Desktop encryption software - help find

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Topic Author
renter
Posts: 562
Joined: Sat Aug 23, 2008 2:14 pm

Desktop encryption software - help find

Post by renter »

I have a lot of important documents (PDF, Excel, Word documents, and screen shots) in folders on my Windows desktop which I periodically add to by dragging into the folders. It is all nicely organized. I would like an easy way to encrypt and decrypt the entire folders whenever I acess and update. I don't know anything about encryption software. Any product recommendations?

Edited to add:

I forgot to mention that I don't need it stored in the cloud - just locally on desktop and flashdrives
Last edited by renter on Sun Oct 02, 2022 8:50 pm, edited 1 time in total.
tranquility
Posts: 45
Joined: Sun Oct 18, 2015 9:48 pm

Re: Desktop encryption software - help find

Post by tranquility »

You give Boxcryptor a try: https://www.boxcryptor.com/en/
Marseille07
Posts: 16054
Joined: Fri Nov 06, 2020 12:41 pm

Re: Desktop encryption software - help find

Post by Marseille07 »

VeraCrypt: https://www.veracrypt.fr/en/Home.html

Just create an encrypted volume, mount it and put important documents inside.
Topic Author
renter
Posts: 562
Joined: Sat Aug 23, 2008 2:14 pm

Re: Desktop encryption software - help find

Post by renter »

I forgot to mention that I don't need it stored in the cloud - just locally on desktop and flashdrives.
hoofaman
Posts: 973
Joined: Tue Jul 14, 2020 3:39 pm

Re: Desktop encryption software - help find

Post by hoofaman »

Marseille07 wrote: Sun Oct 02, 2022 8:46 pm VeraCrypt: https://www.veracrypt.fr/en/Home.html

Just create an encrypted volume, mount it and put important documents inside.
+1 I use VeraCrypt
evestor
Posts: 184
Joined: Sat Feb 21, 2015 4:37 pm

Re: Desktop encryption software - help find

Post by evestor »

Can you please share what threat / attack vector you are worried about that is taking you down this path?
The threat that is taking you down this path will change the approach.
The more expressive you can be with this explanation the better. I can guess what you might be worried about but guessing can be dangerous. :)

The simple encryption answer for full disk crypto is BitLocker which is built in to Windows. It does not have some of the behavior you articulate but depending upon the threat you are worried about it might be good enough.
User avatar
whodidntante
Posts: 13114
Joined: Thu Jan 21, 2016 10:11 pm
Location: outside the echo chamber

Re: Desktop encryption software - help find

Post by whodidntante »

Not all software is designed in a secure way and may leak important information into the temp folder, or create a copy of the file while it is open. Use Bitlocker full disk encryption built into Windows. You might need to upgrade your Windows edition. Your disk might also support full disk encryption in hardware, which is also a valid option. I do that on my laptop because it has a lesser edition of Windows. I would take a good backup (encrypted) before messing with anything. I run backups to an external hard drive that is also full disk encrypted.
student
Posts: 10761
Joined: Fri Apr 03, 2015 6:58 am

Re: Desktop encryption software - help find

Post by student »

hoofaman wrote: Sun Oct 02, 2022 8:56 pm
Marseille07 wrote: Sun Oct 02, 2022 8:46 pm VeraCrypt: https://www.veracrypt.fr/en/Home.html

Just create an encrypted volume, mount it and put important documents inside.
+1 I use VeraCrypt
+2. Better yet. Encrypt the entire volume. OP: If you are not computer savvy, just use bitlocker on your Windows machine if is the professional edition.
Topic Author
renter
Posts: 562
Joined: Sat Aug 23, 2008 2:14 pm

Re: Desktop encryption software - help find

Post by renter »

evestor wrote: Sun Oct 02, 2022 8:56 pm Can you please share what threat / attack vector you are worried about that is taking you down this path?
The threat that is taking you down this path will change the approach.
The more expressive you can be with this explanation the better. I can guess what you might be worried about but guessing can be dangerous. :)

The simple encryption answer for full disk crypto is BitLocker which is built in to Windows. It does not have some of the behavior you articulate but depending upon the threat you are worried about it might be good enough.
I don't want to worry about the docs in the folder if my computer gets stolen.
Marseille07
Posts: 16054
Joined: Fri Nov 06, 2020 12:41 pm

Re: Desktop encryption software - help find

Post by Marseille07 »

student wrote: Sun Oct 02, 2022 9:18 pm +2. Better yet. Encrypt the entire volume. OP: If you are not computer savvy, just use bitlocker on your Windows machine if is the professional edition.
I don't know if that's necessarily "better." If my encrypted volume is reasonably small, I can carry it around. If I encrypt a 5TB HDD, it's no longer portable.
evestor
Posts: 184
Joined: Sat Feb 21, 2015 4:37 pm

