SEARCH

How-To Geek

Ask the Readers: How Do You Encrypt Your Data?

2011-06-08_154043

Encrypting data is one of the best things you can do to secure it in the event that your computer or remote host is compromised. This week we want to hear about your encryption plan, what tools you use, and how you keep your data secure.

Although encrypting your data is one of the best things you can do to secure your data many people don’t either because of the perceived or actual hassle involved. This week we want to hear how you encrypt your data and—hopefully!—those of us who aren’t securing our important documents and files will pick up some tips and tricks to do so.

Sound off in the comments with your encryption workflow, the tools you use, and the benefits and drawbacks of your method. Don’t forget to check back in on Friday to see the What You Said roundup.

Jason Fitzpatrick is warranty-voiding DIYer and all around geek. When he's not documenting mods and hacks he's doing his best to make sure a generation of college students graduate knowing they should put their pants on one leg at a time and go on to greatness, just like Bruce Dickinson. You can follow him on if you'd like.

  • Published 06/8/11

Comments (83)

  1. gook

    ext HD with Truecrypt and
    Kubuntu \home via installation
    some files on Dropbox via Truecrypt container

  2. rg07

    I have two factor encryption.

    1. I don’t tell anyone how I encrypt my data.
    2. I don’t tell anyone where my encrypted data is.

  3. Arakiel

    I don’t really need to encrypt very much but when I do I use a few methods depending on whats getting encrypted:

    KeePass will store notes and misc information as well as passwords so that will sometimes get used
    WinRAR to store a directory full of information
    If it’s just a single file I sometimes use EncryptOnClick from 2BrightSparks or WinRAR again.

  4. tecn0tarded

    truecrypt

  5. Ellinor

    Axcrypt is the way to go.

  6. pewbe

    I have only a few MB’s worth of information I don’t want others to see, so I use a small truecrypt container for that.

  7. clb92

    External hard drive with hidden encrypted Truecrypt container and portable Truecrypt installed on it, along with a set of custom batch-files to mount the container with the Truecrypt portable version. That way I am able to mount the container on any computer as long as it’s Windows 98 (I think), XP, Vista or 7.
    (And the batch-files does not mount it automatically, of course. They just open the Truecrypt password prompt, and afterwards mount it as a specific drive letter.)

    The reason 60% of the drive is encrypted is just because it was an easy way to password-protect it. My friends and I often borrow each others drives, if we need to move lots of files around between computers. That way I can keep 60% to my stuff, and not have to worry about if the person who borrowed the drive will copy all my movies, music and photos.

    I use KeePass for passwords, synced over Dropbox.

    And I almost only have school stuff on my Dropbox, so it’s not encrypted (yet)…

  8. KB Prez

    KeePass for passwords and WinZip for everything else.

  9. Jacobm001

    I really don’t have much that needs encrypting. I have some personal and family records that are kept on an encrypted partition on my external hdd. I use TrueCrypt. simple, easy and effective.

  10. cgtdk

    I use TrueCrypt for my external harddrives and the built in encryption for the /home partition on my Linux boxes.

  11. Atle Iversen

    Truecrypt + Dropbox = secure *and* automatically backed up

  12. Carlos Ferrari

    I just don’t and the reason is that I don’t why I should…

  13. kb3dow

    Truecrypt on my USB key for a small subset of frequently used docs.
    CFS (cryptographic file system) on my FreeBSD box having a larger partition size. The reason I prefer cfs on my NAS/FreeBSD box is that it does per file encryption so when it comes to backups with rsync, it is much faster.

  14. Michael Titman

    I have maybe six files that warrant privacy measures; however, because no one has the right to invade the privacy (in my eyes) TrueCrypt guards my entire system, as well as my DropBox through a TC container. Make sure you guys are turning off FireWire in your BIOS if not using it, there’s an easy-access method of defeating TrueCrypt using the FireWire port.

  15. jdDurrett

    TrueCrypt for partitions/drives.
    LastPass and/or Keepass for passwords, credit card numbers etc

  16. Paul Smith

    The classic linux simplicity through code method: OpenSSL.
    Asymmetric encryption with S/MIME and then send my backups offsite. The public key I keep on my system, the private key is super secret and in my underground bunker (flash drive).

