **Reply #17 on:** February 22, 2009, 01:41 PM »

Now that the OP's found his solution, a little digression can be forgiven...

My first impression of TrueCrypt which I've implemented recently on my system:

I finally forced myself to take the plunge after a long period of fear+hesitation. I formatted two 1TB (single partition) drives and hid both partitions using Partition Magic. Truecrypt detected both partitions and I created a normal TrueCrypt volume on each. Some of the programs store their data files on these drives, so I had to ~~figure out~~ Google a way to mount the drives before any regular programs started - a fitting solution was found here.

My system has been stable so far and it's a big relief to know that if a drive fails, I can give it for warranty-replacement without having to worry about the company's tech-monkeys going through my data.

As far as performance is concerned, TrueCrypt isn't a total heavyweight but I wouldn't categorize it as a lightweight either. Copying large amounts of data across both TrueCrypted volumes, the CPU (2 x 3.16GHz) shows a load of of anything between 25-40%.

My overall experience with TC has been positive. The original intention was to lose the encryption after the drive warranty period expired since I'm not worried about theft or authorities, but it's completely non-intrusive and in actuality, I hardly notice the performance hit either. So unless TrueCrypt throws an ugly suprise in my face some time in the future, it's here to stay.

f0dder · « **Reply #18 on:** February 22, 2009, 07:24 PM »

Paul: TrueCrypt is the technologically best choice - this doesn't have to do with the fact that it's opensource. Most people here will know that I'm not the biggest fan of opensource, but I still firmly believe that it's important for privacy as well as transparency applications. Companies with commercial interests are more likely to stay silent about bugs or inefficiencies (like, continuing to use CBC mode instead of LRW or XTS).

Words like those in my opinion only prove that TrueCrypt isn't exactly secure but only considered secure enough by the majority of tech users.

It's basically as secure as it gets. It has technically sound application of encryption algorithms, and it avoids making temporary writes of unencrypted data to disk (which the usermode applications tend to do, making them basically useless).

nosh: sure thing, the de/encryption does cost - 256bit AES performs at around ~110MB/s on a 3GHz core2. The recent versions of TC has multithreading support - I'm not sure just how the parallelization is done, but I would expect at least one thread per volume. So a dualcore 3GHz should be able to copy full speed from one physical drive to another (unless you have extremely high-end drives

). During normal daily operation disk access tends to be in bursts though - I don't find it has much of an impact on system performance. I wouldn't encrypt partitions used for video editing or heavy games, though

Paul Keith · « **Reply #19 on:** February 22, 2009, 09:31 PM »

@fodder

That's also my current stance but that is also why I said it's not secure enough. I'm not limiting the discussion to the technologically best choice, I'm putting the discussion to where TrueCrypt's core functionality is concerned: on privacy first and not on software capability.

It also has something to do with open source because your original problem with my comment addressed only the open source vs. closed source debate prior to switching to the angle of best technological choice.

I guess we're getting nowhere here and you're probably wondering why I'm focusing on about it. (I guess it's not a common stance in the internet world yet.)

Well basically I've currently been reading about Technopoly which deals with how technology can change one's mindset on how to tackle a problem for better and worse and the previous book I've read was The Revolution: A Manifesto which somewhat deals with your issue about DieBold machines and other political structures (but it's really at it's core all about the U.S. Constitution) that explains how we as a culture (or at least Americans) are made to think differently on dealing with problems because the structure of a concept has been kept from our minds although you might really need to research more about the author's stance to really find it's relation with privacy in general.

I'm not saying you should read these books or that you can get the same conclusion as my own but it did cause a light bulb in my head to light up and made me value the importance of not only how I saw software with altruistic goals like TrueCrypt but in general it made me value the fact that you can't short hand privacy and constantly let the software trump the goal. At the end of the day, I believe we're either recommending these things to either help someone's privacy or we're recommending these things because it's an effective application and I'd rather still value the former even if I'm doing the latter just so we don't get used to settling on the value and end up creating a new generation of pseudo-blind sheeps not because I'm accusing you of a fanboy (I think your last comment hinted at a suspicion that it is what I'm trying to call your choice of TrueCrypt as) but because we ourselves didn't do anything to remind people that technologically best enough isn't the same as being able to secure our privacy enough.

f0dder · « **Reply #20 on:** February 23, 2009, 01:34 AM »

I still don't get why you say TrueCrypt isn't "secure enough" - it does what it's intended to do and does it well.

Obviously it doesn't secure your privacy surfing the net and stuff like that, but that's not what it's meant to do. And it obviously doesn't stand a chance against Rubber-hose cryptanalyst, but then again nothing does.

Sure, privacy as a general thing is a much broader topic, but TC keeps your files encrypted and safe, and guards against leaking unencrypted material.

Paul Keith · « **Reply #21 on:** February 23, 2009, 06:27 AM »

In my opinion, it's mostly because you're seeing it through the question of "How is this software flawed?" rather than "How does technology shape our minds and what am I saying that's weakening the goals of this app?"

Skimming Technopoly in my opinion would really help if you can afford to grab the book. It doesn't really deal with TrueCrypt per se but the core introduction may be better at making you see through my perspective than anything I say. (though as I pointed out in my previous post, it isn't the sole or major reason why I feel TrueCrypt isn't secure enough.)

arthurz · « **Reply #22 on:** February 24, 2009, 10:20 PM »

There is only one: Logitech Nano Cordless Laser Mouse V550!
Super fast scrolling, long battery life, soft buttons, precise.

siouxdax · « **Reply #23 on:** February 24, 2009, 10:31 PM »

Hello all:
I'm the one who started this post; I never knew I could spark so much conversation! When it comes to the subject of encryption, I'm less than a newbie. I'm a proficient PC user, but all of this conversation is over my head. But to let you folks know, I wound up choosing Androsa FileProtector to encrypt my files. It's easy to use, which was most important to me considering I'm not knowledgable in this area. Thank you all so much for the input!

f0dder · « **Reply #24 on:** February 25, 2009, 01:57 AM »

Hm, there's a couple of things from Androsa's feature page that makes me wonder a bit...

* AES - 256 bit / 192 bit / 128 bit
* TripleDES 192 bit
* DES 64 bit

Why oh why not just stick with AES-256?

Cryptography with password up to 256 bit (32 characters).

Does that mean they use your passphrase directly as encryption key? O_o

Also, keep in mind that with a program like this, you need to do a secure file wipe every time you've extracted/modified/re-inserted a file into a protected container, otherwise it will be possible to recover plaintext from your disk.