Re: Desktop encryption software - help find

Post by evestor »

renter wrote: Sun Oct 02, 2022 9:21 pm
evestor wrote: Sun Oct 02, 2022 8:56 pm Can you please share what threat / attack vector you are worried about that is taking you down this path?
The threat that is taking you down this path will change the approach.
The more expressive you can be with this explanation the better. I can guess what you might be worried about but guessing can be dangerous. :)

The simple encryption answer for full disk crypto is BitLocker which is built in to Windows. It does not have some of the behavior you articulate but depending upon the threat you are worried about it might be good enough.
I don't want to worry about the docs in the folder if my computer gets stolen.
This is super helpful. Thanks.

If it were me, I'd just use BitLocker on your device. And I would make sure the key is backed up so that you have a way in if you trip the security precautions that BitLocker affords you.

There are other scenarios to ponder here as well...data sync'd to the cloud and how that is protected, how you do offline backups, etc. These things are likely the larger risk surface area. It's worth spending energy on this problem. LOTS can be done (ex: yubikey + Google advanced acct protection).

Also please keep in mind that whatever you do needs to be usable by your next of kin (hopefully not something you have to deal with anytime soon!).

Good luck.
chalet
Posts: 235
Joined: Wed Aug 28, 2019 9:59 pm

Re: Desktop encryption software - help find

Post by chalet »

https://portableapps.com/apps

use veracrypt as a portable app, and keep a copy with your backup encrypted data.

I have only tried it with encrypted volumes - not whole disks
MrJones
Posts: 775
Joined: Sat Mar 18, 2017 2:23 am

Re: Desktop encryption software - help find

Post by MrJones »

renter wrote: Sun Oct 02, 2022 9:21 pm
evestor wrote: Sun Oct 02, 2022 8:56 pm Can you please share what threat / attack vector you are worried about that is taking you down this path?
The threat that is taking you down this path will change the approach.
The more expressive you can be with this explanation the better. I can guess what you might be worried about but guessing can be dangerous. :)

The simple encryption answer for full disk crypto is BitLocker which is built in to Windows. It does not have some of the behavior you articulate but depending upon the threat you are worried about it might be good enough.
I don't want to worry about the docs in the folder if my computer gets stolen.
Excellent question, and thanks for the answer. As others have said, Bitlocker if you use Windows Pro. It'll take literally 20 seconds of you effort to turn on. It'll take a few minutes/hours to complete the initial encryption in the background. It'll protect you against what you want.

If you're using Windows 10 Home, Bitlocker is not included, but you can use "Windows Device Encryption", which for your purposes will practically be the same (though you will need a microsoft.com account on your laptop).

Just hit the windows key and type "encryption", and you'll get either Bitlocker or WDE. The advantage over Veracrypt is, you won't have to separately type a password to mount your data each time Windows starts up; and you won't have to worry about separate software. My two cents.
student
Posts: 10761
Joined: Fri Apr 03, 2015 6:58 am

Re: Desktop encryption software - help find

Post by student »

Marseille07 wrote: Mon Oct 03, 2022 12:44 am
student wrote: Sun Oct 02, 2022 9:18 pm +2. Better yet. Encrypt the entire volume. OP: If you are not computer savvy, just use bitlocker on your Windows machine if is the professional edition.
I don't know if that's necessarily "better." If my encrypted volume is reasonably small, I can carry it around. If I encrypt a 5TB HDD, it's no longer portable.
There may be some misunderstandings here. I think the original suggestion was to create an encrypted volume on the hard disk on the computer, that is, creating a virtual drive to "mount" on the computer I suggested it is better to encrypt the entire disk (I used the words entire volume instead but I think you understood my intention on this part.)

The standard usage of the term encrypted volume does not mean encrypting a thumb drive (which one can do). See https://it.cornell.edu/bitlocker-fileva ... n-overview

Why do I think entire disk encryption better? Sometime we save files in the wrong place, have draft in the recycle bin etc. With modern computers, the resource overhead is small. https://delightlylinux.wordpress.com/20 ... rformance/
User avatar
Rob5TCP
Posts: 3812
Joined: Tue Jun 05, 2007 7:34 pm
Location: New York, NY

Re: Desktop encryption software - help find

Post by Rob5TCP »

Marseille07 wrote: Sun Oct 02, 2022 8:46 pm VeraCrypt: https://www.veracrypt.fr/en/Home.html