  17. Michael

    Hidden folder somewhere.

  18. Antje

    Hard Drive Encryption and Cloning, plus UPS.

  19. bigredlizard

    Security through obfuscation. I don’t talk about my security measures much, but I will say I use a mixture of built in and third party products.

  20. Brad

    I use bitlocker. Since my 1Tb external is also the source of all movies and music, I only allow streaming to my Xbox 360. The only downside is if I need to transfer, which I haven’t had to do yet, that I de-crypt the drive, so it will be visible on other OS’s.

  21. penywyse

    Truecrypt and usbsafeguard

  22. ben lee

    using hidden folder in my laptop
    but the rest of the files are open to prying eyes

  23. durr

    everything

  24. Samuel Coxson

    Lastpass for all passwords and secure notes (most of my secure stuff). TrueCrypt for my hard-drive (nothing on here worth stealing anyway, just because I’m paranoid).

  25. MattG

    Truecrypt. Unlimited file size, does 256-bit AES, stupid simple interface.

  26. Eric_C

    So far TrueCrypt seems to be my method of choice. Been wondering how hard it would be to use TC on DropBox.

  27. Anonymous

    All of the data I keep isn’t that sensitive. Therefore I don’t encrypt. However, I do keep most of my data offline on other devices like external hard drives or optical disks – which I can lock up.

    Now, I know I can do just about everything online from banking to filing taxes and even make purchases but I don’t. I resist online transactions and data retention at every turn and my reason has nothing to do with ruining the economy – which is what all this online commerce is doing. NOTHING DIGITAL IS SECURE! And if you think encryption is going to save you then you are probably mistaken. Encryption only slows down a person who is bent on hacking into your life. And for any encryption to really work you really have to come up with some elaborate long passwords.

    I mean, can anyone say “key logger”? How about “packet sniffer”? Maybe you’ve heard of “data mining” or think your Adobe products are better than Microsoft’s – or Apples. Maybe you think your cookies don’t reveal anything about you or that an LSO is nothing. Don’t even get me started on Google! How many times do these crooks have to steal your data from you before you say “enough!”? Encryption? HA! No need for encryption when all that is happening.

    And now that our economy is all but in the dregs of the water treatment plants – cause it’s long since been flushed down the toilet – maybe now is a good time to STOP your online transactions where encryption is even needed. Do your COUNTRY and the ECONOMY a favor and go to a brick and mortar store today for your next purchase. Use cash and smile if you really want to reel like a rebel. If nothing else, you could use the exercise!

  28. Don Diego

    SafeHouse Explorer (both HD and USB) – great tool, freeware.

  29. Danny

    Truecrypt and KeePass 2.

  30. Niklaus Gerber

    Espionage II

  31. Luinox86

    Currently using TrueCrypt, but really looking for an alternative. The reason is that for example I want to store my project work which grows in time, as well as the personal pictures taken with a digital camera which you know how large they could get!

    The problem with TrueCrypt is that I first had a 200GB secured file on my 1TB external hard drive, after a while I figured it was not enough, I had to painfully create a 500GB one, copy everything from the first to the second one, then delete the first one; and add the fact that because the 200GB one was there with my movies and stuff, I didn’t have 500GB left to create the new one, had to create on PC then replace.

    Add backing up my PC (just around 300GB of it) also to a separate virtual file.. this back up also may grow in time!

    I was pissed off really. I don’t like the idea to just create another 100GB and store the rest there, I want them all in one place with the structure I used to keep them.

    Is there anyway that does it on a folder, without creating a virtual file, copy all files, delete the old ones…

    Any suggestion is thanked in advance!

  32. Luinox86

    Forgot to mention:

    For local handy backups of the project work, yes, I have a thumb-drive protected by TrueCrypt and another one with Windows 7 BitLocker. TrueCrypt in this case just works great!

    Just to mention a hint I found newly and some people may not be aware of: To *use* bit-locker you wont need Windows 7 Ultimate, you just need a Ultimate version to *encrypt* the drive, then you can use it in other versions like Home Premium as I do.

