I want to be able to send a report through the post and I am looking at the best ways to encrypt it.
I've tried
What does everyone use to make sure their CDs are encypted? Or does everyone just send them special delivery instead? Anyone that has any ideas if would be a great help.
By the way, yeah there is truecrypt, but I can't see the client ever knowing how to use that program or getting permission to install it.
Cheers
I understand what your saying about truecrypt, but it's not necessary to install it on the client pc. You can use the USB installer and install TC directly onto the CD. The client needs only double click the truecrypt icon, choose auto mount and everything should be fine.
I sent an encrypted hard drive to my last client using this method. Here is a very simple write up (replace external hard drive with CD).
1. Attach the external USB hard drive to the computer.
2. Plug in the external USB hard drive power.
3. Open “My Computer” and locate the external USB hard drive.
4. Open the USB hard drive in “My Computer”.
5. Open the Folder “Truecrypt”
6. Double click the Truecrypt.exe icon. It is –not- necessary to install the program first.
7. In the Truecrypt program select an available drive letter (z)
8. Click on “Auto-Mount Devices”
9. Enter the password for decryption and click “OK”. The encrypted files will be available in “My Computer” on the drive letter chosen in step 7.
If you are only worried about the file contents, rather than types of file, why not just encrypt the file(s), eg with WinZip 256 AES, PGP etc. You can then write the CD in the normal way.
To decrypt from WinZip you just need the password - more than maybe 10 characters long to be secure - the longer the better.
If you are only worried about the file contents, rather than types of file, why not just encrypt the file(s), eg with WinZip 256 AES, PGP etc. You can then write the CD in the normal way.
To decrypt from WinZip you just need the password - more than maybe 10 characters long to be secure - the longer the better.
That is assuming the client has WinZip their end… also when they unzip the file it will ask to store the files locally on the clients hard disk, I can't see them deleting the folder after in the proper way we all know how to. I want to keep the 'spreading' of the evidence to a minumum.
I'll have a go with the TC volume and see what I can come up with cheers.
Check OTFE "portable mode" or "explorer"
http//
jaclaz
That is assuming the client has WinZip their end…
Or you can make a self-extracting executable in which case they don't need any software.
also when they unzip the file it will ask to store the files locally on the clients hard disk, I can't see them deleting the folder after in the proper way we all know how to. I want to keep the 'spreading' of the evidence to a minumum.
What is to keep them from copying the contents of the Truecrypt volume to an unencrypted section of their hard drive?
I'm not saying that you shouldn't use TC, but it seems like a lot of extra effort when WinZip, AES encryption and a good password would make the archive virtually unbreakable.
That's a significant difference With TrueCrypt, they have to willfully make an unencrypted copy of the data, and it's not necessary to view the data. With ZIP, an unencrypted copy is automatically made if they want to be able to view the data. So the likelihood of them making an unencrypted copy increases from "somewhat" to "assured".
What is to keep them from copying the contents of the Truecrypt volume to an unencrypted section of their hard drive?
Nothing, but that goes with everything that you send them!
I tried to see where, once you decrypt using Truecrypt, the files go? Are they stored in RAM? I guess so as that would make a logical answer. Does anyone know?
The self extractable Zip idea sounds good but I'm not too sure on letting the client choose where to store the files once extracted… I'm not trying to say they're dumb but they could accidentally unzip them to a network share or something - I know very unlikely and it goes the same with Truecrypt if they drag and drop accidentally - I guess it's the risk we take with everything.
That's a significant difference With TrueCrypt, they have to willfully make an unencrypted copy of the data, and it's not necessary to view the data. With ZIP, an unencrypted copy is automatically made if they want to be able to view the data. So the likelihood of them making an unencrypted copy increases from "somewhat" to "assured".
Nicely put - your post arrived after I had written mine.
That's a significant difference With TrueCrypt, they have to willfully make an unencrypted copy of the data, and it's not necessary to view the data. With ZIP, an unencrypted copy is automatically made if they want to be able to view the data. So the likelihood of them making an unencrypted copy increases from "somewhat" to "assured".
Not entirely true. Once the file is opened by the application, neither Truecrypt nor WinZip can prevent that application/OS from caching an unencrypted version of the file in the user's profile or other temp space. The only purely safe way to do this is to have all temp and profile data located within the TC volume/disk.
In fact, these guys were able to do that for TC version 5
http//
http//
and while they have not succeeded in doing this with version 6, the fact that something hasn't been done doesn't mean it can't be done.
I'll agree that if you are really paranoid about who might see the data, TC provides an extra level of protection over WinZip. But to my way of thinking, the responsibility for protecting the data lies with the data owner.
My responsibility is simply to make sure that while it is in my possession (or in transit), it is secured.