Just create an encrypted volume, mount it and put important documents inside.
+1
rich126
Posts: 4475
Joined: Thu Mar 01, 2018 3:56 pm

Re: Desktop encryption software - help find

Post by rich126 »

As others alluded to, it depends on what you want to protect from. For example if you are worried someone will steal a laptop you take on trips then full disk encryption is a good idea (and usually required by most businesses). Just remember that a full disk encryption system decrypts or unlocks the entire disk after you boot up/enter the password. So while you are online the entire disk and its contents could be read by malicious software. Maybe a very low risk but certainly a risk that would matter to some. In that case you need to encrypt files individually or some portion of a disk and only unlock it when you want to use a specific file or the set of files.
----------------------------- | If you think something is important and it doesn't involve the health of someone, think again. Life goes too fast, enjoy it and be nice.
User avatar
LadyGeek
Site Admin
Posts: 95686
Joined: Sat Dec 20, 2008 4:34 pm
Location: Philadelphia
Contact:

Re: Desktop encryption software - help find

Post by LadyGeek »

This thread is now in the Personal Consumer Issues forum (software).
Wiki To some, the glass is half full. To others, the glass is half empty. To an engineer, it's twice the size it needs to be.
Marseille07
Posts: 16054
Joined: Fri Nov 06, 2020 12:41 pm

Re: Desktop encryption software - help find

Post by Marseille07 »

student wrote: Mon Oct 03, 2022 7:11 am There may be some misunderstandings here. I think the original suggestion was to create an encrypted volume on the hard disk on the computer, that is, creating a virtual drive to "mount" on the computer I suggested it is better to encrypt the entire disk (I used the words entire volume instead but I think you understood my intention on this part.)

The standard usage of the term encrypted volume does not mean encrypting a thumb drive (which one can do). See https://it.cornell.edu/bitlocker-fileva ... n-overview

Why do I think entire disk encryption better? Sometime we save files in the wrong place, have draft in the recycle bin etc. With modern computers, the resource overhead is small. https://delightlylinux.wordpress.com/20 ... rformance/
I meant an encrypted volume as a Veracrypt container volume sitting on your hard drive somewhere. I like the portability aspect of it as mentioned. Since we are talking about important documents (PDFs, word files), not encrypting movies, I don't mind the container volume being relatively small.

As far as encrypting the entire disk, this would have implications as far as mounting properly when you boot the machine. For example, I don't want to have to enter a password during the boot process (though I haven't explored this route a whole lot).
jebmke
Posts: 25474
Joined: Thu Apr 05, 2007 2:44 pm
Location: Delmarva Peninsula

Re: Desktop encryption software - help find

Post by jebmke »

Marseille07 wrote: Mon Oct 03, 2022 12:42 pm I meant an encrypted volume as a Veracrypt container volume sitting on your hard drive somewhere. I like the portability aspect of it as mentioned. Since we are talking about important documents (PDFs, word files), not encrypting movies, I don't mind the container volume being relatively small.

As far as encrypting the entire disk, this would have implications as far as mounting properly when you boot the machine. For example, I don't want to have to enter a password during the boot process (though I haven't explored this route a whole lot).
I use Veracrypt for the same reason. If I want to move from a Windows environment to Linux (or even MacOS) then that option is there. I don't know enough about the Bitlocker FDE to know if that locks one in to the Win environment. Perhaps someone with more knowledge of Bitlocker will chime in.

There are some advantages to FDE. Various data in the profiles is encrypted. I have done some workaround on this by moving profiles for things like Thunderbird and my browsers into my Veracrypt volume. I'm sure there are things I did not catch which should be moved.
Don't trust me, look it up. https://www.irs.gov/forms-instructions-and-publications
Conch55
Posts: 507
Joined: Tue Mar 01, 2016 10:03 am

Re: Desktop encryption software - help find

Post by Conch55 »

I use Veracrypt for the same reason. If I want to move from a Windows environment to Linux (or even MacOS) then that option is there.
I use Veracrypt for this reason too. When I travel with my laptop I unmount the container for security reasons. I copy the container to USB drives and the cloud weekly. It's a really simple solution for important files.
student
Posts: 10761
Joined: Fri Apr 03, 2015 6:58 am

Re: Desktop encryption software - help find

Post by student »

Marseille07 wrote: Mon Oct 03, 2022 12:42 pm
student wrote: Mon Oct 03, 2022 7:11 am There may be some misunderstandings here. I think the original suggestion was to create an encrypted volume on the hard disk on the computer, that is, creating a virtual drive to "mount" on the computer I suggested it is better to encrypt the entire disk (I used the words entire volume instead but I think you understood my intention on this part.)