  33. Antriksh

    I don’t think about encryption. This is mainly because I live around people who probably won’t go to great distances trying to crack into my computer. Both my OSes are protected with strong and different passwords.

  34. Jean-Francois Messier

    I use a hardware-based encryption device that works with fingerprints. It is all self-contained, and works under any OS that supports USB storage and FAT32 partitions. This is know as the MXP, the company named MXI Security. Very good. It can contain about 2G of files and this is enough. Other files are on e portable hard drive, stored in a safe at the bank.

  35. hasintha

    Truecrypt

  36. mcp512

    EncryptOnClick works well for me for personal info on a USB flash drive. I am not using whole disk encryption yet. I want to better understand data recovery from a disk failure on a drive that has been encrypted first.

  37. conster

    @Luinox86

    Truecrypt can create dynamic volumes so that the container’s size adjusts with the size of your files inside the truecrypt container.

  38. Johnny Mnemonic

    I’ve have an implant installed in my brain it can carry nearly 80 gigabytes worth of data, or 160 gigabytes if I uses a doubler. I never know what’s on it cause only the recipient has the encryption key.

  39. luc

    Strange nobody knows Best Cryto for Windows (easy, standalone, no install) – so now you know

  40. Marcos

    truecrypt. I also use an IronKey USB thumbdrive for its autowipe capabilities.

  41. cseiter

    WinMagic; central managed full hard drive encryption. You need a password to get the OS to start. You put the hard drive in another machine it’s still protected. the downside is I can’t WOL, but the upgraded version that I haven’t installed supports this from the management console from what I understand

  42. bob

    TruCrypt for both containers and whole HD. Office uses BitLocker.

  43. john3347

    I use Key Scrambler to encrypt my keyboard strokes. I do not encrypt my saved files, but I probably would use the available encryption function in Windows 7 Ultimate if I did.

  44. TheGift73

    Full system encryption using Truecrypt (have this on all my computers) and use BitLocker on the externals.

  45. Rylie

    I use Folder Lock, while not free is one of the best encryption programs around. When I add more files to the Folder and need to increase the space available it’s as easy as moving a slider in the interface. I currently use a portable version of it on a thumb drive where I store all my encrypted files. Anything worth encrypting is never on my computer very long. One of the better functions of the program is that it shreds the files should you delete them from the encrypted folder. I can’t even locate the shredded file using forensic software. There are so many other options for the program I can’t even name them all such as hiding the programs vary existence on the computer, as if it never existed.

    Also, similar to many others I also make use of Keepass, using Drop box to store the main file. The key file I keep on a separate thumb drive that only on the computer long enough for me to open keepass.

    What can I say I take my security seriously.

  46. Furryface

    I used some encryption software once. It was a while ago and I don’t remember which one it was. I copied some files to a folder and then encrypted it. It seemed to work fine but then after a while I went to access it and my password which I was 100% sure of didn’t work anymore. I haven’t used any encryption software since.

  47. Deniz Sevki Kayabay

    First of all I don’t write down data that must be encrypted. If I do write down someting that I don’t want to share with anyone, I do write if in an excel file and encrypt it by installing a reasonable password that I’d remember, noone can imagine and I don’t write down anywhere else.

  48. Chet H.

    I use Truecrypt. Its free and very effective. I also use Axcrypt and Tucan for flash drive encryption. The last thing I do is to simply hide files from view. This is done by using free hide file utility or by manually changing folder and file properties. Hiding is o.k. if you keep your account locked. If its unlocked another user will not see your files if you walk away from your computer and forget to lock your account.

  49. Smee

    TrueCrypt… even for sending data to clients overseas.

  50. Schmidty

    I use BitLocker on my USB Drives and Laptop HDDs.

  51. A Telco Security Dweeb

    (1.) OpenSSL (good, quick ‘n dirty way of doing individual file encryption).

    (2.) TrueCrypt (largely because of its cross-platform ability, although there are a few little “gotchas” about this, for example using the wrong container formatting system).

    (3.) Common sense.