The standard usage of the term encrypted volume does not mean encrypting a thumb drive (which one can do). See https://it.cornell.edu/bitlocker-fileva ... n-overview

Why do I think entire disk encryption better? Sometime we save files in the wrong place, have draft in the recycle bin etc. With modern computers, the resource overhead is small. https://delightlylinux.wordpress.com/20 ... rformance/
I meant an encrypted volume as a Veracrypt container volume sitting on your hard drive somewhere. I like the portability aspect of it as mentioned. Since we are talking about important documents (PDFs, word files), not encrypting movies, I don't mind the container volume being relatively small.

As far as encrypting the entire disk, this would have implications as far as mounting properly when you boot the machine. For example, I don't want to have to enter a password during the boot process (though I haven't explored this route a whole lot).
Right, encrypted volume as a Veracrypt container volume sitting on your hard drive somewhere. How is it portable unless you meant you can copy the container to a thumb drive if it is needed, in which case you are correct.

As for entire disk encryption vs container volume, it really depends on OP's purpose. It is a trade-off. If this is a folder that the OP access daily, then entering a password during the boot process is not a big deal.
Marseille07
Posts: 16054
Joined: Fri Nov 06, 2020 12:41 pm

Re: Desktop encryption software - help find

Post by Marseille07 »

jebmke wrote: Mon Oct 03, 2022 12:48 pm
Marseille07 wrote: Mon Oct 03, 2022 12:42 pm I meant an encrypted volume as a Veracrypt container volume sitting on your hard drive somewhere. I like the portability aspect of it as mentioned. Since we are talking about important documents (PDFs, word files), not encrypting movies, I don't mind the container volume being relatively small.

As far as encrypting the entire disk, this would have implications as far as mounting properly when you boot the machine. For example, I don't want to have to enter a password during the boot process (though I haven't explored this route a whole lot).
I use Veracrypt for the same reason. If I want to move from a Windows environment to Linux (or even MacOS) then that option is there. I don't know enough about the Bitlocker FDE to know if that locks one in to the Win environment. Perhaps someone with more knowledge of Bitlocker will chime in.

There are some advantages to FDE. Various data in the profiles is encrypted. I have done some workaround on this by moving profiles for things like Thunderbird and my browsers into my Veracrypt volume. I'm sure there are things I did not catch which should be moved.
You can do VeraCrypt FDE as well iiuc. While I haven't explored too much, you'd have to modify /etc/fstab and other places; and for portability, you pretty much have to carry the disk.

I don't copy the volumes around a whole lot but I like that I can do so if I need to.
Marseille07
Posts: 16054
Joined: Fri Nov 06, 2020 12:41 pm

Re: Desktop encryption software - help find

Post by Marseille07 »

student wrote: Mon Oct 03, 2022 12:56 pm Right, encrypted volume as a Veracrypt container volume sitting on your hard drive somewhere. How is it portable unless you meant you can copy the container to a thumb drive if it is needed, in which case you are correct.

As for entire disk encryption vs container volume, it really depends on OP's purpose. It is a trade-off. If this is a folder that the OP access daily, then entering a password during the boot process is not a big deal.
You can use a USB stick or copy over the network and mount the volume on a different device using VeraCrypt. Not sure why you're asking the portability question.
student
Posts: 10761
Joined: Fri Apr 03, 2015 6:58 am

Re: Desktop encryption software - help find

Post by student »

Marseille07 wrote: Mon Oct 03, 2022 12:58 pm
student wrote: Mon Oct 03, 2022 12:56 pm Right, encrypted volume as a Veracrypt container volume sitting on your hard drive somewhere. How is it portable unless you meant you can copy the container to a thumb drive if it is needed, in which case you are correct.

As for entire disk encryption vs container volume, it really depends on OP's purpose. It is a trade-off. If this is a folder that the OP access daily, then entering a password during the boot process is not a big deal.
You can use a USB stick or copy over the network and mount the volume on a different device using VeraCrypt. Not sure why you're asking the portability question.
In your original message, you said "If my encrypted volume is reasonably small, I can carry it around" and I did not understand what you were referring to. Now I do.
RetiredAL
Posts: 3537
Joined: Tue Jun 06, 2017 12:09 am
Location: SF Bay Area

Re: Desktop encryption software - help find

Post by RetiredAL »

A warning about BitLocker -- I have a friend who's laptop, which came BitLocker enabled. It had intermittent issues and had the motherboard was replaced under warrantee. After replacement, the system would not boot because of interaction of BitLocker to the new mother board. Since it had been factory enabled, he did have or could not find, the Bitlocker key. So the shop had to re-format the disk to start over, and yes, you guessed it, he did not have a decent backup of his data. If he had been told of this need, he could extracted the key and done a proper backup before it went to the shop.

He no longer uses BitLocker and on my recommendation has a 7ZIP encrypted store for his sensitive data. Plus he now has proper data and image backups.
Marseille07
Posts: 16054
Joined: Fri Nov 06, 2020 12:41 pm

Re: Desktop encryption software - help find

Post by Marseille07 »

student wrote: Mon Oct 03, 2022 1:05 pm In your original message, you said "If my encrypted volume is reasonably small, I can carry it around" and I did not understand what you were referring to. Now I do.
Did you encrypt your entire HDD / SSD using VeraCrypt? I'm more than happy to learn how that's done. Based on little I read, iirc it said that I have to provide some password during boot-up (for LUKS.service iirc) and to me that sounded like a turnoff at that time.
User avatar
LadyGeek
Site Admin
Posts: 95686
Joined: Sat Dec 20, 2008 4:34 pm
Location: Philadelphia
Contact:

Re: Desktop encryption software - help find

Post by LadyGeek »

No, you most certainly do want entire disk encryption with a password when the drive is mounted.

My laptop uses entire disk encryption with VeraCrypt. If the laptop is lost or stolen, a strong password before it boots the OS will turn it into a brick. Lost or stolen, I won't care because the data can't be recovered. The only thing a bad guy can do is format the drive.

In addition to passwords, Veracrypt allows key files to decrypt a volume.
Wiki To some, the glass is half full. To others, the glass is half empty. To an engineer, it's twice the size it needs to be.
student
Posts: 10761
Joined: Fri Apr 03, 2015 6:58 am

Re: Desktop encryption software - help find

Post by student »

Marseille07 wrote: Mon Oct 03, 2022 2:53 pm
student wrote: Mon Oct 03, 2022 1:05 pm In your original message, you said "If my encrypted volume is reasonably small, I can carry it around" and I did not understand what you were referring to. Now I do.
Did you encrypt your entire HDD / SSD using VeraCrypt? I'm more than happy to learn how that's done. Based on little I read, iirc it said that I have to provide some password during boot-up (for LUKS.service iirc) and to me that sounded like a turnoff at that time.
Yes. I do use Veracrypt to encrypt HDD/SSD. When Windows 10 first came out, I think there was an issue about choosing certain legacy option in the boot manual. But I think it is fine now. I encountered no issues in 2020. I think I followed https://www.howtogeek.com/howto/6169/us ... your-data/
Marseille07
Posts: 16054
Joined: Fri Nov 06, 2020 12:41 pm

Re: Desktop encryption software - help find

Post by Marseille07 »

Password prompts aren't ideal but not a dealbreaker. The way it is set up on my end, I get prompted after logging into linux to mount a container volume.

If I encrypt the whole disk, the timing of prompt shifts to during booting, presumably from the LUKS.service.

I know keyfiles are available, but the thing is that you now have to manage them or else you can't decrypt your container yourself, kind of like the situation RetiredAL mentioned above.
Last edited by Marseille07 on Mon Oct 03, 2022 5:53 pm, edited 1 time in total.
Marseille07
Posts: 16054
Joined: Fri Nov 06, 2020 12:41 pm

Re: Desktop encryption software - help find

Post by Marseille07 »

student wrote: Mon Oct 03, 2022 3:19 pm Yes. I do use Veracrypt to encrypt HDD/SSD. When Windows 10 first came out, I think there was an issue about choosing certain legacy option in the boot manual. But I think it is fine now. I encountered no issues in 2020. I think I followed https://www.howtogeek.com/howto/6169/us ... your-data/
OK so it does sound like you do have to enter your volume password upon booting.

If you used the keyfile option instead, do you have to stick a USB drive in or something when booting up?
student
Posts: 10761
Joined: Fri Apr 03, 2015 6:58 am

Re: Desktop encryption software - help find

Post by student »

Marseille07 wrote: Mon Oct 03, 2022 4:10 pm
student wrote: Mon Oct 03, 2022 3:19 pm Yes. I do use Veracrypt to encrypt HDD/SSD. When Windows 10 first came out, I think there was an issue about choosing certain legacy option in the boot manual. But I think it is fine now. I encountered no issues in 2020. I think I followed https://www.howtogeek.com/howto/6169/us ... your-data/
OK so it does sound like you do have to enter your volume password upon booting.