    I would also point out to interested parties that the supercomputers of the NSA, CIA, etc., definitely CAN — no “ifs, ands or buts” — crack both TrueCrypt, AES and any other static file encryption system that is currently available on the Internet. I am 100% certain about this so if you have very sensitive data I would strongly suggest that you NEVER put it in digital form.

    However, the “good news” here is that you have to really be somebody “important”, before our friendly U.S. spooks will be willing to allocate their still relatively scarce supercomputer cycles to cracking your codes. (Which is why Osama never communicated electronically, which is in turn why he got away with it, for so long.)

    And, of course, if the cops (any of them) really want your keys, they’ll simply use the tried and true “rubber hose” method, that is, “they beat the sh*t out of you until you tell them what they want to know”. Sorry, but there’s no crypto algorithm that I’m aware of, that will protect you against such old-fashioned, yet effective, techniques.

    Have a nice day.

  52. microbarnsey

    Use passpack for my passwords, an ext HDD that I keep under my bed each night for REALLY important infomation otherwise just truecrypt.

  53. bobsocks

    Truecrypt – that says it all

  54. t4

    I use FileGuardian for iPhone / iPad

  55. Navratan

    Truecrypt : the best way to encrypt the data.

  56. Kestrel

    Iron Key

  57. Steven Shaffer

    Truecrypt container inside of a Truecrypt container….

  58. Doug Jensen

    PGP Desktop Professional whole disk encryption (plus digitally signed and optionally encrypted email). PGP is available both as a supported product from Symantec, and for free for every OS, unlike TrueCrypt.

  59. annon1

    Splash ID and R-Crypto, looking to test Kruptos2 and possibly replace R-Crypto.

  60. Sarasvati80

    I really don’t have data to encrypt… so I don’t encrypt it! :P

  61. F11

    I have TrueCrypt system encryption running on my laptop (this opens from a password) as well as a volume within the system to store important data (this is unlocked using a keyfile I carry on a memory stick). for storing files in places I need to be able to access without TrueCrypt I use either Toucan portable (also on that memory stick) or 7-Zip although writing files into a 7-Zip archive is really annoying.

    I also use LastPass to store my password data (I take advantage of the multifactor grid authentication option for extra security)

  62. A

    I use Eikon’s File Safe for Fingerprint Readers. Quick and easy.

  63. Ushindi

    @ Michael Titman:
    Actually, they can only get your TrueCrypt decrypted that way IF your computer is on and the TC volume is mounted when “they” grab it.

    Per Passware (the company bragging about defeating TC through the firewire port): “NOTE: If the target computer is turned off and the TrueCrypt/BitLocker volume was dismounted during the last hibernation, neither the memory image nor the hiberfil.sys file will contain the encryption keys. Therefore, instant decryption of the volume is impossible. In this case, Passware Kit assigns Brute-force attacks to recover the original password for the volume.”

    If you have a reasonably lengthy password, 25 digits or so, Passware can brute-force all they want and you’ll probably die of old age before it’s actually cracked. However, the U.S government thought of a much simpler way to do it. There were laws passed allowing a judge to ORDER you to give up the password if the authorities can persuade him/her of the possibility of illegal whatevers on your computer. If you refuse, you go to jail for contempt, over and over while they work on your drive, until they crack it or you crack and give it up. Remember, nowadays we’re considered guilty until proven innocent.

  64. RonG

    TrueCrypt

  65. Bjarnovikus

    Actually… I don’t… except for passwords I don’t have any data that no one als may read… if there is a file that’s only meant for my eyes I encrypt it with Sophos Free Encryption… it works well on windows and linux (with wine).

  66. Gaby

    @rg07: i agree!
    this is the best ideea !

  67. Xilef

    depends on what i’m encrypting…
    I often use TrueCrypt if I have a lot of important files or a drive to encrypt, Text encryption with Yadabyte Shhh and less important files sometimes with Challenger.
    If I need an extra layer of security, I use Steganog to hide it in a big file…

  68. Erwin

    Axcript and I put the files on a flash drive.