If you used the keyfile option instead, do you have to stick a USB drive in or something when booting up?
Yes. I do have to enter password upon booting. I have never tried the keyfile option.
michaelingp
Posts: 936
Joined: Tue Jan 17, 2017 7:46 pm

Re: Desktop encryption software - help find

Post by michaelingp »

RetiredAL wrote: Mon Oct 03, 2022 1:32 pm A warning about BitLocker -- I have a friend who's laptop, which came BitLocker enabled. It had intermittent issues and had the motherboard was replaced under warrantee. After replacement, the system would not boot because of interaction of BitLocker to the new mother board. Since it had been factory enabled, he did have or could not find, the Bitlocker key. So the shop had to re-format the disk to start over, and yes, you guessed it, he did not have a decent backup of his data. If he had been told of this need, he could extracted the key and done a proper backup before it went to the shop.

He no longer uses BitLocker and on my recommendation has a 7ZIP encrypted store for his sensitive data. Plus he now has proper data and image backups.
This does not sound like a warning about BitLocker. It sounds like a warning about not having a backup.
student
Posts: 10761
Joined: Fri Apr 03, 2015 6:58 am

Re: Desktop encryption software - help find

Post by student »

RetiredAL wrote: Mon Oct 03, 2022 1:32 pm A warning about BitLocker -- I have a friend who's laptop, which came BitLocker enabled. It had intermittent issues and had the motherboard was replaced under warrantee. After replacement, the system would not boot because of interaction of BitLocker to the new mother board. Since it had been factory enabled, he did have or could not find, the Bitlocker key. So the shop had to re-format the disk to start over, and yes, you guessed it, he did not have a decent backup of his data. If he had been told of this need, he could extracted the key and done a proper backup before it went to the shop.

He no longer uses BitLocker and on my recommendation has a 7ZIP encrypted store for his sensitive data. Plus he now has proper data and image backups.
By default, I think bitlocker is setup attached to your microsoft account and it is possible to do a recovery from Microsoft. If it is set up without the account, then I don't think there is a way.
michaelingp
Posts: 936
Joined: Tue Jan 17, 2017 7:46 pm

Re: Desktop encryption software - help find

Post by michaelingp »

I use Bitlocker for full disk encryption, for encrypted volumes and for all external disks that contain backups. Full disk protects against the whole computer being stolen, and encrypted volumes guard against prying eyes who may sometimes use my computer. I've used Veracrypt in the past, and had no problems with it, but when writing my document on how to run things when I'm no longer here, I realized that the Veracrypt part was overly complicated for my heirs. With Bitlocker you are using standard Windows software, and it's going to work whatever OS upgrades happen. Also, I thought it was a lot easier to open an encrypted volume or external drive.
michaelingp
Posts: 936
Joined: Tue Jan 17, 2017 7:46 pm

Re: Desktop encryption software - help find

Post by michaelingp »

student wrote: Mon Oct 03, 2022 6:42 pm By default, I think bitlocker is setup attached to your microsoft account and it is possible to do a recovery from Microsoft. If it is set up without the account, then I don't think there is a way.
You have an option of generating a "recovery key". I encrypt these as well (they are in small files), and also keep them on a thumb drive. In 10 years I've never had to use one. If things go south (mostly you forgot your password), Bitlocker asks you for the recovery key, giving you a small portion of it so you can identify the key in your big pile of recovery keys. But in the previous post it sounded like whoever did the initial install didn't provide the end user with the recovery key. Veracrypt has the exact same functionality.
RetiredAL
Posts: 3537
Joined: Tue Jun 06, 2017 12:09 am
Location: SF Bay Area

Re: Desktop encryption software - help find

Post by RetiredAL »

michaelingp wrote: Mon Oct 03, 2022 6:36 pm
RetiredAL wrote: Mon Oct 03, 2022 1:32 pm A warning about BitLocker -- I have a friend who's laptop, which came BitLocker enabled. It had intermittent issues and had the motherboard was replaced under warrantee. After replacement, the system would not boot because of interaction of BitLocker to the new mother board. Since it had been factory enabled, he did have or could not find, the Bitlocker key. So the shop had to re-format the disk to start over, and yes, you guessed it, he did not have a decent backup of his data. If he had been told of this need, he could extracted the key and done a proper backup before it went to the shop.

He no longer uses BitLocker and on my recommendation has a 7ZIP encrypted store for his sensitive data. Plus he now has proper data and image backups.
This does not sound like a warning about BitLocker. It sounds like a warning about not having a backup.
It's a warning that: 1) Hardware changes can cause BitLocker to not allow booting without re-entering the key. 2) That users may not even realize that their system came with BitLocker enabled, thus the importance of having the key available if needed.

The user was concerned losing data when it went out repair. The factory authorized repair center/tech was not trained to check for BitLocker before they disassembled the machine.

Yes, he now knows better.
student
Posts: 10761
Joined: Fri Apr 03, 2015 6:58 am

Re: Desktop encryption software - help find

Post by student »

michaelingp wrote: Mon Oct 03, 2022 6:52 pm
student wrote: Mon Oct 03, 2022 6:42 pm By default, I think bitlocker is setup attached to your microsoft account and it is possible to do a recovery from Microsoft. If it is set up without the account, then I don't think there is a way.
You have an option of generating a "recovery key". I encrypt these as well (they are in small files), and also keep them on a thumb drive. In 10 years I've never had to use one. If things go south (mostly you forgot your password), Bitlocker asks you for the recovery key, giving you a small portion of it so you can identify the key in your big pile of recovery keys. But in the previous post it sounded like whoever did the initial install didn't provide the end user with the recovery key. Veracrypt has the exact same functionality.
I did not not know bitlocker has the option of generating a recovery key if it is attached to an microsoft account. (Actually I am not even sure that one can turn on bitlocker without a microsoft account.) I never used a recovery key for bitlocker as I only use it for work laptops on a limited basis. For my own computers, I use veracrypt for windows, and the encryption that come with Linux and Mac.
bzcat
Posts: 90
Joined: Sat Jun 04, 2011 10:31 am

Re: Desktop encryption software - help find

Post by bzcat »

I also use Veracrypt, and I don't recommend it.

It should be easier to just use an app to encrypt your data locally.
There are too few safety rails between the user having an `oops` and losing access to all their data.
There is no one to call if you have even a minor technical issue- you could have the right password, and the right file, but forget to check one of the boxes and remain locked out of the volume.
The end user shouldn't need to make decisions about which encryption algo they need to choose to be `strong enough`.
The workflow to resize to a larger volume is bad and scary every time I have to do it.
Marseille07
Posts: 16054
Joined: Fri Nov 06, 2020 12:41 pm

Re: Desktop encryption software - help find

Post by Marseille07 »

bzcat wrote: Tue Oct 04, 2022 7:03 am I also use Veracrypt, and I don't recommend it.

It should be easier to just use an app to encrypt your data locally.
There are too few safety rails between the user having an `oops` and losing access to all their data.
There is no one to call if you have even a minor technical issue- you could have the right password, and the right file, but forget to check one of the boxes and remain locked out of the volume.
The end user shouldn't need to make decisions about which encryption algo they need to choose to be `strong enough`.
The workflow to resize to a larger volume is bad and scary every time I have to do it.
What do you recommend though? There's a real need to encrypt certain files / folders.

I don't resize, I simply create a new bigger volume and move stuff there.
student
Posts: 10761
Joined: Fri Apr 03, 2015 6:58 am

Re: Desktop encryption software - help find

Post by student »

bzcat wrote: Tue Oct 04, 2022 7:03 am I also use Veracrypt, and I don't recommend it.

It should be easier to just use an app to encrypt your data locally.
There are too few safety rails between the user having an `oops` and losing access to all their data.
There is no one to call if you have even a minor technical issue- you could have the right password, and the right file, but forget to check one of the boxes and remain locked out of the volume.
The end user shouldn't need to make decisions about which encryption algo they need to choose to be `strong enough`.
The workflow to resize to a larger volume is bad and scary every time I have to do it.
Isn't this more of an issue with no backup than the encryption software?
Marseille07
Posts: 16054
Joined: Fri Nov 06, 2020 12:41 pm

Re: Desktop encryption software - help find

Post by Marseille07 »

student wrote: Mon Oct 03, 2022 8:40 pm the encryption that come with Linux and Mac.
Which encryption comes with Linux? Are you talking about the LUKS.service? I know VeraCrypt can do something with LUKS, but I'm not an expert.
CFM300
Posts: 2541
Joined: Sat Oct 27, 2007 5:13 am

Re: Desktop encryption software - help find

Post by CFM300 »

student wrote: Mon Oct 03, 2022 8:40 pm I did not not know bitlocker has the option of generating a recovery key if it is attached to an microsoft account. (Actually I am not even sure that one can turn on bitlocker without a microsoft account.)
One can use Bitlocker without a Microsoft account, and one can generate a Bitlocker recovery key without a Microsoft account.
student
Posts: 10761
Joined: Fri Apr 03, 2015 6:58 am

Re: Desktop encryption software - help find

Post by student »

CFM300 wrote: Tue Oct 04, 2022 6:40 pm
student wrote: Mon Oct 03, 2022 8:40 pm I did not not know bitlocker has the option of generating a recovery key if it is attached to an microsoft account. (Actually I am not even sure that one can turn on bitlocker without a microsoft account.)
One can use Bitlocker without a Microsoft account, and one can generate a Bitlocker recovery key without a Microsoft account.
Good to know.
student
Posts: 10761
Joined: Fri Apr 03, 2015 6:58 am