  69. Jon

    I use truecrypt
    Luinox86 – to increase size look at: http://sourceforge.net/projects/extcv/

  70. Scott

    Truecrypt for both whole disk encryption at home and encrypted volumes at work.

  71. IgorP

    7zip with AES256 Encryption
    AxCrypt
    External HDD backup

  72. esam

    a truecrypt file mounted as a volume.

  73. Johnno

    Encrypt? The information I have is not High Security, and makes it more of a hassle to recover. So I dont encrypt any of it. Problem is, i am starting to feel very insecure due to everyone else saying we should do this.
    Not being a commercial entity, I say, let them come and get me….
    No about these damn viruses and things, now thats different…. Well secured and not often compromised.
    Of course I depend on freeware….

  74. 2Point5K

    Use PGP Desktop Professional (whole disk encryption) on my laptop and home system I also use email encryption w/ the same product. PGP doesn’t add too much overhead, and is capable – I have never had issues with it.

    If I must carry sensitive data separate from my computers, I use a partition-protected USB (Cruzer) stick, and I use FES (by POW Tools) for local files that need protecting (lots of choices for encryption method with this tool) I sometimes use PortableApps Suite, built up with both available and custom apps (I’m a systems programmer) of my own, and still use FES with that setup.

    I use Password Safe (orig. from Bruce Schneier / CounterPane Security, but now avail. from SourceForge) to hold passwords, and it is magic for my purposes; goes anywhere.

  75. Luinox86

    Thanks conster for your help,

    I will look into it, if that one can fit my requirements then true-crypt is the way to go!

  76. anuvab1911

    I don’t think encrypting my data is that important.I don’t have any important official documents or files on my PC or on my phone.If I think that the data is important and important in future,then I back it up to an internet server.However securing my data against viruses is important.For this reason I constantly update my virus definitions of my Anti-Virus software.

  77. astral_cyborg

    Keepass Password Safe for passwords etc.

    My files are FFA :D

  78. Art€

    I use Keepass for Password management and encryption synching with Dropbox. For my USB and sensitive files on my Computer(s), I use Challenger (freeware) to either encrypt my whole USB drive or just files in my docs folder.
    Excellent, very simple and with Drop & Drag faciltiy.

  79. etskinner

    Truecrypt: one on the desktop computer, and one in the Dropbox. That way, I have a good vault for most of them (on the desktop) and a good way to transfer them (the Dropbox).

  80. GeezerAl

    I use a combination of things.
    I use DropBox to store files that are both encrypted and not. Though the DropBox stuff is encrypted it is pretty easy for someone to read them if they gain access to either DropBox or to my physical computer.

    I use SecretSync to automatically encrypt content before automatically sending to DropBox.
    The advantage of this solution is that the keys to decrypt DropBox are located at DropBox, which makes them subject to malicious manipulation by DropBox employees. The keys to SecretSync are located on my computer.

    The flaw of this is that if someone gains physical access to my computer, they can easily read the encrypted files located in DropBox even if they are encrypted because the SecretSync is a shortcut on the computer.

    So, the final step is placing the SecretSync folder in a Folder Lock 6 vault on my computer that is encrypted by a very strong encryption with 256 AES and a long pass phrase.

    How is that for paranoia? And I am only a geezer who helps others keep their computers secure!
    Albert

  81. vicsar

    TrueCrypt, I have tried many solutions and TrueCrypt is the one I prefer to use.

    Why?

    Can be portable
    Provides plausible deniability, in case an adversary forces you to reveal the password.
    Can create a virtual encrypted disk within a file and mount it as a real disk.
    Encrypts an entire partition or storage device such as USB flash drive or hard drive.
    Encrypts a partition or drive where Windows is installed (pre-boot authentication).
    Encryption is automatic, real-time (on-the-fly) and transparent.
    Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted.
    Encryption can be hardware-accelerated on modern processors.
    Hidden volume (steganography) and hidden operating system.

    What else would you need?

  82. Tellboy

    Steganos Safe is excellent. I know that as I forgot the password. Even Steganos could not help me to access the data.

  83. bonedog

    That image is cool, where can i find that bigger for say my desktop?

Enter Your Email Here to Get Access for Free:

Go check your email!