Re: Desktop encryption software - help find

Post by student »

Marseille07 wrote: Tue Oct 04, 2022 6:30 pm
student wrote: Mon Oct 03, 2022 8:40 pm the encryption that come with Linux and Mac.
Which encryption comes with Linux? Are you talking about the LUKS.service? I know VeraCrypt can do something with LUKS, but I'm not an expert.
I think it is LUKS https://linuxconfig.org/ubuntu-22-04-en ... encryption I never look too much into it, I just enable it during installation.
Marseille07
Posts: 16054
Joined: Fri Nov 06, 2020 12:41 pm

Re: Desktop encryption software - help find

Post by Marseille07 »

student wrote: Tue Oct 04, 2022 6:47 pm
Marseille07 wrote: Tue Oct 04, 2022 6:30 pm
student wrote: Mon Oct 03, 2022 8:40 pm the encryption that come with Linux and Mac.
Which encryption comes with Linux? Are you talking about the LUKS.service? I know VeraCrypt can do something with LUKS, but I'm not an expert.
I think it is LUKS https://linuxconfig.org/ubuntu-22-04-en ... encryption I never look too much into it, I just enable it during installation.
Makes sense. It was a turnoff for me because it required LVM.
MarkRoulo
Posts: 1198
Joined: Mon Jun 22, 2015 10:25 am

Re: Desktop encryption software - help find

Post by MarkRoulo »

renter wrote: Sun Oct 02, 2022 8:40 pm I have a lot of important documents (PDF, Excel, Word documents, and screen shots) in folders on my Windows desktop which I periodically add to by dragging into the folders. It is all nicely organized. I would like an easy way to encrypt and decrypt the entire folders whenever I acess and update. I don't know anything about encryption software. Any product recommendations?

Edited to add:

I forgot to mention that I don't need it stored in the cloud - just locally on desktop and flashdrives
Windows has the capability built-in, right?

https://www.comparitech.com/blog/vpn-pr ... ows-files/
sensorium
Posts: 20
Joined: Fri Aug 26, 2022 6:37 pm

Re: Desktop encryption software - help find

Post by sensorium »

renter wrote: Sun Oct 02, 2022 8:49 pm I forgot to mention that I don't need it stored in the cloud - just locally on desktop and flashdrives.
I use an old one called AES Crypt. Right click on a file, or files, in Windows Explorer, and it puts them into an encrypted, password protected file. It's also available for Mac and Linux. It doesn't destroy the originals. You can delete them yourself. Either way, you should keep redundant backups of important files. One backup is almost the same as no backup. Found that out the hard way.
rockstar
Posts: 6326
Joined: Mon Feb 03, 2020 5:51 pm

Re: Desktop encryption software - help find

Post by rockstar »

I keep all of my docs on my Synology. You can encrypt the shared drives on that device. But don't expose it to the Internet.
rockstar
Posts: 6326
Joined: Mon Feb 03, 2020 5:51 pm

Re: Desktop encryption software - help find

Post by rockstar »

Marseille07 wrote: Tue Oct 04, 2022 6:30 pm
student wrote: Mon Oct 03, 2022 8:40 pm the encryption that come with Linux and Mac.
Which encryption comes with Linux? Are you talking about the LUKS.service? I know VeraCrypt can do something with LUKS, but I'm not an expert.
You can use gpg with BSD or Linux.

https://gnupg.org/

https://www.nas.nasa.gov/hecc/support/k ... a_242.html

But it doesn't really make much difference if you're ultimately encrypting with AES256 anyway.

I recently migrated all of my keys to ed25519. It's amazing how much this stuff changes. Maybe we'll see a quantum computer in our lifetime.
Last edited by rockstar on Tue Oct 04, 2022 8:11 pm, edited 1 time in total.
sksbog
Posts: 470
Joined: Wed Jun 20, 2012 9:14 pm

Re: Desktop encryption software - help find

Post by sksbog »

whodidntante wrote: Sun Oct 02, 2022 9:02 pm Not all software is designed in a secure way and may leak important information into the temp folder, or create a copy of the file while it is open. Use Bitlocker full disk encryption built into Windows. You might need to upgrade your Windows edition. Your disk might also support full disk encryption in hardware, which is also a valid option. I do that on my laptop because it has a lesser edition of Windows. I would take a good backup (encrypted) before messing with anything. I run backups to an external hard drive that is also full disk encrypted.
How do you take encrypted backup on external drive?
Post Reply